Fixes #17: graphical sudo prompt is now shown in post-install script

b89ef70b · Aral Balkan · c8c9402a · b89ef70b · b89ef70b · b89ef70b
Commit b89ef70b authored Mar 17, 2021 by Aral Balkan
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [7.0.3] - 2021-03-17
+
+### Fixed
+
+  - No longer fails on install on system accounts that don’t have passwordless sudo set up. Instead, shows a graphical password box to get the person’s sudo password. (Fixes https://source.small-tech.org/site.js/lib/auto-encrypt-localhost/-/issues/17. See https://github.com/npm/cli/issues/2887 for the original npm bug.
+
 ## [7.0.2] - 2021-03-06

 ### Fixed

--- a/README.md
+++ b/README.md
@@ -14,6 +14,10 @@ At runtime, you can reach your server via the local loopback addresses (localhos
 npm i @small-tech/auto-encrypt-localhost
 ```

+Note that during installation, Auto Encrypt Localhost will create your local certificate authority and install it in the system root store and generate locally-trusted certificates. These actions require elevated privileges (`sudo`). Since [npm does not handle sudo prompts correctly in lifecycle scripts](https://github.com/npm/cli/issues/2887), you will see a graphical sudo prompt pop up to ask you for your adminstrator password. Once you’ve provided it, installation will proceed as normal.
+
+
+
 ## Usage

 ### Instructions

--- a/bin/post-install.js
+++ b/bin/post-install.js
@@ -29,6 +29,7 @@ import { version, binaryName } from '../lib/mkcert.js'

 import fs from 'fs-extra'

+import sudoPrompt from 'sudo-prompt'

 async function secureGet (url) {
  return new Promise((resolve, reject) => {
@@ -123,7 +124,25 @@ mkcertProcessOptions.env.CAROOT = settingsPath

 // Create the local certificate authority.
 process.stdout.write(`   ╰─ Creating local certificate authority (local CA) using mkcert… `)
-childProcess.execFileSync(mkcertBinary, ['-install'], mkcertProcessOptions)
+
+// We are using the sudo-prompt package here, instead of childProcess.execFileSync() because
+// this script is meant to run as an npm script and it appears that npm scripts fail to show
+// the system sudo prompt (and instead hang).
+//
+// See: https://github.com/npm/cli/issues/2887
+//
+// To workaround this issue, we use sudo-prompt here to display a graphical sudo prompt
+// that works well with npm scripts.
+
+await (() => {
+  return new Promise((resolve, reject) => {
+    sudoPrompt.exec(`${mkcertBinary} -install`, {name: 'Auto Encrypt Localhost'}, function(error, stdout, stderr) {
+      if (error) reject(error)
+      resolve()
+    })
+  })
+})()
+
 process.stdout.write('done.\n')

 // Create the local certificate.
@@ -145,7 +164,9 @@ const certificateDetails = [
  'localhost'
 ].concat(localIPv4Addresses)

+// We can use a regular execFileSync call here as the sudo permissions will not have timed out yet.
 childProcess.execFileSync(mkcertBinary, certificateDetails, mkcertProcessOptions)
+
 process.stdout.write('done.\n')

 // This should never happen as an error in the above, if there is one,

--- a/package-lock.json
+++ b/package-lock.json
@@ -13,6 +13,7 @@
        "encodeurl": "^1.0.2",
        "fs-extra": "^8.1.0",
        "server-destroy": "^1.0.1",
+        "sudo-prompt": "^9.2.1",
        "syswide-cas": "^5.3.0"
      },
      "devDependencies": {
@@ -2603,6 +2604,11 @@
        "node": ">=4"
      }
    },
+    "node_modules/sudo-prompt": {
+      "version": "9.2.1",
+      "resolved": "https://registry.npmjs.org/sudo-prompt/-/sudo-prompt-9.2.1.tgz",
+      "integrity": "sha512-Mu7R0g4ig9TUuGSxJavny5Rv0egCEtpZRNMrZaYS1vxkiIxGiGUwoezU3LazIQ+KE04hTrTfNPgxU5gzi7F5Pw=="
+    },
    "node_modules/supports-color": {
      "version": "7.2.0",
      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@@ -5149,6 +5155,11 @@
      "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM=",
      "dev": true
    },
+    "sudo-prompt": {
+      "version": "9.2.1",
+      "resolved": "https://registry.npmjs.org/sudo-prompt/-/sudo-prompt-9.2.1.tgz",
+      "integrity": "sha512-Mu7R0g4ig9TUuGSxJavny5Rv0egCEtpZRNMrZaYS1vxkiIxGiGUwoezU3LazIQ+KE04hTrTfNPgxU5gzi7F5Pw=="
+    },
    "supports-color": {
      "version": "7.2.0",
      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",

--- a/package.json
+++ b/package.json
 {
  "name": "@small-tech/auto-encrypt-localhost",
-  "version": "7.0.2",
+  "version": "7.0.3",
  "description": "Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Express.js, etc.) using mkcert.",
  "keywords": [
    "mkcert",
@@ -22,8 +22,7 @@
    "bin"
  ],
  "scripts": {
-    "postinstall": "node bin/post-install.js",
-    "start": "node index.js",
+    "postinstall": "bin/post-install.js",
    "test": "QUIET=true esm-tape-runner 'test/**/*.js' | tap-monkey",
    "coverage": "QUIET=true c8 esm-tape-runner 'test/**/*.js' | tap-monkey",
    "test-debug": "esm-tape-runner 'test/**/*.js' | tap-monkey",
@@ -53,6 +52,7 @@
    "encodeurl": "^1.0.2",
    "fs-extra": "^8.1.0",
    "server-destroy": "^1.0.1",
+    "sudo-prompt": "^9.2.1",
    "syswide-cas": "^5.3.0"
  },
  "devDependencies": {