fix ca cert issue

2026-03-26 10:21:52 +00:00 · 2024-07-26 01:41:11 -06:00
parent 64315df85f
commit e4782dee68
2 changed files with 30 additions and 11 deletions
--- a/build/lib/scripts/enable-kiosk
+++ b/build/lib/scripts/enable-kiosk
@@ -14,14 +14,8 @@ if ! id kiosk; then
    useradd -s /bin/bash --create-home kiosk
 fi

-# create kiosk script
-cat > /home/kiosk/kiosk.sh << 'EOF'
-#!/bin/sh
-PROFILE=$(mktemp -d)
-if [ -f /usr/local/share/ca-certificates/startos-root-ca.crt ]; then
-    certutil -A -n "StartOS Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/startos-root-ca.crt -d $PROFILE
-fi
-cat >> $PROFILE/prefs.js << EOT
+mkdir /home/kiosk/fx-profile
+cat >> /home/kiosk/fx-profile/prefs.js << EOF
 user_pref("app.normandy.api_url", "");
 user_pref("app.normandy.enabled", false);
 user_pref("app.shield.optoutstudies.enabled", false);
@@ -87,7 +81,11 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
 user_pref("toolkit.telemetry.unified", false);
 user_pref("toolkit.telemetry.updatePing.enabled", false);
 user_pref("toolkit.telemetry.cachedClientID", "");
-EOT
+EOF
+
+# create kiosk script
+cat > /home/kiosk/kiosk.sh << 'EOF'
+#!/bin/sh
 while ! curl "http://localhost" > /dev/null; do
    sleep 1
 done
@@ -101,8 +99,7 @@ done
    killall firefox-esr
 ) &
 matchbox-window-manager -use_titlebar no &
-firefox-esr http://localhost --profile $PROFILE
-rm -rf $PROFILE
+firefox-esr http://localhost --profile /home/kiosk/fx-profile
 EOF
 chmod +x /home/kiosk/kiosk.sh

@@ -116,6 +113,8 @@ fi
 EOF
 fi

+chown -R kiosk:kiosk /home/kiosk
+
 # enable autologin
 mkdir -p /etc/systemd/system/getty@tty1.service.d
 cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << 'EOF'
--- a/core/startos/src/init.rs
+++ b/core/startos/src/init.rs
@@ -398,6 +398,20 @@ pub async fn init(
    Command::new("update-ca-certificates")
        .invoke(crate::ErrorKind::OpenSsl)
        .await?;
+    if tokio::fs::metadata("/home/kiosk/profile").await.is_ok() {
+        Command::new("certutil")
+            .arg("-A")
+            .arg("-n")
+            .arg("StartOS Local Root CA")
+            .arg("-t")
+            .arg("TCu,Cuw,Tuw")
+            .arg("-i")
+            .arg("/usr/local/share/ca-certificates/startos-root-ca.crt")
+            .arg("-d")
+            .arg("/home/kiosk/fx-profile")
+            .invoke(ErrorKind::OpenSsl)
+            .await?;
+    }
    load_ca_cert.complete();

    load_wifi.start();
@@ -422,6 +436,12 @@ pub async fn init(
        tokio::fs::remove_dir_all(&tmp_var).await?;
    }
    crate::disk::mount::util::bind(&tmp_var, "/var/tmp", false).await?;
+    let downloading = cfg
+        .datadir()
+        .join(format!("package-data/archive/downloading"));
+    if tokio::fs::metadata(&downloading).await.is_ok() {
+        tokio::fs::remove_dir_all(&downloading).await?;
+    }
    let tmp_docker = cfg
        .datadir()
        .join(format!("package-data/tmp/{CONTAINER_TOOL}"));