]>
Commit | Line | Data |
---|---|---|
753c82d0 WW |
1 | #!/bin/bash |
2 | # module-setup for url-lib | |
3 | ||
8bcfd683 | 4 | # called by dracut |
753c82d0 | 5 | check() { |
30e6e809 | 6 | require_binaries curl || return 1 |
753c82d0 WW |
7 | return 255 |
8 | } | |
9 | ||
8bcfd683 | 10 | # called by dracut |
753c82d0 WW |
11 | depends() { |
12 | echo network | |
13 | return 0 | |
14 | } | |
15 | ||
8bcfd683 | 16 | # called by dracut |
753c82d0 | 17 | install() { |
892b1fe6 | 18 | local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item |
53fe81e7 | 19 | inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh" |
338bad63 | 20 | inst_multiple -o ctorrent |
af119460 | 21 | inst_multiple curl |
17b01c5b HH |
22 | # also install libs for curl https |
23 | inst_libdir_file "libnsspem.so*" | |
24 | inst_libdir_file "libnsssysinit.so*" | |
25 | inst_libdir_file "libsoftokn3.so*" | |
26 | inst_libdir_file "libsqlite3.so*" | |
27 | ||
1540df0e | 28 | for _dir in $libdirs; do |
27458b10 HH |
29 | [[ -d $_dir ]] || continue |
30 | for _lib in $_dir/libcurl.so.*; do | |
31 | [[ -e $_lib ]] || continue | |
892b1fe6 | 32 | [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib) |
27458b10 | 33 | _crt=$(grep -F --binary-files=text -z .crt $_lib) |
1540df0e HH |
34 | [[ $_crt ]] || continue |
35 | [[ $_crt == /*/* ]] || continue | |
f47090f9 | 36 | if ! inst "$_crt"; then |
1540df0e HH |
37 | dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work." |
38 | continue | |
39 | fi | |
40 | _found=1 | |
27458b10 | 41 | done |
1540df0e | 42 | done |
892b1fe6 AW |
43 | # If we found no cert bundle files referenced in libcurl but we |
44 | # *did* find a mention of libnssckbi (checked above), install it. | |
45 | # If its truly NSS libnssckbi, it includes its own trust bundle, | |
46 | # but if it's really p11-kit-trust.so, we need to find the dirs | |
47 | # where it will look for a trust bundle and install them too. | |
48 | if ! [[ $_found ]] && [[ $_nssckbi ]] ; then | |
49 | _found=1 | |
50 | inst_libdir_file "libnssckbi.so*" || _found= | |
51 | for _dir in $libdirs; do | |
52 | [[ -e $_dir/libnssckbi.so ]] || continue | |
53 | # this looks for directory-ish strings in the file | |
54 | for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $_dir/libnssckbi.so) ; do | |
55 | # the string can be a :-separated list of dirs | |
56 | for _p11root in $(echo "$_p11roots" | tr ':' '\n') ; do | |
57 | # check if it's actually a directory (there are | |
58 | # several false positives in the results) | |
59 | [[ -d "$_p11root" ]] || continue | |
60 | # check if it has some specific subdirs that all | |
61 | # p11-kit trust dirs have | |
62 | [[ -d "${_p11root}/anchors" ]] || continue | |
63 | [[ -d "${_p11root}/blacklist" ]] || continue | |
64 | # so now we know it's really a p11-kit trust dir; | |
65 | # install everything in it | |
66 | for _p11item in $(find "$_p11root") ; do | |
67 | if ! inst "$_p11item" ; then | |
68 | dwarn "Couldn't install '$_p11item' from p11-kit trust dir '$_p11root'; HTTPS might not work." | |
69 | continue | |
70 | fi | |
71 | done | |
72 | done | |
73 | done | |
74 | done | |
75 | fi | |
76 | [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work." | |
753c82d0 WW |
77 | } |
78 |