blob: 65da87ee8c4312c7291664df0895141661b0b589 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/bin/bash
# module-setup for url-lib
# called by dracut
check() {
require_binaries curl || return 1
return 255
}
# called by dracut
depends() {
echo network
return 0
}
# called by dracut
install() {
local _dir _crt _crts _found _lib _nssckbi _p11roots _p11root
inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
inst_multiple -o ctorrent
inst_multiple curl sed
if curl --version | grep -qi '\bNSS\b'; then
# also install libs for curl https
inst_libdir_file "libnsspem.so*"
inst_libdir_file "libnsssysinit.so*"
inst_libdir_file "libsoftokn3.so*"
inst_libdir_file "libsqlite3.so*"
fi
for _dir in $libdirs; do
[[ -d $dracutsysrootdir$_dir ]] || continue
for _lib in "$dracutsysrootdir$_dir"/libcurl.so.* "$dracutsysrootdir$_dir"/libcrypto.so.*; do
[[ -e $_lib ]] || continue
if ! [[ $_nssckbi ]]; then
read -r -d '' _nssckbi < <(grep -F --binary-files=text -z libnssckbi "$_lib")
fi
read -r -d '' _crt < <(grep -E --binary-files=text -z "\.(pem|crt)" "$_lib" | sed 's/\x0//g')
[[ $_crt ]] || continue
[[ $_crt == /*/* ]] || continue
if [[ -e $_crt ]]; then
_crts="$_crts $_crt"
_found=1
fi
done
done
if [[ $_found ]] && [[ -n $_crts ]]; then
for _crt in $_crts; do
if ! inst "${_crt#"$dracutsysrootdir"}"; then
dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
continue
fi
done
fi
# If we found no cert bundle files referenced in libcurl but we
# *did* find a mention of libnssckbi (checked above), install it.
# If its truly NSS libnssckbi, it includes its own trust bundle,
# but if it's really p11-kit-trust.so, we need to find the dirs
# where it will look for a trust bundle and install them too.
if ! [[ $_found ]] && [[ $_nssckbi ]]; then
_found=1
inst_libdir_file "libnssckbi.so*" || _found=
for _dir in $libdirs; do
[[ -e $dracutsysrootdir$_dir/libnssckbi.so ]] || continue
# this looks for directory-ish strings in the file
grep -z -o --binary-files=text '/[[:alpha:]][[:print:]]*' "${dracutsysrootdir}${_dir}"/libnssckbi.so \
| while read -r -d '' _p11roots || [[ $_p11roots ]]; do
IFS=":" read -r -a _p11roots <<< "$_p11roots"
# the string can be a :-separated list of dirs
for _p11root in "${_p11roots[@]}"; do
# check if it's actually a directory (there are
# several false positives in the results)
[[ -d "$dracutsysrootdir$_p11root" ]] || continue
# check if it has some specific subdirs that all
# p11-kit trust dirs have
[[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue
[[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue
# so now we know it's really a p11-kit trust dir;
# install everything in it
mkdir -p -- "${initdir}/${_p11root}"
if ! $DRACUT_CP -L -t "${initdir}/${_p11root}" "${dracutsysrootdir}${_p11root}"/*; then
dwarn "Couldn't install from p11-kit trust dir '${_p11root#"$dracutsysrootdir"}'; HTTPS might not work."
fi
done
done
done
fi
[[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."
}
|
