2 # module-setup for url-lib
6 require_binaries curl ||
return 1
18 local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
19 inst_simple
"$moddir/url-lib.sh" "/lib/url-lib.sh"
20 inst_multiple
-o ctorrent
22 # also install libs for curl https
23 inst_libdir_file
"libnsspem.so*"
24 inst_libdir_file
"libnsssysinit.so*"
25 inst_libdir_file
"libsoftokn3.so*"
26 inst_libdir_file
"libsqlite3.so*"
28 for _dir
in $libdirs; do
29 [[ -d $dracutsysrootdir$_dir ]] ||
continue
30 for _lib
in $dracutsysrootdir$_dir/libcurl.so.
*; do
31 [[ -e $_lib ]] ||
continue
32 [[ $_nssckbi ]] || _nssckbi
=$
(grep -F --binary-files=text
-z libnssckbi
$_lib)
33 _crt
=$
(grep -F --binary-files=text
-z .crt
$_lib)
34 [[ $_crt ]] ||
continue
35 [[ $_crt == /*/* ]] ||
continue
36 if ! inst
"${_crt#$dracutsysrootdir}"; then
37 dwarn
"Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
43 # If we found no cert bundle files referenced in libcurl but we
44 # *did* find a mention of libnssckbi (checked above), install it.
45 # If its truly NSS libnssckbi, it includes its own trust bundle,
46 # but if it's really p11-kit-trust.so, we need to find the dirs
47 # where it will look for a trust bundle and install them too.
48 if ! [[ $_found ]] && [[ $_nssckbi ]] ; then
50 inst_libdir_file
"libnssckbi.so*" || _found
=
51 for _dir
in $libdirs; do
52 [[ -e $dracutsysrootdir$_dir/libnssckbi.so
]] ||
continue
53 # this looks for directory-ish strings in the file
54 for _p11roots
in $
(grep -o --binary-files=text
"/[[:alpha:]][[:print:]]*" $dracutsysrootdir$_dir/libnssckbi.so
) ; do
55 # the string can be a :-separated list of dirs
56 for _p11root
in $
(echo "$_p11roots" |
tr ':' '\n') ; do
57 # check if it's actually a directory (there are
58 # several false positives in the results)
59 [[ -d "$dracutsysrootdir$_p11root" ]] ||
continue
60 # check if it has some specific subdirs that all
61 # p11-kit trust dirs have
62 [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] ||
continue
63 [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] ||
continue
64 # so now we know it's really a p11-kit trust dir;
65 # install everything in it
66 for _p11item
in $
(find "$dracutsysrootdir$_p11root") ; do
67 if ! inst
"${_p11item#$dracutsysrootdir}" ; then
68 dwarn
"Couldn't install '${_p11item#$dracutsysrootdir}' from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work."
76 [[ $_found ]] || dwarn
"Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."