summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Eric Hameleers <alien@slackware.com>2017-11-22 22:41:53 +0100
committer Eric Hameleers <alien@slackware.com>2017-11-22 22:41:53 +0100
commitb5d9d2e02f97cb6d313a789205fea80725ffc223 (patch)
tree86a54e4ddf8dc365d70e9a4797f0b93e00ec6031
parent056514d9390c7e5b25dc8eef13e7ea74b8fb72b7 (diff)
downloadliveslak-b5d9d2e02f97cb6d313a789205fea80725ffc223.tar.gz
liveslak-b5d9d2e02f97cb6d313a789205fea80725ffc223.tar.xz
Add CACert root certificates to the Live OS and browsers
CACert should be a trusted CA to avoid discomforting warnings about 'untrusted' certificate when visiting my future blog location.
-rwxr-xr-xmake_slackware_live.sh82
1 files changed, 82 insertions, 0 deletions
diff --git a/make_slackware_live.sh b/make_slackware_live.sh
index 0cfc300..44e8c87 100755
--- a/make_slackware_live.sh
+++ b/make_slackware_live.sh
@@ -214,6 +214,9 @@ NETFIRMWARE="3com acenic adaptec bnx tigon e100 sun kaweth tr_smctr cxgb3"
KAPPEND_SLACKWARE=""
KAPPEND_STUDIOWARE="threadirqs"
+# Add CACert root certificates yes/no?
+ADD_CACERT=${ADD_CACERT:-"YES"}
+
#
# ---------------------------------------------------------------------------
#
@@ -1837,6 +1840,85 @@ cd ${LIVE_ROOTDIR}/etc/skel/
find ${LIVE_ROOTDIR}/home/${LIVEUID}/ -type f -exec sed -i -e "s,/home/live,/home/${LIVEUID}," "{}" \;
cd - 1>/dev/null
+if [ "${ADD_CACERT}" = "YES" -o "${ADD_CACERT}" = "yes" ]; then
+ echo "-- Importing CACert root certificates into OS and browsers."
+ # Import CACert root certificates into the OS:
+ ( mkdir -p ${LIVE_ROOTDIR}/etc/ssl/certs
+ cd ${LIVE_ROOTDIR}/etc/ssl/certs
+ wget -q -O cacert-root.crt http://www.cacert.org/certs/root.crt
+ wget -q -O cacert-class3.crt http://www.cacert.org/certs/class3.crt
+ ln -s cacert-root.crt \
+ $(openssl x509 -noout -hash -in cacert-root.crt).0
+ ln -s cacert-class3.crt \
+ $(openssl x509 -noout -hash -in cacert-class3.crt).0
+ )
+
+ # Create Mozilla Firefox profile:
+ mkdir -p ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/${LIVEUID}_profile.default
+ cat << EOT > ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/profiles.ini
+[General]
+StartWithLastProfile=1
+
+[Profile0]
+Name=default
+IsRelative=1
+Path=${LIVEUID}_profile.default
+Default=1
+EOT
+
+ # Create Mozilla Seamonkey profile:
+ mkdir -p ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/seamonkey/${LIVEUID}_profile.default
+ cat << EOT > ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/seamonkey/profiles.ini
+[General]
+StartWithLastProfile=1
+
+[Profile0]
+Name=default
+IsRelative=1
+Path=${LIVEUID}_profile.default
+Default=1
+EOT
+
+ # Create Pale Moon profile:
+ mkdir -p ${LIVE_ROOTDIR}/home/${LIVEUID}/.moonchild\ productions/pale\ moon/${LIVEUID}_profile.default
+ cat << EOT > ${LIVE_ROOTDIR}/home/${LIVEUID}/.moonchild\ productions/pale\ moon/profiles.ini
+[General]
+StartWithLastProfile=1
+
+[Profile0]
+Name=default
+IsRelative=1
+Path=${LIVEUID}_profile.default
+Default=1
+EOT
+
+ # Import CACert root certificates into the browsers:
+ (
+ # Mozilla Firefox:
+ certutil -N --empty-password -d ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/${LIVEUID}_profile.default
+ certutil -d ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/${LIVEUID}_profile.default \
+ -A -t TC -n "CAcert.org" -i ${LIVE_ROOTDIR}/etc/ssl/certs/cacert-root.crt
+ certutil -d ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/${LIVEUID}_profile.default \
+ -A -t TC -n "CAcert.org Class 3" -i ${LIVE_ROOTDIR}/etc/ssl/certs/cacert-class3.crt
+ # Seamonkey and Pale Moon (can just be a copy of the Firefox files):
+ cp -a \
+ ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/${LIVEUID}_profile.default/* \
+ ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/seamonkey/${LIVEUID}_profile.default/
+ cp -a \
+ ${LIVE_ROOTDIR}/home/${LIVEUID}/.mozilla/firefox/${LIVEUID}_profile.default/* \
+ ${LIVE_ROOTDIR}/home/${LIVEUID}/.moonchild\ productions/pale\ moon/${LIVEUID}_profile.default/
+ # NSS databases for Chrome based browsers have a different format (sql)
+ # than Mozilla based browsers:
+ mkdir -p ${LIVE_ROOTDIR}/home/${LIVEUID}/.pki/nssdb
+ certutil -N --empty-password -d ${LIVE_ROOTDIR}/home/${LIVEUID}/.pki/nssdb
+ certutil -d sql:${LIVE_ROOTDIR}/home/${LIVEUID}/.pki/nssdb \
+ -A -t TC -n "CAcert.org" -i ${LIVE_ROOTDIR}/etc/ssl/certs/cacert-root.crt
+ certutil -d sql:${LIVE_ROOTDIR}/home/${LIVEUID}/.pki/nssdb \
+ -A -t TC -n "CAcert.org Class 3" -i ${LIVE_ROOTDIR}/etc/ssl/certs/cacert-class3.crt
+ )
+ # TODO: find out how to configure KDE with additional Root CA's.
+fi # End ADD_CACERT
+
# Make sure that user 'live' owns her own files:
chroot ${LIVE_ROOTDIR} chown -R ${LIVEUID}:users home/${LIVEUID}