feat: better way to add trusted cert in macOS

Changelog.md

@@ -6,6 +6,8 @@ Changelog [format](http://keepachangelog.com/en/1.0.0/)
 
 ### Changed
 * GODT-409 Set flags have to replace all flags.
+* GODT-531 Better way to add trusted certificate in macOS.
+
 
 ## [v1.3.x] Emma (beta 2020-07-XXX)
 

Makefile

@@ -55,7 +55,6 @@ ${DEPLOY_DIR}/linux: ${EXE_TARGET}
 
 ${DEPLOY_DIR}/darwin: ${EXE_TARGET}
 	cp ./internal/frontend/share/icons/Bridge.icns ${DARWINAPP_CONTENTS}/Resources/
-	cp -r "utils/addcert.scpt" ${DARWINAPP_CONTENTS}/Resources/
 	cp LICENSE ${DARWINAPP_CONTENTS}/Resources/
 	rm -rf "${DARWINAPP_CONTENTS}/Frameworks/QtWebEngine.framework"
 	rm -rf "${DARWINAPP_CONTENTS}/Frameworks/QtWebView.framework"

pkg/config/tls.go

@@ -29,7 +29,6 @@ import (
 	"net"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"runtime"
 	"time"
 )
@@ -71,14 +70,16 @@ func GetTLSConfig(cfg tlsConfiger) (tlsConfig *tls.Config, err error) {
 		}
 
 		if runtime.GOOS == "darwin" {
-			// If this fails, log the error but continue to load.
+			if err := exec.Command( // nolint[gosec]
-			if binaryPath, err := os.Executable(); err == nil {
+				"execute-with-privileges",
-				macOSPath := filepath.Dir(binaryPath)
+				"/usr/bin/security",
-				contentsPath := filepath.Dir(macOSPath)
+				"add-trusted-cert",
-				resourcesPath := filepath.Join(contentsPath, "Resources", "addcert.scpt")
+				"-r", "trustRoot",
-				if err := exec.Command("/usr/bin/osascript", resourcesPath).Run(); err != nil { // nolint[gosec]
+				"-p", "ssl",
-					log.WithError(err).Error("Failed to add cert to system keychain")
+				"-k", "/Library/Keychains/System.keychain",
-				}
+				certPath,
+			).Run(); err != nil {
+				log.WithError(err).Error("Failed to add cert to system keychain")
 			}
 		}
 	}