ssl-dev/ac-ssl-mac.fish at main · aesthetic.computer/core

aesthetic.computer / core

fork atom

Monorepo for Aesthetic.Computer aesthetic.computer

fork atom

core / ssl-dev / ac-ssl-mac.fish

at main 68 lines 2.3 kB view raw

wrap content

Jeffrey Alan Scudder restore 4270 files deleted by papers oven auto-build (aaa62f4a1) 19d ago

ea1fd8af

 1#!/usr/bin/env fish
 2
 3# Aesthetic Computer SSL setup (macOS + Fedora)
 4# Place this at ~/bin/ac-ssl and make it executable:
 5#   chmod +x ~/bin/ac-ssl
 6#
 7# sudoers example:
 8# jas ALL=(ALL) NOPASSWD: /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain *
 9# jas ALL=(ALL) NOPASSWD: /Users/jas/bin/ac-ssl
10
11# Parse --install-only flag
12set INSTALL_ONLY 0
13for arg in $argv
14    switch $arg
15        case --install-only
16            set INSTALL_ONLY 1
17        case "*"
18            echo "Usage: ac-ssl [--install-only]"
19            exit 1
20    end
21end
22
23# Detect OS
24set OS (uname)
25
26# Script context
27set SCRIPT_DIR (dirname (status --current-filename))
28cd $SCRIPT_DIR
29
30# Go to ssl-dev directory (assumes standard layout)
31cd ~/Desktop/code/aesthetic-computer/ssl-dev
32
33# TODO: Could prevent generation if the cert already exists. 
34# Generate certificates if not install-only
35if test $INSTALL_ONLY -eq 0
36    mkcert --cert-file localhost.pem --key-file localhost-key.pem localhost aesthetic.local sotce.local 127.0.0.1 0.0.0.0 $HOST_IP > /dev/null 2>&1
37    cat localhost.pem localhost-key.pem > combined.pem
38    openssl x509 -outform der -in combined.pem -out localhost.crt
39    cp localhost.crt ../system/public/aesthetic.crt
40end
41
42# Install the cert if needed
43set CERT_FILE "localhost.pem"
44if test -f $CERT_FILE
45    switch $OS
46        case Linux
47            sudo cp $CERT_FILE /etc/pki/ca-trust/source/anchors/
48            sudo update-ca-trust extract
49        case Darwin
50            # Check if cert is already trusted (by SHA256 fingerprint)
51            set CERT_SHA256 (openssl x509 -noout -fingerprint -sha256 -in $CERT_FILE | string replace "SHA256 Fingerprint=" "" | string replace ":" "")
52            set FOUND (security find-certificate -a -Z /Library/Keychains/System.keychain | grep -ci $CERT_SHA256)
53
54            if test $FOUND -gt 0
55                echo "✅ Certificate already trusted. Skipping install."
56            else
57                echo "🔐 Installing certificate to System keychain..."
58                /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $CERT_FILE
59            end
60        case '*'
61            echo "Unsupported OS: $OS"
62            exit 1
63    end
64else
65    echo "🔴 Certificate not found: $CERT_FILE"
66end
67
68cd -