current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 2 down vote favorite

I am trying to write an script (postinst for a .deb package) that will install a secure websockets (wss:) application and a certificate that allows access from the Chrome browser. The developer has this working by adding a certificate to the user's nssdb using certutil -A -d sql:$HOME/.pki/nssdb

How do I do this from an installer script? I've tried sudo -u $SUDO_USER, which works if the user uses the commandline sudo dpkg but doesn't work from something like Ubuntu Software Centre which runs as root. Is there a better way of doing it such as a system-wide database. I tried /etc/pki/nssdb which I'd seen somewhere but that wasn't being picked up by Chrome.

share|improve this question
    
You can't change users' configuration from a package management script. You can try, but that will only mess things up, it will overwrite user preferences, it won't affect users created in the future, etc. Just don't do that. A system-wide database, if there is one, is the only real solution. Doesn't /etc/ssl/certs serve your purpose? –  Gilles Jun 12 at 22:17
    
I use update-ca-certificates to install our certificate from /usr/local/share/ca-certificates/ but that doesn't seem to be enough; Chrome gives an error NET::ERR_CERT_AUTHORITY_INVALID when it tries to connect to the libwebsockets based server. –  Paul Jun 15 at 10:27

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.