From cec70c95c91489adeba62f98f945614fe986eaa9 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 22 Jan 2014 23:14:38 +0000 Subject: [PATCH] Default to secure downloads, though, still allow insecure ones. Refs #269. --- bootstrap-salt.sh | 137 ++++++++++++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 60 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index c8d565c..be01fbc 100644 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -160,68 +160,13 @@ usage() { -U If set, fully upgrade the system prior to bootstrapping salt -K If set, keep the temporary files in the temporary directories specified with -c and -k. + -I If set, allow insecure connections while downloading any files. For + example, pass '--no-check-certificate' to 'wget' or '--insecure' to 'curl' EOT } # ---------- end of function usage ---------- -#=== FUNCTION ================================================================ -# NAME: __fetch_url -# DESCRIPTION: Retrieves a URL and writes it to a given path -#=============================================================================== -__fetch_url() { - curl --insecure -s -o "$1" "$2" >/dev/null 2>&1 || - wget --no-check-certificate -q -O "$1" "$2" >/dev/null 2>&1 || - fetch -q -o "$1" "$2" >/dev/null 2>&1 -} -#=== FUNCTION ================================================================ -# NAME: __check_config_dir -# DESCRIPTION: Checks the config directory, retrieves URLs if provided. -#=============================================================================== -__check_config_dir() { - CC_DIR_NAME="$1" - CC_DIR_BASE=$(basename "${CC_DIR_NAME}") - - case "$CC_DIR_NAME" in - http://*|https://*) - __fetch_url "/tmp/${CC_DIR_BASE}" "${CC_DIR_NAME}" - CC_DIR_NAME="/tmp/${CC_DIR_BASE}" - ;; - ftp://*) - __fetch_url "/tmp/${CC_DIR_BASE}" "${CC_DIR_NAME}" - CC_DIR_NAME="/tmp/${CC_DIR_BASE}" - ;; - *) - if [ ! -e "${CC_DIR_NAME}" ]; then - echo "null" - return 0 - fi - ;; - esac - - case "$CC_DIR_NAME" in - *.tgz|*.tar.gz) - tar -zxf "${CC_DIR_NAME}" -C /tmp - CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tgz") - CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tar.gz") - CC_DIR_NAME="/tmp/${CC_DIR_BASE}" - ;; - *.tbz|*.tar.bz2) - tar -xjf "${CC_DIR_NAME}" -C /tmp - CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tbz") - CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tar.bz2") - CC_DIR_NAME="/tmp/${CC_DIR_BASE}" - ;; - *.txz|*.tar.xz) - tar -xJf "${CC_DIR_NAME}" -C /tmp - CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".txz") - CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tar.xz") - CC_DIR_NAME="/tmp/${CC_DIR_BASE}" - ;; - esac - - echo "${CC_DIR_NAME}" -} #----------------------------------------------------------------------- # Handle command line arguments @@ -243,17 +188,20 @@ _FORCE_OVERWRITE=${BS_FORCE_OVERWRITE:-$BS_FALSE} _GENTOO_USE_BINHOST=${BS_GENTOO_USE_BINHOST:-$BS_FALSE} _EPEL_REPO=${BS_EPEL_REPO:-epel} _UPGRADE_SYS=${BS_UPGRADE_SYS:-$BS_FALSE} +_INSECURE_DL=${BS_INSECURE_DL:-$BS_FALSE} +_WGET_ARGS=${BS_WGET_ARGS:-} +_CURL_ARGS=${BS_CURL_ARGS:-} # __SIMPLIFY_VERSION is mostly used in Solaris based distributions __SIMPLIFY_VERSION=$BS_TRUE -while getopts ":hvnDc:g:k:MSNXCPFUK" opt +while getopts ":hvnDc:g:k:MSNXCPFUKI" opt do case "${opt}" in h ) usage; exit 0 ;; - v ) echo "$0 -- Version $__ScriptVersion"; exit 0 ;; - n ) _COLORS=0; __detect_color_support ;; + v ) echo "$0 -- Version $__ScriptVersion"; exit 0 ;; + n ) _COLORS=0; __detect_color_support ;; D ) _ECHO_DEBUG=$BS_TRUE ;; c ) _TEMP_CONFIG_DIR=$(__check_config_dir "$OPTARG") # If the configuration directory does not exist, error out @@ -283,6 +231,7 @@ do F ) _FORCE_OVERWRITE=$BS_TRUE ;; U ) _UPGRADE_SYS=$BS_TRUE ;; K ) _KEEP_TEMP_FILES=$BS_TRUE ;; + I ) _INSECURE_DL=$BS_TRUE ;; \?) echo echoerror "Option does not exist : $OPTARG" @@ -453,6 +402,74 @@ exec 2>&- exec 2>$LOGPIPE +# Handle the insecure flags +if [ $_INSECURE_DL -eq $BS_TRUE ]; then + _CURL_ARGS="${_CURL_ARGS} --insecure" + _WGET_ARGS="${_WGET_ARGS} --no-check-certificate" +fi + +#=== FUNCTION ================================================================ +# NAME: __fetch_url +# DESCRIPTION: Retrieves a URL and writes it to a given path +#=============================================================================== +__fetch_url() { + curl $_CURL_ARGS -s -o "$1" "$2" >/dev/null 2>&1 || + wget $_WGET_ARGS -q -O "$1" "$2" >/dev/null 2>&1 || + fetch -q -o "$1" "$2" >/dev/null 2>&1 +} + + +#=== FUNCTION ================================================================ +# NAME: __check_config_dir +# DESCRIPTION: Checks the config directory, retrieves URLs if provided. +#=============================================================================== +__check_config_dir() { + CC_DIR_NAME="$1" + CC_DIR_BASE=$(basename "${CC_DIR_NAME}") + + case "$CC_DIR_NAME" in + http://*|https://*) + __fetch_url "/tmp/${CC_DIR_BASE}" "${CC_DIR_NAME}" + CC_DIR_NAME="/tmp/${CC_DIR_BASE}" + ;; + ftp://*) + __fetch_url "/tmp/${CC_DIR_BASE}" "${CC_DIR_NAME}" + CC_DIR_NAME="/tmp/${CC_DIR_BASE}" + ;; + *) + if [ ! -e "${CC_DIR_NAME}" ]; then + echo "null" + return 0 + fi + ;; + esac + + case "$CC_DIR_NAME" in + *.tgz|*.tar.gz) + tar -zxf "${CC_DIR_NAME}" -C /tmp + CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tgz") + CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tar.gz") + CC_DIR_NAME="/tmp/${CC_DIR_BASE}" + ;; + *.tbz|*.tar.bz2) + tar -xjf "${CC_DIR_NAME}" -C /tmp + CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tbz") + CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tar.bz2") + CC_DIR_NAME="/tmp/${CC_DIR_BASE}" + ;; + *.txz|*.tar.xz) + tar -xJf "${CC_DIR_NAME}" -C /tmp + CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".txz") + CC_DIR_BASE=$(basename ${CC_DIR_BASE} ".tar.xz") + CC_DIR_NAME="/tmp/${CC_DIR_BASE}" + ;; + esac + + echo "${CC_DIR_NAME}" +} + + + #--- FUNCTION ---------------------------------------------------------------- # NAME: __gather_hardware_info # DESCRIPTION: Discover hardware information