Skip to content

Commit a803fe8

Browse files
nicomiguelinonicomiguelino
authored
Creates a script for installing (trusted) self-signed certificates (#2023)
1 parent f935b95 commit a803fe8

File tree

3 files changed

+56
-0
lines changed

3 files changed

+56
-0
lines changed

bin/add_certificate.sh

+43
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
#!/bin/bash
2+
3+
set -euo pipefail
4+
5+
function print_usage() {
6+
echo "Usage: $0 /path/to/certificate.crt"
7+
}
8+
9+
if [ "$#" -ne 1 ]; then
10+
print_usage
11+
exit 1
12+
fi
13+
14+
CERTIFICATE_PATH=$1
15+
16+
function main() {
17+
if [ ! -f $CERTIFICATE_PATH ]; then
18+
echo "Certificate file not found: $CERTIFICATE_PATH"
19+
exit 1
20+
fi
21+
22+
CERTIFICATE_DIR='/usr/local/share/ca-certificates/custom'
23+
CONTAINERS=(anthias-server anthias-viewer)
24+
CERTIFICATE_FILENAME=$(basename $CERTIFICATE_PATH)
25+
26+
cd $HOME/screenly
27+
28+
for CONTAINER in "${CONTAINERS[@]}"; do
29+
docker compose exec -it $CONTAINER mkdir -p $CERTIFICATE_DIR
30+
docker compose cp $CERTIFICATE_PATH $CONTAINER:$CERTIFICATE_DIR
31+
docker compose exec -it $CONTAINER update-ca-certificates
32+
33+
if [ "$CONTAINER" == "anthias-viewer" ]; then
34+
echo "Running certutil for $CONTAINER..."
35+
docker compose exec -it $CONTAINER \
36+
certutil -A -n "My CA Certificate" -t "C,C,C" \
37+
-i $CERTIFICATE_DIR/$CERTIFICATE_FILENAME \
38+
-d "/data/.pki/nssdb"
39+
fi
40+
done
41+
}
42+
43+
main

docker/Dockerfile.viewer.tmpl

+1
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ RUN --mount=type=cache,target=/var/cache/apt \
4040
libminizip-dev \
4141
libnss3 \
4242
libnss3-dev \
43+
libnss3-tools \
4344
libopus-dev \
4445
libpci-dev \
4546
libpng-dev \

docs/README.md

+12
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,18 @@ For most users, it's recommended that you [use the API instead](#accessing-the-r
8484

8585
The SQLite Database can be found here — `~/.screenly/screenly.db`. It can be modified with the `sqlite3` CLI. The schema is relatively straightforward if you're already familiar. The columns of most interest to you will be `name` and `is_enabled`. In addition, `start_date` is useful if you want to use this in a disconnected manner.
8686

87+
## Installing (trusted) self-signed certificates
88+
89+
This section only works for devices running Raspberry Pi OS Lite.
90+
With running the following script, you can install self-signed certificates:
91+
92+
```bash
93+
cd $HOME/screenly
94+
./bin/add_certificate.sh /path/to/certificate.crt
95+
```
96+
97+
More details about generating self-signed certificates can be found [here](https://devopscube.com/create-self-signed-certificates-openssl/).
98+
8799
## Wi-Fi Setup
88100

89101
- Read the [Wi-Fi Setup](wifi-setup.md) page for more details on how to set up Wi-Fi on the Raspberry Pi.

0 commit comments

Comments
 (0)