Last active
January 14, 2025 18:04
-
-
Save Informatic/d7bcdd59eac16ffbffd3a5b5c24b4195 to your computer and use it in GitHub Desktop.
Let's Encrypt fix for webOS. Tested on 3.8 only, put this into /var/lib/webosbrew/init.d and you should be probably done.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Directory to store overlays in (one directory structure is created per overlay configured down below) | |
| OVERLAY_BASE=/var/lib/webosbrew/customca | |
| overlay() { | |
| set -e | |
| overlay_id="$(echo $1 | sed 's;/;__;g')" | |
| unset TARGET SOURCE FSTYPE OPTIONS | |
| eval $(findmnt -P $1) | |
| if [[ "$FSTYPE" == "overlay" ]] || [ -f "$1" ] && [[ "$FSTYPE" != "" ]]; then | |
| echo "[-] Overlay '$1' already mounted" | |
| elif [ -f "$1" ]; then | |
| if [ ! -f "$OVERLAY_BASE/$overlay_id" ]; then | |
| echo "[ ] Preparing overlay for '$1'" | |
| cp $1 $OVERLAY_BASE/$overlay_id; | |
| fi | |
| mount --bind "$OVERLAY_BASE/$overlay_id" "$1" | |
| echo "[+] File overlay '$1' mounted" | |
| else | |
| echo "[ ] Preparing overlay for '$1' -> $OVERLAY_BASE/$overlay_id" | |
| mkdir -p "$OVERLAY_BASE/$overlay_id/upper" "$OVERLAY_BASE/$overlay_id/work" | |
| mount -t overlay -o lowerdir=$1,upperdir=$OVERLAY_BASE/$overlay_id/upper/,workdir=$OVERLAY_BASE/$overlay_id/work/ overlay-$overlay_id $1 | |
| echo "[+] Overlay '$1' mounted" | |
| fi | |
| } | |
| # Usage: | |
| overlay /etc/ssl/certs | |
| overlay /usr/share/ca-certificates | |
| overlay /etc/ca-certificates.conf | |
| overlay /etc/pki | |
| if [ ! -f "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt" ]; then | |
| # from https://letsencrypt.org/certs/isrgrootx1.pem | |
| cat <<EOF >"/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt" | |
| -----BEGIN CERTIFICATE----- | |
| MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw | |
| TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh | |
| cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 | |
| WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu | |
| ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY | |
| MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc | |
| h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ | |
| 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U | |
| A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW | |
| T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH | |
| B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC | |
| B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv | |
| KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn | |
| OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn | |
| jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw | |
| qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI | |
| rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV | |
| HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq | |
| hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL | |
| ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ | |
| 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK | |
| NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 | |
| ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur | |
| TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC | |
| jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc | |
| oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq | |
| 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA | |
| mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d | |
| emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= | |
| -----END CERTIFICATE----- | |
| EOF | |
| ln -sf /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt /etc/ssl/certs/ISRG_Root_X1.crt | |
| fi | |
| if grep -i DST_Root_CA_X3 /etc/ca-certificates.conf; then | |
| echo "[+] Removing DST_Root_CA_X3" | |
| sed '/DST_Root_CA_X3/d' /etc/ca-certificates.conf > /tmp/c && cp /tmp/c /etc/ca-certificates.conf | |
| fi | |
| if ! grep 'ISRG_Root_X1' /etc/ca-certificates.conf; then | |
| echo "[+] Adding ISRG_Root_X1" | |
| echo 'mozilla/ISRG_Root_X1.crt' >> /etc/ca-certificates.conf | |
| fi | |
| if [[ "$(ls -td /etc/ssl/certs/* /etc/ca-certificates.conf | head -1)" != "/etc/ssl/certs/ca-certificates.crt" ]]; then | |
| update-ca-certificates | |
| c_rehash | |
| cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/trusted_cas.crt | |
| fi | |
| # TODO: certutil -d /etc/pki/nssdb/ -A -t 'C,,' -n CA -i /usr/share/ca-certificates/... |
Hi @Informatic,
Now that my webOS 3.4.0 TV has been rooted I would like to do something about the web browser, if possible.
Tried the above overlay script to see what it would do, but I get errors on a few pages that used to load and no response on others, so I'm guessing it's not the best fit for my older webOS.
Can it be modified to work, or is something completely different required for webOS <3.5?
I am happy to try out things and provide feedback as necessary.
Thanks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@Informatic
Hello! I can confitm it works on WebOS 4.9. Thank you very much!
But is there a way to make writable the inital root directory "/" ?
I tried
overlay /but it shows:[-] Overlay '/' already mountedI need to create /opt ...
Thank you!