gencert.py: Support Snap Firefox and Chromium

Recently Ubuntu provides Firefox and Chromium in the form of Snap package, and they place NSS DB at different path from non-Snap package. However, current gencert.py implementation supports only the NSS DB paths for non-Snap packages. This results in HTTPS communication failure between the browsers and scratch_link. Support the NSS DB paths for the Snap packages. Add a new function prep_cert_for_app() which takes application name and its NSS DB search path. Call this function for list of browsers, covering both non-Snap and Snap packages. Signed-off-by: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
2026-03-15 20:50:17 +01:00 · 2023-03-19 20:59:58 +09:00
parent 751190935a
commit d845d69bb8
1 changed files with 22 additions and 21 deletions
--- a/pyscrlink/gencert.py
+++ b/pyscrlink/gencert.py
@@ -152,36 +152,37 @@ def prep_nss_cert(dir, cert, nickname):
    remove_cert(dir, nickname)
    add_cert(dir, cert, nickname)

-def prep_cert():
-    # Generate certification and key
-    gen_cert(cert_file_path, key_file_path)
-
-    # Add certificate to FireFox
+def prep_cert_for_app(cert, app, search_path):
+    """
+    Find a NSS DB in the search_path for the app and prepare the cert in the DB.
+    """
    nssdb = None
-    firefox_nss_path = os.path.join(homedir, ".mozilla/firefox/")
-    for root, dirs, files in os.walk(firefox_nss_path):
+    for root, dirs, files in os.walk(os.path.join(homedir, search_path)):
        for name in files:
            if not re.match("key.*\.db", name):
                continue
            nssdb = root
-            if prep_nss_cert(nssdb, cert_file_path, SCRATCH_CERT_NICKNAME):
-                logger.error(f"Failed to add certificate to FireFox NSS DB: {nssdb}")
+            if prep_nss_cert(nssdb, cert, SCRATCH_CERT_NICKNAME):
+                logger.error(f"Failed to add certificate to {app}: {nssdb}")
                sys.exit(3)
            else:
-                logger.info(f"Certificate is ready in FireFox NSS DB: {nssdb}")
+                logger.info(f"Certificate is ready in {app} NSS DB: {nssdb}")
    if not nssdb:
-        logger.info("FireFox NSS DB not found. Do not add certificate.")
+        logger.debug(f"NSS DB for {app} not found. Do not add certificate.")

-    # Add certificate to Chrome
-    nssdb = os.path.join(homedir, ".pki/nssdb")
-    if os.path.isdir(nssdb):
-        if prep_nss_cert(nssdb, cert_file_path, SCRATCH_CERT_NICKNAME):
-            logger.error(f"Failed to add certificate to Chrome")
-            sys.exit(4)
-        else:
-            logger.info("Certificate is ready for Chrome")
-    else:
-        logger.info("Chrome NSS DB not found. Do not add certificate.")
+
+def prep_cert():
+    # Generate certification and key
+    gen_cert(cert_file_path, key_file_path)
+
+    nss_dbs = {
+        "FireFox": ".mozilla/firefox/",
+        "FireFox(Snap)": "snap/firefox/common/.mozilla/firefox/",
+        "Chrome": ".pki",
+        "Chromium(Snap)": "snap/chromium",
+        }
+
+    [ prep_cert_for_app(cert_file_path, k, nss_dbs[k]) for k in nss_dbs ]

 if __name__ == "__main__":
    prep_cert()