Initial commit

2024-05-09 22:45:53 +02:00 · 2024-05-09 22:45:53 +02:00 · 968d09e362
commit 968d09e362
88 changed files with 2323 additions and 0 deletions
--- a/os/layers/contestant/includes.chroot/usr/local/bin/install-client-cert
+++ b/os/layers/contestant/includes.chroot/usr/local/bin/install-client-cert
@ -0,0 +1,49 @@
+#!/bin/bash
+
+# This tool installs the client certificate in Firefox and Chromium.
+
+username="$1"
+
+userhome="/home/$username"
+certificate="$userhome/.config/clientcert.p12"
+
+runuser -u "$username" -- mkdir -p "$userhome/.config"
+mv "$userhome/clientcert.p12" "$certificate"
+chown "$username:$username" "$certificate"
+
+# Delete all Firefox data
+rm -rf "$userhome/.mozilla/"
+
+# Create an empty profile
+runuser -u "$username" -- mkdir -p "$userhome/.mozilla/firefox/main"
+
+# Tell Firefox to use this profile
+cat > "$userhome/.mozilla/firefox/profiles.ini" <<EOF
+[Profile0]
+Name=main
+IsRelative=1
+Path=main
+
+[General]
+StartWithLastProfile=1
+Version=2
+
+[Install3B6073811A6ABF12]
+Default=main
+Locked=1
+
+EOF
+
+chown "$username:$username" "$userhome/.mozilla/firefox/profiles.ini"
+
+# Create a certificate database
+runuser -u "$username" -- certutil -d "sql:$userhome/.mozilla/firefox/main/" -N --empty-password
+
+# Import the client certificate
+runuser -u "$username" -- pk12util -d "sql:$userhome/.mozilla/firefox/main/" -i "$certificate" -K "" -W ""
+
+# Do the same for the NSS shared certificate database, used by Chromium
+rm -rf "$userhome/.pki/"
+runuser -u "$username" -- mkdir -p "$userhome/.pki/nssdb"
+runuser -u "$username" -- certutil -d "sql:$userhome/.pki/nssdb/" -N --empty-password
+runuser -u "$username" -- pk12util -d "sql:$userhome/.pki/nssdb/" -i "$certificate" -K "" -W ""