[thirdparty/dracut.git] / modules.d / 45url-lib / module-setup.sh

#!/bin/bash
# module-setup for url-lib

# called by dracut
check() {
    require_binaries curl || return 1
    return 255
}

# called by dracut
depends() {
    echo network
    return 0
}

# called by dracut
install() {
    local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
    inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
    inst_multiple -o ctorrent
    inst_multiple curl
    # also install libs for curl https
    inst_libdir_file "libnsspem.so*"
    inst_libdir_file "libnsssysinit.so*"
    inst_libdir_file "libsoftokn3.so*"
    inst_libdir_file "libsqlite3.so*"

    for _dir in $libdirs; do
	[[ -d $_dir ]] || continue
        for _lib in $_dir/libcurl.so.*; do
	    [[ -e $_lib ]] || continue
            [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib)
            _crt=$(grep -F --binary-files=text -z .crt $_lib)
            [[ $_crt ]] || continue
            [[ $_crt == /*/* ]] || continue
            if ! inst "$_crt"; then
                dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
                continue
            fi
            _found=1
        done
    done
    # If we found no cert bundle files referenced in libcurl but we
    # *did* find a mention of libnssckbi (checked above), install it.
    # If its truly NSS libnssckbi, it includes its own trust bundle,
    # but if it's really p11-kit-trust.so, we need to find the dirs
    # where it will look for a trust bundle and install them too.
    if ! [[ $_found ]] && [[ $_nssckbi ]] ; then
        _found=1
        inst_libdir_file "libnssckbi.so*" || _found=
        for _dir in $libdirs; do
            [[ -e $_dir/libnssckbi.so ]] || continue
            # this looks for directory-ish strings in the file
            for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $_dir/libnssckbi.so) ; do
                # the string can be a :-separated list of dirs
                for _p11root in $(echo "$_p11roots" | tr ':' '\n') ; do
                    # check if it's actually a directory (there are
                    # several false positives in the results)
                    [[ -d "$_p11root" ]] || continue
                    # check if it has some specific subdirs that all
                    # p11-kit trust dirs have
                    [[ -d "${_p11root}/anchors" ]] || continue
                    [[ -d "${_p11root}/blacklist" ]] || continue
                    # so now we know it's really a p11-kit trust dir;
                    # install everything in it
                    for _p11item in $(find "$_p11root") ; do
                        if ! inst "$_p11item" ; then
                            dwarn "Couldn't install '$_p11item' from p11-kit trust dir '$_p11root'; HTTPS might not work."
                            continue
                        fi
                    done
                done
            done
        done
    fi
    [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."
}
Commit	Line	Data
753c82d0 WW	1	#!/bin/bash
	2	# module-setup for url-lib
	3
8bcfd683	4	# called by dracut
753c82d0	5	check() {
30e6e809	6	require_binaries curl \|\| return 1
753c82d0 WW	7	return 255
	8	}
	9
8bcfd683	10	# called by dracut
753c82d0 WW	11	depends() {
	12	echo network
	13	return 0
	14	}
	15
8bcfd683	16	# called by dracut
753c82d0	17	install() {
892b1fe6	18	local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
53fe81e7	19	inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
338bad63	20	inst_multiple -o ctorrent
af119460	21	inst_multiple curl
17b01c5b HH	22	# also install libs for curl https
	23	inst_libdir_file "libnsspem.so*"
	24	inst_libdir_file "libnsssysinit.so*"
	25	inst_libdir_file "libsoftokn3.so*"
	26	inst_libdir_file "libsqlite3.so*"
	27
1540df0e	28	for _dir in $libdirs; do
27458b10 HH	29	[[ -d $_dir ]] \|\| continue
	30	for _lib in $_dir/libcurl.so.*; do
	31	[[ -e $_lib ]] \|\| continue
892b1fe6	32	[[ $_nssckbi ]] \|\| _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib)
27458b10	33	_crt=$(grep -F --binary-files=text -z .crt $_lib)
1540df0e HH	34	[[ $_crt ]] \|\| continue
1540df0e HH	35	[[ $_crt == // ]] \|\| continue
f47090f9	36	if ! inst "$_crt"; then
1540df0e HH	37	dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
	38	continue
	39	fi
	40	_found=1
27458b10	41	done
1540df0e	42	done
892b1fe6 AW	43	# If we found no cert bundle files referenced in libcurl but we
	44	# did find a mention of libnssckbi (checked above), install it.
	45	# If its truly NSS libnssckbi, it includes its own trust bundle,
	46	# but if it's really p11-kit-trust.so, we need to find the dirs
	47	# where it will look for a trust bundle and install them too.
	48	if ! [[ $_found ]] && [[ $_nssckbi ]] ; then
	49	_found=1
	50	inst_libdir_file "libnssckbi.so*" \|\| _found=
	51	for _dir in $libdirs; do
	52	[[ -e $_dir/libnssckbi.so ]] \|\| continue
	53	# this looks for directory-ish strings in the file
	54	for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $_dir/libnssckbi.so) ; do
	55	# the string can be a :-separated list of dirs
	56	for _p11root in $(echo "$_p11roots" \| tr ':' '\n') ; do
	57	# check if it's actually a directory (there are
	58	# several false positives in the results)
	59	[[ -d "$_p11root" ]] \|\| continue
	60	# check if it has some specific subdirs that all
	61	# p11-kit trust dirs have
	62	[[ -d "${_p11root}/anchors" ]] \|\| continue
	63	[[ -d "${_p11root}/blacklist" ]] \|\| continue
	64	# so now we know it's really a p11-kit trust dir;
	65	# install everything in it
	66	for _p11item in $(find "$_p11root") ; do
	67	if ! inst "$_p11item" ; then
	68	dwarn "Couldn't install '$_p11item' from p11-kit trust dir '$_p11root'; HTTPS might not work."
	69	continue
	70	fi
	71	done
	72	done
	73	done
	74	done
	75	fi
	76	[[ $_found ]] \|\| dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."
753c82d0 WW	77	}
753c82d0 WW	78