Fix install problem and Chrome Certificate Transparency problem

META-INF/com/google/android/update-binary

@@ -1,10 +1,33 @@
 #!/sbin/sh
-# This is a dummy file that should be replaced with a proper installer script
 
-# If you are creating a module locally for personal usage or testing,
-# download the script in the following URL:
-# https://github.com/topjohnwu/Magisk/blob/master/scripts/module_installer.sh
-# And replace this script with the downloaded script
+#################
+# Initialization
+#################
 
-# Error, this script should always be replaced
-exit 1
+umask 022
+
+# echo before loading util_functions
+ui_print() { echo "$1"; }
+
+require_new_magisk() {
+  ui_print "*******************************"
+  ui_print " Please install Magisk v20.4+! "
+  ui_print "*******************************"
+  exit 1
+}
+
+#########################
+# Load util_functions.sh
+#########################
+
+OUTFD=$2
+ZIPFILE=$3
+
+mount /data 2>/dev/null
+
+[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
+. /data/adb/magisk/util_functions.sh
+[ $MAGISK_VER_CODE -lt 20400 ] && require_new_magisk
+
+install_module
+exit 0

README.md

@@ -1,10 +1,19 @@
-# **Move Certificates**
+# **Copy Certificates**
 ## Description
-Moves certificates from the user certificate store to the system store. Also removes the *Network may be monitored* warning.
+Copies certificates from the user certificate store into the system store. Also removes the *Network may be monitored* warning.
 
-If you use AdGuard, you probably want to use [adguardcert](https://github.com/AdguardTeam/adguardcert) instead.
+Note that this is a significant change from the historical use of this module.  By copying, instead of moving, the Certificate Transparency problem for proxying Google Chrome has been solved.  See notes and links in the changelog below for more details on this.
 
 ## Changelog
+v2.0.1
+* Updated install messages
+* Fixed the release binary. I'd previously accidentally included the entire .git repository in the installer zip.  Whoopsie. Down to 8KB when I had it at 80KB before.
+
+v2.0
+* Changed behavior to copy instead of moving the certificate.
+  * The certificate ends up in two locations, one in the User store and one in the System store.  This addresses the Chrome Certificate Transparency problem discussed [here](https://github.com/Magisk-Modules-Repo/movecert/issues/15) and [here](https://github.com/AdguardTeam/AdguardForAndroid/issues/4124#issuecomment-1066078974).  Note that enabling Zygisk and adding Chrome to the DenyList is required for this to work.
+* Fixed install issue in Magisk, where this module would not install correctly. Credit to [azio7](https://github.com/Magisk-Modules-Repo/movecert/pull/14).
+
 v1.9
 * Dynamically determine correct SELinux context for cert from device itself.
 * AdGuard users may need to reinstall their HTTPS filtering certificate.

common/post-fs-data.sh

@@ -12,7 +12,7 @@ MODDIR=${0%/*}
 
 # mv -f /data/misc/user/0/cacerts-added/12abc345.0 $MODDIR/system/etc/security/cacerts
 
-mv -f /data/misc/user/0/cacerts-added/* $MODDIR/system/etc/security/cacerts
+cp -f /data/misc/user/0/cacerts-added/* $MODDIR/system/etc/security/cacerts
 chown -R 0:0 $MODDIR/system/etc/security/cacerts
 
 [ "$(getenforce)" = "Enforcing" ] || exit 0

install.sh

@@ -122,10 +122,10 @@ REPLACE="
 # Set what you want to display when installing your module
 
 print_modname() {
-  ui_print "*******************************"
+  ui_print "****************************************************"
   ui_print "        Move Certificates      "
-  ui_print "     by yochananmarqos @XDA    "
-  ui_print "*******************************"
+  ui_print "     by yochananmarqos (edited by Andy Acer) @XDA   "
+  ui_print "****************************************************"
 }
 
 # Copy/extract your module files into $MODPATH in on_install.

module.prop

@@ -1,6 +1,6 @@
 id=movecert
 name=Move Certificates
-version=v1.9
-versionCode=10
-author=yochananmarqos
-description=Moves certificates from the user certificate store to the system store. Removes the *Network may be monitored* warning.
+version=v2.0.1
+versionCode=1
+author=yochananmarqos (edited by Andy Acer)
+description=Copies certificates from the user certificate store into the system store. Removes the *Network may be monitored* warning.