Fixes #17: graphical sudo prompt is now shown in post-install script

Author: aral

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.0.3] - 2021-03-17
+
+### Fixed
+
+  - No longer fails on install on system accounts that don’t have passwordless sudo set up. Instead, shows a graphical password box to get the person’s sudo password. (Fixes https://source.small-tech.org/site.js/lib/auto-encrypt-localhost/-/issues/17. See https://github.com/npm/cli/issues/2887 for the original npm bug.
+
 ## [7.0.2] - 2021-03-06
 
 ### Fixed

README.md

@@ -14,6 +14,10 @@ At runtime, you can reach your server via the local loopback addresses (localhos
 npm i @small-tech/auto-encrypt-localhost
 ```
 
+Note that during installation, Auto Encrypt Localhost will create your local certificate authority and install it in the system root store and generate locally-trusted certificates. These actions require elevated privileges (`sudo`). Since [npm does not handle sudo prompts correctly in lifecycle scripts](https://github.com/npm/cli/issues/2887), you will see a graphical sudo prompt pop up to ask you for your adminstrator password. Once you’ve provided it, installation will proceed as normal.
+
+
+
 ## Usage
 
 ### Instructions

bin/post-install.js

@@ -29,6 +29,7 @@ import { version, binaryName } from '../lib/mkcert.js'
 
 import fs from 'fs-extra'
 
+import sudoPrompt from 'sudo-prompt'
 
 async function secureGet (url) {
   return new Promise((resolve, reject) => {
@@ -123,7 +124,25 @@ mkcertProcessOptions.env.CAROOT = settingsPath
 
 // Create the local certificate authority.
 process.stdout.write(`   ╰─ Creating local certificate authority (local CA) using mkcert… `)
-childProcess.execFileSync(mkcertBinary, ['-install'], mkcertProcessOptions)
+
+// We are using the sudo-prompt package here, instead of childProcess.execFileSync() because
+// this script is meant to run as an npm script and it appears that npm scripts fail to show
+// the system sudo prompt (and instead hang).
+//
+// See: https://github.com/npm/cli/issues/2887
+//
+// To workaround this issue, we use sudo-prompt here to display a graphical sudo prompt
+// that works well with npm scripts.
+
+await (() => {
+  return new Promise((resolve, reject) => {
+    sudoPrompt.exec(`${mkcertBinary} -install`, {name: 'Auto Encrypt Localhost'}, function(error, stdout, stderr) {
+      if (error) reject(error)
+      resolve()
+    })
+  })
+})()
+
 process.stdout.write('done.\n')
 
 // Create the local certificate.
@@ -145,7 +164,9 @@ const certificateDetails = [
   'localhost'
 ].concat(localIPv4Addresses)
 
+// We can use a regular execFileSync call here as the sudo permissions will not have timed out yet.
 childProcess.execFileSync(mkcertBinary, certificateDetails, mkcertProcessOptions)
+
 process.stdout.write('done.\n')
 
 // This should never happen as an error in the above, if there is one,

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@small-tech/auto-encrypt-localhost",
-  "version": "7.0.2",
+  "version": "7.0.3",
   "description": "Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Express.js, etc.) using mkcert.",
   "keywords": [
     "mkcert",
@@ -22,8 +22,7 @@
     "bin"
   ],
   "scripts": {
-    "postinstall": "node bin/post-install.js",
-    "start": "node index.js",
+    "postinstall": "bin/post-install.js",
     "test": "QUIET=true esm-tape-runner 'test/**/*.js' | tap-monkey",
     "coverage": "QUIET=true c8 esm-tape-runner 'test/**/*.js' | tap-monkey",
     "test-debug": "esm-tape-runner 'test/**/*.js' | tap-monkey",
@@ -53,6 +52,7 @@
     "encodeurl": "^1.0.2",
     "fs-extra": "^8.1.0",
     "server-destroy": "^1.0.1",
+    "sudo-prompt": "^9.2.1",
     "syswide-cas": "^5.3.0"
   },
   "devDependencies": {