modules.d/45url-lib/module-setup.sh

   1 #!/bin/bash
   2 # module-setup for url-lib
   3
   4 # called by dracut
   5 check() {
   6     require_binaries curl || return 1
   7     return 255
   8 }
   9
  10 # called by dracut
  11 depends() {
  12     echo network
  13     return 0
  14 }
  15
  16 # called by dracut
  17 install() {
  18     local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
  19     inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
  20     inst_multiple -o ctorrent
  21     inst_multiple curl
  22     # also install libs for curl https
  23     inst_libdir_file "libnsspem.so*"
  24     inst_libdir_file "libnsssysinit.so*"
  25     inst_libdir_file "libsoftokn3.so*"
  26     inst_libdir_file "libsqlite3.so*"
  27
  28     for _dir in $libdirs; do
  29         [[ -d $dracutsysrootdir$_dir ]] || continue
  30         for _lib in $dracutsysrootdir$_dir/libcurl.so.*; do
  31             [[ -e $_lib ]] || continue
  32             [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib)
  33             _crt=$(grep -F --binary-files=text -z .crt $_lib)
  34             [[ $_crt ]] || continue
  35             [[ $_crt == /*/* ]] || continue
  36             if ! inst "${_crt#$dracutsysrootdir}"; then
  37                 dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
  38                 continue
  39             fi
  40             _found=1
  41         done
  42     done
  43     # If we found no cert bundle files referenced in libcurl but we
  44     # *did* find a mention of libnssckbi (checked above), install it.
  45     # If its truly NSS libnssckbi, it includes its own trust bundle,
  46     # but if it's really p11-kit-trust.so, we need to find the dirs
  47     # where it will look for a trust bundle and install them too.
  48     if ! [[ $_found ]] && [[ $_nssckbi ]] ; then
  49         _found=1
  50         inst_libdir_file "libnssckbi.so*" || _found=
  51         for _dir in $libdirs; do
  52             [[ -e $dracutsysrootdir$_dir/libnssckbi.so ]] || continue
  53             # this looks for directory-ish strings in the file
  54             for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $dracutsysrootdir$_dir/libnssckbi.so) ; do
  55                 # the string can be a :-separated list of dirs
  56                 for _p11root in $(echo "$_p11roots" | tr ':' '\n') ; do
  57                     # check if it's actually a directory (there are
  58                     # several false positives in the results)
  59                     [[ -d "$dracutsysrootdir$_p11root" ]] || continue
  60                     # check if it has some specific subdirs that all
  61                     # p11-kit trust dirs have
  62                     [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue
  63                     [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue
  64                     # so now we know it's really a p11-kit trust dir;
  65                     # install everything in it
  66                     for _p11item in $(find "$dracutsysrootdir$_p11root") ; do
  67                         if ! inst "${_p11item#$dracutsysrootdir}" ; then
  68                             dwarn "Couldn't install '${_p11item#$dracutsysrootdir}' from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work."
  69                             continue
  70                         fi
  71                     done
  72                 done
  73             done
  74         done
  75     fi
  76     [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."
  77 }
  78