mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-08 05:26:58 +02:00
35 lines
1.2 KiB
Bash
Executable File
35 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
echo "Adding mock Google Accounts server certs."
|
|
|
|
CERT_NAME="mock_server"
|
|
FAKE_CA_DIR="${ROOT_FS_DIR}/etc/fake_root_ca"
|
|
FAKE_NSSDB="${FAKE_CA_DIR}/nssdb"
|
|
TMP_KEY=$(mktemp -p /tmp "${CERT_NAME}.key.XXXXX")
|
|
TMP_CERT=$(mktemp -p /tmp "${CERT_NAME}.pem.XXXXX")
|
|
|
|
# Generate testing root cert on the fly.
|
|
openssl req -x509 -nodes -days 365 \
|
|
-subj "/CN=*.google.com" \
|
|
-newkey rsa:1024 -keyout "${TMP_KEY}" -out "${TMP_CERT}"
|
|
|
|
mkdir -m 0755 -p "${FAKE_NSSDB}"
|
|
cp "${TMP_KEY}" "${FAKE_CA_DIR}/${CERT_NAME}.key"
|
|
echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${FAKE_CA_DIR}/README"
|
|
nsscertutil -A -n FakeCA -t "C,C,C" -a -i "${TMP_CERT}" -d "${FAKE_NSSDB}"
|
|
chmod 0644 "${FAKE_NSSDB}"/*
|
|
cp "${TMP_CERT}" "${FAKE_CA_DIR}/${CERT_NAME}.pem"
|
|
|
|
# TODO(cmasone): get rid of this once we're off pam_google for good.
|
|
# Sadly, our fake cert HAS to be first in this file.
|
|
TMPFILE=$(mktemp)
|
|
CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem"
|
|
PERMS=$(stat --printf="%a" "${CERT_FILE}")
|
|
cat "${TMP_CERT}" "${CERT_FILE}" > "${TMPFILE}"
|
|
mv -f "${TMPFILE}" "${CERT_FILE}"
|
|
chmod "${PERMS}" "${CERT_FILE}"
|