| #!/bin/bash |
| |
| # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| echo "Adding mock Google Accounts server certs." |
| |
| case "${ARCH}" in |
| arm*) |
| QEMU="/tmp/qemu-arm" |
| cp "/usr/bin/qemu-arm" "${ROOT_FS_DIR}/${QEMU}" |
| ;; |
| *86|amd64) |
| QEMU="" |
| ;; |
| *) |
| error "Invalid ARCH: ${ARCH}" |
| exit 1 |
| esac |
| |
| CERT_NAME="mock_server" |
| FAKE_CA_DIR="/etc/fake_root_ca" |
| FAKE_NSSDB="${FAKE_CA_DIR}/nssdb" |
| TMP_KEY=$(mktemp -p /tmp "${CERT_NAME}.key.XXXXX") |
| TMP_CERT=$(mktemp -p /tmp "${CERT_NAME}.pem.XXXXX") |
| |
| mv -f "${TMP_KEY}" "${ROOT_FS_DIR}/${TMP_KEY}" |
| mv -f "${TMP_CERT}" "${ROOT_FS_DIR}/${TMP_CERT}" |
| |
| # We need access to /dev/random and /dev/self/fd (which is /proc/self/fd) |
| # within the chrooted image |
| sudo mount --bind /dev "${ROOT_FS_DIR}"/dev |
| sudo mount --bind /proc "${ROOT_FS_DIR}"/proc |
| |
| # Generate testing root cert on the fly. |
| sudo chroot "${ROOT_FS_DIR}" ${QEMU} /usr/bin/openssl req -x509 -days 21 \ |
| -subj "/CN=*.google.com" \ |
| -newkey rsa:1024 -nodes -keyout "${TMP_KEY}" -out "${TMP_CERT}" |
| |
| mkdir -m 0755 -p "${ROOT_FS_DIR}/${FAKE_NSSDB}" |
| |
| # Both bash and nsscertutil must be run under qemu-arm |
| sudo chroot "${ROOT_FS_DIR}" ${QEMU} /bin/bash -c "${QEMU} \ |
| /usr/local/bin/nsscertutil -d sql:${FAKE_NSSDB} -N -f <(echo '')" |
| cp "${ROOT_FS_DIR}/${TMP_KEY}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.key" |
| cp "${ROOT_FS_DIR}/${TMP_CERT}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.pem" |
| echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${ROOT_FS_DIR}/${FAKE_CA_DIR}/README" |
| sudo chroot "${ROOT_FS_DIR}" ${QEMU} \ |
| /usr/local/bin/nsscertutil -d sql:"${FAKE_NSSDB}" -A \ |
| -n FakeCert -t "C,," -a -i "${FAKE_CA_DIR}/${CERT_NAME}.pem" |
| chmod 0644 "${ROOT_FS_DIR}/${FAKE_NSSDB}"/* |
| |
| CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem" |
| mv -f "${ROOT_FS_DIR}/${TMP_CERT}" "${CERT_FILE}" |
| chmod 0644 "${CERT_FILE}" |
| |
| if [ -n "${QEMU}" ] ; then |
| rm "${ROOT_FS_DIR}/${QEMU}" |
| fi |
| rm -f "${ROOT_FS_DIR}/${TMP_KEY}" |
| rm -f "${ROOT_FS_DIR}/${TMP_CERT}" |
| |
| sudo umount "${ROOT_FS_DIR}"/dev |
| sudo umount "${ROOT_FS_DIR}"/proc |