LogalDeveloper/Arch-Linux-Installer
0
Fork 0
Code Issues Activity

Added support for installing multiple CA certificates from certs directory.

Browse Source
This commit is contained in:
Logan Fick
2026-01-17 11:21:20 -05:00
parent f6fe732b4b
commit 985ecd76a4
3 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/defaults.conf
View File

@@ -26,7 +26,7 @@ INTERNET_CHECK_URL="https://logal.dev/"
MIRROR_URL='https://mirrors.logal.dev/archlinux/$repo/os/$arch' MIRROR_URL='https://mirrors.logal.dev/archlinux/$repo/os/$arch'
# Paths # Paths
CA_CERT_PATH="${SCRIPT_DIR}/files/certs/logalnet-internal-ca.crt" CA_CERTS_DIR="${SCRIPT_DIR}/files/certs"
CONFIG_SRC_DIR="${SCRIPT_DIR}/files/etc" CONFIG_SRC_DIR="${SCRIPT_DIR}/files/etc"
HOME_CONFIG_DIR="${SCRIPT_DIR}/files/home" HOME_CONFIG_DIR="${SCRIPT_DIR}/files/home"
MOUNT_POINT="/mnt" MOUNT_POINT="/mnt"

2
install-arch-linux.sh
View File

@@ -199,7 +199,7 @@ main() {
setup_security "$FILESYSTEM" setup_security "$FILESYSTEM"
configure_ssh "$USERNAME" configure_ssh "$USERNAME"
install_ca_certificate install_ca_certificates
#--------------------------------------------------------------------------- #---------------------------------------------------------------------------
# Phase 9: Profile Installation # Phase 9: Profile Installation

25
lib/system/security.sh
View File

@@ -22,7 +22,7 @@
# - Disables root account login # - Disables root account login
# - Enables nftables firewall, smartd, and fstrim timer # - Enables nftables firewall, smartd, and fstrim timer
# - Configures OpenSSH with restricted settings # - Configures OpenSSH with restricted settings
# - Installs custom CA certificate to system trust store # - Installs custom CA certificates from certs directory to system trust store
# - Sets up USBGuard to whitelist connected devices # - Sets up USBGuard to whitelist connected devices
# Configure mkinitcpio hooks for encrypted root # Configure mkinitcpio hooks for encrypted root
@@ -78,13 +78,24 @@ show_ssh_fingerprint() {
run_visible_cmd chroot_run ssh-keygen -lvf /etc/ssh/ssh_host_ed25519_key.pub run_visible_cmd chroot_run ssh-keygen -lvf /etc/ssh/ssh_host_ed25519_key.pub
} }
# Install custom CA certificate # Install custom CA certificates from certs directory
install_ca_certificate() { install_ca_certificates() {
print "Adding LogalNet Internal Certification Authority to system CA store..." local certs=("${CA_CERTS_DIR}"/*.crt)
cp "${CA_CERT_PATH}" "${MOUNT_POINT}" if [ ! -e "${certs[0]}" ]; then
chroot_run trust anchor --store /logalnet-internal-ca.crt print "No CA certificates found to install."
chroot_run rm /logalnet-internal-ca.crt return
fi
for cert in "${certs[@]}"; do
local cert_name
cert_name=$(basename "$cert")
print "Adding ${cert_name} to system CA store..."
cp "$cert" "${MOUNT_POINT}/${cert_name}"
chroot_run trust anchor --store "/${cert_name}"
chroot_run rm "/${cert_name}"
done
} }
# Configure USBGuard # Configure USBGuard