You are not logged in.

#1 2022-01-13 05:36:47

shmu26
Member
Registered: 2021-04-17
Posts: 53

[SOLVED] Root certificate for installing Arch

My internet connection requires the installation of a root certificate in order to work.
On an already existing Arch installation I would run the following commands

wget http://netfree.link/netfree-ca.crt
sudo trust anchor --store netfree-ca.crt

The question is how to use the Arch installer, which, as we know, needs to download packages. Is there a way I can insert my cert?

Last edited by shmu26 (2022-01-13 11:39:40)

Offline

#2 2022-01-13 05:40:38

Morta
Member
Registered: 2019-07-07
Posts: 655

Re: [SOLVED] Root certificate for installing Arch

As root or using the manual installer

curl -O http://netfree.link/netfree-ca.crt 
trust anchor --store netfree-ca.crt

Last edited by Morta (2022-01-13 05:40:55)

Offline

#3 2022-01-13 05:42:59

shmu26
Member
Registered: 2021-04-17
Posts: 53

Re: [SOLVED] Root certificate for installing Arch

Morta wrote:

As root or using the manual installer

curl -O http://netfree.link/netfree-ca.crt 
trust anchor --store netfree-ca.crt

So those commands will work in the Arch installer itself?

Offline

#4 2022-01-13 09:30:43

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: [SOLVED] Root certificate for installing Arch

No, but you can execute them before you start the installer with archinstall


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#5 2022-01-13 09:42:40

shmu26
Member
Registered: 2021-04-17
Posts: 53

Re: [SOLVED] Root certificate for installing Arch

Thanks to both of you. Now I got the idea.

Will I be able to install curl before I get the internet connection working?

I tested out the suggested command on Ubuntu to see what happens, and it doesn't actually download the file

curl -O http://netfree.link/netfree-ca.crt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

But when I run the original command, the one with wget, it downloads the file

Last edited by shmu26 (2022-01-13 09:54:00)

Offline

#6 2022-01-13 10:59:03

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: [SOLVED] Root certificate for installing Arch

It does download something, but not the certificate you want.


$ cat netfree-ca.crt
Found. Redirecting to //api.internal.netfree.link/ca/netfree-ca.crt
$

Will I be able to install curl before I get the internet connection working?

unlikely, and even if you do add curl (or wget) manually from a memory stick your network will block downloading the certificate.


Just download the file on any working system and put it on a memory stick that you mount while booted in the install environment.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#7 2022-01-13 11:05:58

shmu26
Member
Registered: 2021-04-17
Posts: 53

Re: [SOLVED] Root certificate for installing Arch

Lone_Wolf wrote:

Just download the file on any working system and put it on a memory stick that you mount while booted in the install environment.

Okay, so will the command "trust anchor" work?
Without that command, I think I would have to copy and paste the certificate (to which location?) and then reboot, in order for the certificate to work, but since there is assumedly no persistence to the installation medium, I will be back to square one.

Last edited by shmu26 (2022-01-13 11:06:21)

Offline

#8 2022-01-13 11:36:39

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: [SOLVED] Root certificate for installing Arch

The trust command comes from the p11-kit package which doesn't appear to be included on the iso[1] .

You could create your own custom install iso, but adding some pacakges seems easier .

https://wiki.archlinux.org/title/Offline_installation
Try method 1 first.

Note : if you don't have a working archlinux system around, things get more complicated.






[1] https://gitlab.archlinux.org/archlinux/ … ges.x86_64


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#9 2022-01-13 11:39:16

shmu26
Member
Registered: 2021-04-17
Posts: 53

Re: [SOLVED] Root certificate for installing Arch

Lone_Wolf wrote:

The trust command comes from the p11-kit package which doesn't appear to be included on the iso[1] .

You could create your own custom install iso, but adding some pacakges seems easier .

https://wiki.archlinux.org/title/Offline_installation
Try method 1 first.

Note : if you don't have a working archlinux system around, things get more complicated.






[1] https://gitlab.archlinux.org/archlinux/ … ges.x86_64

I will accept that as the answer.

Offline

#10 2022-01-13 12:45:50

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 591

Re: [SOLVED] Root certificate for installing Arch

Lone_Wolf wrote:

The trust command comes from the p11-kit package which doesn't appear to be included on the iso[1] .

p11-kit may not be explicitly included, but it gets pulled in as a dependency of ca-certificates-utils, gnutls and nss.

Offline

#11 2022-01-13 13:48:54

shmu26
Member
Registered: 2021-04-17
Posts: 53

Re: [SOLVED] Root certificate for installing Arch

nl6720 wrote:
Lone_Wolf wrote:

The trust command comes from the p11-kit package which doesn't appear to be included on the iso[1] .

p11-kit may not be explicitly included, but it gets pulled in as a dependency of ca-certificates-utils, gnutls and nss.

So what's the best way to do this, then? I have my cert on a second flash drive, I mount the right volume on the flash drive, and then...?

Last edited by shmu26 (2022-01-13 13:50:28)

Offline

#12 2022-01-13 16:09:31

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [SOLVED] Root certificate for installing Arch

shmu26 wrote:
nl6720 wrote:
Lone_Wolf wrote:

The trust command comes from the p11-kit package which doesn't appear to be included on the iso[1] .

p11-kit may not be explicitly included, but it gets pulled in as a dependency of ca-certificates-utils, gnutls and nss.

So what's the best way to do this, then? I have my cert on a second flash drive, I mount the right volume on the flash drive, and then...?

and then you use "trust anchor ..." followed by "update-ca-trust". Those commands are part of the iso. (On any arch system, the ISO is one, they are a sub-dependency of pacman: base -> pacman -> curl -> ca-certificates -> ca-certificates-mozilla -> ca-certificates-utils -> p11-kit)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#13 2022-01-13 16:12:13

shmu26
Member
Registered: 2021-04-17
Posts: 53

Re: [SOLVED] Root certificate for installing Arch

progandy wrote:
shmu26 wrote:
nl6720 wrote:

p11-kit may not be explicitly included, but it gets pulled in as a dependency of ca-certificates-utils, gnutls and nss.

So what's the best way to do this, then? I have my cert on a second flash drive, I mount the right volume on the flash drive, and then...?

and then you use "trust anchor ..." followed by "update-ca-trust". Those commands are part of the iso. (On any arch system, the ISO is one, they are a sub-dependency of pacman: base -> pacman -> curl -> ca-certificates -> ca-certificates-mozilla -> ca-certificates-utils -> p11-kit)

Got it, so what would be the command right before this, to copy the cert file into its proper folder?

Offline

#14 2022-01-14 11:56:57

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,866

Re: [SOLVED] Root certificate for installing Arch

Looks like I missed that the packages.x86_64 list is fed to pacman / pacstrap and not a complete listing of every installed package available in the install environment.

man trust wrote:

       --store
           Store one or more anchors to the trust policy store. Specify certificate files on the command line

make sure the trust anchor command can find the certificate file and it will install it in the proper location.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

Board footer

Powered by FluxBB