cezarlamann · October 16, 2025 15:43
diff --git a/dotnet-cert-trust-void-linux.sh b/dotnet-cert-trust-void-linux.sh
 #!/usr/bin/env bash
 set -euo pipefail

 # Per-user trust for .NET dev certs on Void/Linux (OpenSSL)
 TRUST_DIR="$HOME/.aspnet/dev-certs/trust"
 DEV_PEM="$TRUST_DIR/dev-cert.pem"
 SYSTEM_CERT_DIR="/etc/ssl/certs"
 BASH_PROFILE="$HOME/.bash_profile"

 echo "==> Checking prerequisites..."
 command -v dotnet >/dev/null 2>&1 || { echo "ERROR: dotnet not found."; exit 1; }
 command -v openssl >/dev/null 2>&1 || { echo "ERROR: openssl not found."; exit 1; }

 echo "==> Cleaning existing dotnet dev certs..."
 dotnet dev-certs https --clean || true

 echo "==> Removing old system symlink (if present)..."
 if [ -e "$SYSTEM_CERT_DIR/dev-cert.pem" ] || [ -L "$SYSTEM_CERT_DIR/dev-cert.pem" ]; then
  rm -f -- "$SYSTEM_CERT_DIR/dev-cert.pem"
 fi

 echo "==> Resetting per-user trust directory..."
 mkdir -p "$TRUST_DIR"
 # IMPORTANT: do not quote the glob so it expands (suppress error if empty)
 rm -f -- "$TRUST_DIR"/* 2>/dev/null || true

 echo "==> Exporting a new dev certificate (PEM)..."
 read -r -s -p "Enter a password to protect the exported PEM (press Enter for none): " PEM_PW || true
 echo
 if [ -n "${PEM_PW:-}" ]; then
  dotnet dev-certs https -ep "$DEV_PEM" -p "$PEM_PW" --format PEM --trust
 else
  dotnet dev-certs https -ep "$DEV_PEM" -np --format PEM --trust
 fi

 echo "==> Linking the dev cert into the system certs directory (optional)..."
 ln -sfn "$DEV_PEM" "$SYSTEM_CERT_DIR/dev-cert.pem"

 echo "==> Rehashing your per-user trust directory for OpenSSL..."
 openssl rehash "$TRUST_DIR"

 # Compose SSL_CERT_DIR value (per-user trust first, then system)
 DESIRED_SSL_CERT_DIR="$TRUST_DIR:$SYSTEM_CERT_DIR"

 echo "==> Ensuring SSL_CERT_DIR is exported for future Bash logins..."
 if [ ! -f "$BASH_PROFILE" ]; then
  touch "$BASH_PROFILE"
 fi
 if ! grep -q '^export SSL_CERT_DIR=' "$BASH_PROFILE"; then
  printf '\nexport SSL_CERT_DIR="%s"\n' "$DESIRED_SSL_CERT_DIR" >> "$BASH_PROFILE"
  echo "   Added to $BASH_PROFILE"
 else
  echo "   SSL_CERT_DIR already present in $BASH_PROFILE (not modifying)."
 fi

 echo "==> Exporting SSL_CERT_DIR for this shell session..."
 export SSL_CERT_DIR="$DESIRED_SSL_CERT_DIR"

 echo "==> Verifying with dotnet (this is informational on Linux)..."
 dotnet dev-certs https --check --trust --verbose || true

 cat <<EOF

 Done.

 Per-user trust dir:  $TRUST_DIR
 Installed PEM:       $DEV_PEM
 SSL_CERT_DIR (now):  $SSL_CERT_DIR

 Open a NEW terminal (or 'source ~/.bash_profile') so GUI apps and new shells inherit SSL_CERT_DIR.
 EOF
	#!/usr/bin/env bash
	set -euo pipefail

	# Per-user trust for .NET dev certs on Void/Linux (OpenSSL)
	TRUST_DIR="$HOME/.aspnet/dev-certs/trust"
	DEV_PEM="$TRUST_DIR/dev-cert.pem"
	SYSTEM_CERT_DIR="/etc/ssl/certs"
	BASH_PROFILE="$HOME/.bash_profile"

	echo "==> Checking prerequisites..."
	command -v dotnet >/dev/null 2>&1 \|\| { echo "ERROR: dotnet not found."; exit 1; }
	command -v openssl >/dev/null 2>&1 \|\| { echo "ERROR: openssl not found."; exit 1; }

	echo "==> Cleaning existing dotnet dev certs..."
	dotnet dev-certs https --clean \|\| true

	echo "==> Removing old system symlink (if present)..."
	if [ -e "$SYSTEM_CERT_DIR/dev-cert.pem" ] \|\| [ -L "$SYSTEM_CERT_DIR/dev-cert.pem" ]; then
	rm -f -- "$SYSTEM_CERT_DIR/dev-cert.pem"
	fi

	echo "==> Resetting per-user trust directory..."
	mkdir -p "$TRUST_DIR"
	# IMPORTANT: do not quote the glob so it expands (suppress error if empty)
	rm -f -- "$TRUST_DIR"/* 2>/dev/null \|\| true

	echo "==> Exporting a new dev certificate (PEM)..."
	read -r -s -p "Enter a password to protect the exported PEM (press Enter for none): " PEM_PW \|\| true
	echo
	if [ -n "${PEM_PW:-}" ]; then
	dotnet dev-certs https -ep "$DEV_PEM" -p "$PEM_PW" --format PEM --trust
	else
	dotnet dev-certs https -ep "$DEV_PEM" -np --format PEM --trust
	fi

	echo "==> Linking the dev cert into the system certs directory (optional)..."
	ln -sfn "$DEV_PEM" "$SYSTEM_CERT_DIR/dev-cert.pem"

	echo "==> Rehashing your per-user trust directory for OpenSSL..."
	openssl rehash "$TRUST_DIR"

	# Compose SSL_CERT_DIR value (per-user trust first, then system)
	DESIRED_SSL_CERT_DIR="$TRUST_DIR:$SYSTEM_CERT_DIR"

	echo "==> Ensuring SSL_CERT_DIR is exported for future Bash logins..."
	if [ ! -f "$BASH_PROFILE" ]; then
	touch "$BASH_PROFILE"
	fi
	if ! grep -q '^export SSL_CERT_DIR=' "$BASH_PROFILE"; then
	printf '\nexport SSL_CERT_DIR="%s"\n' "$DESIRED_SSL_CERT_DIR" >> "$BASH_PROFILE"
	echo " Added to $BASH_PROFILE"
	else
	echo " SSL_CERT_DIR already present in $BASH_PROFILE (not modifying)."
	fi

	echo "==> Exporting SSL_CERT_DIR for this shell session..."
	export SSL_CERT_DIR="$DESIRED_SSL_CERT_DIR"

	echo "==> Verifying with dotnet (this is informational on Linux)..."
	dotnet dev-certs https --check --trust --verbose \|\| true

	cat <<EOF

	Done.

	Per-user trust dir: $TRUST_DIR
	Installed PEM: $DEV_PEM
	SSL_CERT_DIR (now): $SSL_CERT_DIR

	Open a NEW terminal (or 'source ~/.bash_profile') so GUI apps and new shells inherit SSL_CERT_DIR.
	EOF
No results found