puma-dev -install can miss adding CA cert to Keychain
jeremy opened this issue · comments
- If you set up a new laptop with migration assistant and don't bring over your Keychain, you'll end up with a valid cert on disk but no CA cert in Keychain.
- Then
puma-dev -install
will short-circuit on the CA setup step, assuming the cert has been added (and is trusted) because it was generated previously. - The result is broken https, yet unclear next steps for troubleshooting.
(Similar scenario for folks who purposefully delete the cert from Keychain then wonder why puma-dev -install
doesn't regenerate it.)
Deleting the cert (rm -f ~/Library/Application\ Support/io.puma.dev/*.pem
) is a work-around, as is puma-dev -uninstall
beforehand.
Ideally, we'd check for the cert in Keychain in addition to the pem on disk and add when missing.
Here's a way to check for the cert in the Keychain:
/usr/bin/security find-certificate -a -c 'Puma-dev CA' | wc -l | /usr/bin/xargs
0 indicates there is no Puma-dev CA in the keychain.
Greater than 0 indicates there is a certificate.