diff --git a/README.md b/README.md index 53822dc..ae5b2b1 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,8 @@ sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/li In systems where we cannot import our certificate (LibreELEC, Android (TV)), we need to copy `advancedsettings.xml` and `kto.crt` (renamed to `cacert.pem`) to `$HOME_OF_KODI_USER/.kodi/userdata/`. -TODO: At least on LibreELEC, this prevents KODI from using system CA, and thus to access "normal" HTTPS resources. +This prevents KODI from using system CA, and thus to access "normal" HTTPS resources. The solution is to concatenate in +`cacert.pem` KODI's "system" cacert and our own CA. The install script does it for LibreELEC, but not for Android (TV). #### Android (TV) 1. find Kodi app user data directory (usually `/sdcard/Android/data/org.xbmc.kodi`) diff --git a/install.sh b/install.sh index 362c5cb..829b70c 100755 --- a/install.sh +++ b/install.sh @@ -14,18 +14,23 @@ else sudo="" fi -if command -v update-ca-trust > /dev/null; then - $sudo cp $run_directory/*.crt /etc/ca-certificates/trust-source/anchors/ - $sudo update-ca-trust -elif command -v update-ca-certificates > /dev/null; then - $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/ - $sudo update-ca-certificates -elif [ -f /usr/sbin/update-ca-certificates ]; then # Debian... - $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/ - $sudo update-ca-certificates -else - echo "No update-ca binary found. Exiting with error!" - exit 1 +if [ $(echo $(lsb_release) | cut -d ' ' -f 1) = "LibreELEC" ]; then + cp /usr/share/kodi/system/certs/cacert.pem /storage/.kodi/userdata/cacert.pem + cat $run_directory/kto.crt >> /storage/.kodi/userdata/cacert.pem +else # More classic Linux expected + if command -v update-ca-trust > /dev/null; then + $sudo cp $run_directory/*.crt /etc/ca-certificates/trust-source/anchors/ + $sudo update-ca-trust + elif command -v update-ca-certificates > /dev/null; then + $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/ + $sudo update-ca-certificates + elif [ -f /usr/sbin/update-ca-certificates ]; then # Debian... + $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/ + $sudo update-ca-certificates + else + echo "No update-ca binary found. Exiting with error!" + exit 1 + fi fi echo "Finished install. Exiting..."