cannot install certs on Debian #23

ju1ius · 2023-10-21T14:17:59Z

Hi,

Installing a certificate into to the system trust store is broken on Debian Sid (see also: smallstep/cli#1043).

$ cat /etc/debian_version
trixie/sid
$ ./bin/truststore my_cert.crt
install is not supported on this system

On Debian the update-ca-certificates binary is located under /usr/sbin, which is not in the path of non-root users.

This causes the exec.LookPath call in truststore_linux.go's init function to always fail and setting SystemTrustCommand to nil, which in turn causes installPlatform to incorrectly return ErrNotSupported.

Since the command (and the equivalent step certificate install and step ca bootstrap --install) should not be run as root, the exec.LookPath check should be removed from the init function, letting commandWithSudo(SystemTrustCommand...) fail (with an actually useful message) if SystemTrustCommand is not found, which is what mkcert does.

The text was updated successfully, but these errors were encountered:

removes init $PATH checks from trustore_linux.go

This was referenced Oct 21, 2023

[Bug]: cannot install certs on debian smallstep/cli#1043

Closed

removes init $PATH checks from trustore_linux.go #24

Merged

hslatman assigned maraino Oct 24, 2023

maraino closed this as completed in #24 Oct 24, 2023

maraino added a commit that referenced this issue Oct 24, 2023

Merge pull request #24 from ju1ius/ju1ius/gh-23

52f0bf5

removes init $PATH checks from trustore_linux.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cannot install certs on Debian #23

cannot install certs on Debian #23

ju1ius commented Oct 21, 2023

cannot install certs on Debian #23

cannot install certs on Debian #23

Comments

ju1ius commented Oct 21, 2023