Remove certificate from Linux trust stores.
(cert_path: str, cert_name: str)
| 474 | |
| 475 | |
| 476 | def _uninstall_linux(cert_path: str, cert_name: str) -> bool: |
| 477 | """Remove certificate from Linux trust stores.""" |
| 478 | distro = _detect_linux_distro() |
| 479 | log.info("Detected Linux distro family: %s", distro) |
| 480 | |
| 481 | removed = False |
| 482 | |
| 483 | if distro == "debian": |
| 484 | dest_file = f"/usr/local/share/ca-certificates/{cert_name.replace(' ', '_')}.crt" |
| 485 | try: |
| 486 | if os.path.exists(dest_file): |
| 487 | os.remove(dest_file) |
| 488 | _run(["update-ca-certificates"]) |
| 489 | log.info("Certificate removed via update-ca-certificates.") |
| 490 | removed = True |
| 491 | except (OSError, subprocess.CalledProcessError) as exc: |
| 492 | log.warning("Debian removal failed (needs sudo?): %s", exc) |
| 493 | try: |
| 494 | _run(["sudo", "rm", "-f", dest_file]) |
| 495 | _run(["sudo", "update-ca-certificates"]) |
| 496 | log.info("Certificate removed via sudo update-ca-certificates.") |
| 497 | removed = True |
| 498 | except (subprocess.CalledProcessError, FileNotFoundError) as exc2: |
| 499 | log.warning("sudo Debian removal failed: %s", exc2) |
| 500 | |
| 501 | elif distro == "rhel": |
| 502 | dest_file = f"/etc/pki/ca-trust/source/anchors/{cert_name.replace(' ', '_')}.crt" |
| 503 | try: |
| 504 | if os.path.exists(dest_file): |
| 505 | os.remove(dest_file) |
| 506 | _run(["update-ca-trust", "extract"]) |
| 507 | log.info("Certificate removed via update-ca-trust.") |
| 508 | removed = True |
| 509 | except (OSError, subprocess.CalledProcessError) as exc: |
| 510 | log.warning("RHEL removal failed (needs sudo?): %s", exc) |
| 511 | try: |
| 512 | _run(["sudo", "rm", "-f", dest_file]) |
| 513 | _run(["sudo", "update-ca-trust", "extract"]) |
| 514 | log.info("Certificate removed via sudo update-ca-trust.") |
| 515 | removed = True |
| 516 | except (subprocess.CalledProcessError, FileNotFoundError) as exc2: |
| 517 | log.warning("sudo RHEL removal failed: %s", exc2) |
| 518 | |
| 519 | elif distro == "arch": |
| 520 | dest_file = f"/etc/ca-certificates/trust-source/anchors/{cert_name.replace(' ', '_')}.crt" |
| 521 | try: |
| 522 | if os.path.exists(dest_file): |
| 523 | os.remove(dest_file) |
| 524 | _run(["trust", "extract-compat"]) |
| 525 | log.info("Certificate removed via trust extract-compat.") |
| 526 | removed = True |
| 527 | except (OSError, subprocess.CalledProcessError) as exc: |
| 528 | log.warning("Arch removal failed (needs sudo?): %s", exc) |
| 529 | try: |
| 530 | _run(["sudo", "rm", "-f", dest_file]) |
| 531 | _run(["sudo", "trust", "extract-compat"]) |
| 532 | log.info("Certificate removed via sudo trust extract-compat.") |
| 533 | removed = True |
no test coverage detected