certificates in firefox are now an hook

cert8.db was more similar to a binary than to a config file. A simple chroot hook will populate it in a more reviewable way. Also, it will "fetch" from freepto-certificates in a more natural way.
vvicaretti · Oct 19, 2014 · 6b31802 · 6b31802
1 parent db388e7
commit 6b31802
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/config/hooks/certificates.chroot b/config/hooks/certificates.chroot
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+dir=$(find /etc/skel/.mozilla/firefox/*/ -maxdepth 0 -type d)
+if [[ ! -d "$dir" ]]; then
+	echo "Not valid profiledir: $dir"
+	exit 1
+fi
+dpkg -L freepto-certificates | egrep '^/usr/share/ca-certificates/.*\.crt$' | while read crt; do
+	name=$(basename "$crt" .crt)
+	certutil -A -n "$name" -t TC,, -i "$crt" -d "$dir"
+done
+
diff --git a/config/includes.chroot/etc/skel/.mozilla/firefox/wgrlpdsn.paranoid/cert8.db b/config/includes.chroot/etc/skel/.mozilla/firefox/wgrlpdsn.paranoid/cert8.db
diff --git a/config/package-lists/tools.list.chroot b/config/package-lists/tools.list.chroot
@@ -37,3 +37,6 @@ spice-vdagent
 # graphical tools
 lshw-gtk
 evince-gtk
+
+# security
+libnss3-tools