throwaway96 · October 8, 2024 19:53 · TETYYS · Oct 8, 2024
diff --git a/setup-cert-overlay.sh b/setup-cert-overlay.sh
 #!/bin/sh

 # by throwaway96
 # licensed under AGPLv3+
 # https://gist.github.com/throwaway96/bb31a17562eec4d8325020dee8c7e6b5

 cert=/home/root/something.crt
 name=lol_hax
 file="${name}.pem"
 tmp="/tmp/tempcert.pem.${$}"
 overlay_root=/home/root/overlay

 if ! test -f "${cert}"; then
 	echo >&2 "${0}: cert does not exist"
 	exit 1
 fi

 sed -e 's/\r$//' -- "${cert}" >"${tmp}"

 do_overlay() {
 	if test "${#}" -eq 2; then
 		callback="${2}"
 	elif test "${#}" -eq 1; then
 		callback=''
 	else
 		return 1
 	fi

 	target="${1}"

 	if test ! -d "${target}"; then
 		echo >&2 "target '${target}' does not exist; skipping"
 		return
 	fi

 	overlay_id="$(realpath "${target}" | tr -s '/' '_')"
 	mount_source="overlay${overlay_id}"

 	if findmnt -n --source "${mount_source}" >/dev/null; then
 		umount -- "${mount_source}"
 	fi

 	lowerdir="${overlay_root}/${overlay_id}"

 	rm -rf -- "${lowerdir}"
 	mkdir -p -- "${lowerdir}"

 	if test -n "${callback}"; then
 		(cd "${lowerdir}" && "${callback}" "${target}")
 	fi

 	# may only work on webOS 3.5+ (Linux kernel 4.0+)
 	mount -t overlay -o "ro,lowerdir=${lowerdir}:${target}" "${mount_source}" "${target}"
 }

 cb_certs() {
 	source="${1:-/etc/ssl/certs}"
 	hash_old="$(openssl x509 -in "${tmp}" -noout -subject_hash_old).0"
 	hash="$(openssl x509 -in "${tmp}" -noout -subject_hash).0"
 	cp -- "${tmp}" "./${file}"
 	ln -sf -- "${file}" "${hash_old}"
 	ln -sf -- "${file}" "${hash}"
 	cat -- "${source}/ca-certificates.crt" "${tmp}" >ca-certificates.crt
 }

 do_overlay /etc/ssl/certs cb_certs
 do_overlay /var/palm/jail/com.webos.app.browser/etc/ssl/certs cb_certs

 cb_sdp() {
 	source="${1:-/usr/share/ca-certificates/sdp}"
 	cat -- "${source}/sdp-ca.pem" "${tmp}" >sdp-ca.pem
 }

 do_overlay /usr/share/ca-certificates/sdp cb_sdp

 cb_nssdb() {
 	source="${1:-/etc/pki/nssdb}"
 	cp -- "${source}/"* .
 	certutil -A -d . -a -t 'C,,' -n "${name}" -i "${tmp}"
 }

 if test -d /etc/pki/nssdb; then
 	do_overlay /etc/pki/nssdb cb_nssdb
 fi

 rm -f -- "${tmp}"

 # vim: noet:ts=8:sw=8
	#!/bin/sh

	# by throwaway96
	# licensed under AGPLv3+
	# https://gist.github.com/throwaway96/bb31a17562eec4d8325020dee8c7e6b5

	cert=/home/root/something.crt
	name=lol_hax
	file="${name}.pem"
	tmp="/tmp/tempcert.pem.${$}"
	overlay_root=/home/root/overlay

	if ! test -f "${cert}"; then
	echo >&2 "${0}: cert does not exist"
	exit 1
	fi

	sed -e 's/\r$//' -- "${cert}" >"${tmp}"

	do_overlay() {
	if test "${#}" -eq 2; then
	callback="${2}"
	elif test "${#}" -eq 1; then
	callback=''
	else
	return 1
	fi

	target="${1}"

	if test ! -d "${target}"; then
	echo >&2 "target '${target}' does not exist; skipping"
	return
	fi

	overlay_id="$(realpath "${target}" \| tr -s '/' '_')"
	mount_source="overlay${overlay_id}"

	if findmnt -n --source "${mount_source}" >/dev/null; then
	umount -- "${mount_source}"
	fi

	lowerdir="${overlay_root}/${overlay_id}"

	rm -rf -- "${lowerdir}"
	mkdir -p -- "${lowerdir}"

	if test -n "${callback}"; then
	(cd "${lowerdir}" && "${callback}" "${target}")
	fi

	# may only work on webOS 3.5+ (Linux kernel 4.0+)
	mount -t overlay -o "ro,lowerdir=${lowerdir}:${target}" "${mount_source}" "${target}"
	}

	cb_certs() {
	source="${1:-/etc/ssl/certs}"
	hash_old="$(openssl x509 -in "${tmp}" -noout -subject_hash_old).0"
	hash="$(openssl x509 -in "${tmp}" -noout -subject_hash).0"
	cp -- "${tmp}" "./${file}"
	ln -sf -- "${file}" "${hash_old}"
	ln -sf -- "${file}" "${hash}"
	cat -- "${source}/ca-certificates.crt" "${tmp}" >ca-certificates.crt
	}

	do_overlay /etc/ssl/certs cb_certs
	do_overlay /var/palm/jail/com.webos.app.browser/etc/ssl/certs cb_certs

	cb_sdp() {
	source="${1:-/usr/share/ca-certificates/sdp}"
	cat -- "${source}/sdp-ca.pem" "${tmp}" >sdp-ca.pem
	}

	do_overlay /usr/share/ca-certificates/sdp cb_sdp

	cb_nssdb() {
	source="${1:-/etc/pki/nssdb}"
	cp -- "${source}/"* .
	certutil -A -d . -a -t 'C,,' -n "${name}" -i "${tmp}"
	}

	if test -d /etc/pki/nssdb; then
	do_overlay /etc/pki/nssdb cb_nssdb
	fi

	rm -f -- "${tmp}"

	# vim: noet:ts=8:sw=8