infra: bootstrap.sh annotate

changelog shortlog graph tags branches changeset files file revisions raw help

Mercurial > infra / annotate bootstrap.sh

changeset 239:	7c6e3bbfe8cd
parent:	a7129c8e52d1
child:	5d84c4505479
author:	Richard Westhaver <ellis@rwest.io>
date:	Tue, 28 May 2024 01:40:54 +0000
permissions:	-rwxr-xr-x
description:	bootstrap mv

239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	1	#!/bin/sh
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	2	set -eu
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	3	main() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	4	. ./check.sh
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	5	download --check
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	6	local _arch=$(_read arch \| tr -d '"')
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	7	local _ext=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	8	case "$_arch" in
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	9	windows)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	10	_ext=".exe"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	11	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	12	esac
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	13	local _url="https://packy.compiler.company/dist/${_arch}"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	14	local _stash
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	15	if ! _stash=".stash"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	16	# Because the previous command ran in a subshell, we must manually
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	17	# propagate exit status.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	18	exit 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	19	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	20	ensure mkdir -p "${_stash}/src"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	21	ensure mkdir -p "${_stash}/bin"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	22	local _sk_url="${_url}/bin/sk"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	23	local _sbcl_url="${_url}/pack/sbcl.tar.zst"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	24	local _rocksdb_url="${_url}/pack/rocksdb.tar.zst"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	25	ensure download "$_sbcl_url" "${_stash}/src/sbcl.tar.zst" "$_arch"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	26	ensure download "$_rocksdb_url" "${_stash}/src/rocksdb.tar.zst" "$_arch"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	27	ensure download "$_sk_url" "${_stash}/bin/sk" "$_arch"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	28	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	29
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	30	_read() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	31	grep ":$1" $INFRA_HOST_CONFIG \| cut -d' ' -f 2-
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	32	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	33
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	34	say() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	35	printf 'bootstrap.sh: %s\n' "$1"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	36	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	37
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	38	err() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	39	say "$1" >&2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	40	exit 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	41	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	42
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	43	check_cmd() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	44	command -v "$1" > /dev/null 2>&1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	45	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	46
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	47	need_cmd() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	48	if ! check_cmd "$1"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	49	err "need '$1' (command not found)"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	50	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	51	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	52
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	53	# Run a command that should never fail. If the command fails execution
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	54	# will immediately terminate with an error showing the failing
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	55	# command.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	56	ensure() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	57	if ! "$@"; then err "command failed: $*"; fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	58	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	59
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	60	# Check if curl supports the --retry flag, then pass it to the curl invocation.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	61	check_curl_for_retry_support() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	62	local _retry_supported=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	63	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	64	if check_help_for "notspecified" "curl" "--retry"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	65	_retry_supported="--retry 3"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	66	if check_help_for "notspecified" "curl" "--continue-at"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	67	# "-C -" tells curl to automatically find where to resume the download when retrying.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	68	_retry_supported="--retry 3 -C -"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	69	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	70	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	71
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	72	RETVAL="$_retry_supported"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	73	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	74
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	75	# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	76	# if support by local tools is detected. Detection currently supports these curl backends:
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	77	# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	78	get_ciphersuites_for_curl() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	79	if [ -n "${TLS_CIPHERSUITES-}" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	80	# user specified custom cipher suites, assume they know what they're doing
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	81	RETVAL="$TLS_CIPHERSUITES"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	82	return
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	83	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	84
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	85	local _openssl_syntax="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	86	local _gnutls_syntax="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	87	local _backend_supported="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	88	if curl -V \| grep -q ' OpenSSL/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	89	_openssl_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	90	elif curl -V \| grep -iq ' LibreSSL/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	91	_openssl_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	92	elif curl -V \| grep -iq ' BoringSSL/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	93	_openssl_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	94	elif curl -V \| grep -iq ' GnuTLS/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	95	_gnutls_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	96	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	97	_backend_supported="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	98	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	99
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	100	local _args_supported="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	101	if [ "$_backend_supported" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	102	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	103	if check_help_for "notspecified" "curl" "--tlsv1.2" "--ciphers" "--proto"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	104	_args_supported="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	105	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	106	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	107
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	108	local _cs=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	109	if [ "$_args_supported" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	110	if [ "$_openssl_syntax" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	111	_cs=$(get_strong_ciphersuites_for "openssl")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	112	elif [ "$_gnutls_syntax" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	113	_cs=$(get_strong_ciphersuites_for "gnutls")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	114	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	115	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	116
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	117	RETVAL="$_cs"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	118	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	119
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	120	# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	121	# if support by local tools is detected. Detection currently supports these wget backends:
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	122	# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	123	get_ciphersuites_for_wget() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	124	if [ -n "${TLS_CIPHERSUITES-}" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	125	# user specified custom cipher suites, assume they know what they're doing
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	126	RETVAL="$TLS_CIPHERSUITES"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	127	return
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	128	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	129
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	130	local _cs=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	131	if wget -V \| grep -q '\-DHAVE_LIBSSL'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	132	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	133	if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	134	_cs=$(get_strong_ciphersuites_for "openssl")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	135	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	136	elif wget -V \| grep -q '\-DHAVE_LIBGNUTLS'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	137	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	138	if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	139	_cs=$(get_strong_ciphersuites_for "gnutls")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	140	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	141	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	142
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	143	RETVAL="$_cs"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	144	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	145
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	146	check_help_for() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	147	local _arch
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	148	local _cmd
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	149	local _arg
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	150	_arch="$1"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	151	shift
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	152	_cmd="$1"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	153	shift
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	154
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	155	local _category
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	156	if "$_cmd" --help \| grep -q 'For all options use the manual or "--help all".'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	157	_category="all"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	158	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	159	_category=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	160	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	161
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	162	case "$_arch" in
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	163
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	164	darwin)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	165	if check_cmd sw_vers; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	166	case $(sw_vers -productVersion) in
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	167	10.*)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	168	# If we're running on macOS, older than 10.13, then we always
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	169	# fail to find these options to force fallback
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	170	if [ "$(sw_vers -productVersion \| cut -d. -f2)" -lt 13 ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	171	# Older than 10.13
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	172	echo "Warning: Detected macOS platform older than 10.13"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	173	return 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	174	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	175	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	176	11.*)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	177	# We assume Big Sur will be OK for now
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	178	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	179	*)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	180	# Unknown product version, warn and continue
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	181	echo "Warning: Detected unknown macOS major version: $(sw_vers -productVersion)"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	182	echo "Warning TLS capabilities detection may fail"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	183	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	184	esac
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	185	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	186	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	187
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	188	esac
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	189
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	190	for _arg in "$@"; do
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	191	if ! "$_cmd" --help "$_category" \| grep -q -- "$_arg"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	192	return 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	193	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	194	done
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	195
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	196	true # not strictly needed
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	197	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	198
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	199	# Return strong TLS 1.2-1.3 cipher suites in OpenSSL or GnuTLS syntax. TLS 1.2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	200	# excludes non-ECDHE and non-AEAD cipher suites. DHE is excluded due to bad
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	201	# DH params often found on servers (see RFC 7919). Sequence matches or is
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	202	# similar to Firefox 68 ESR with weak cipher suites disabled via about:config.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	203	# $1 must be openssl or gnutls.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	204	get_strong_ciphersuites_for() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	205	if [ "$1" = "openssl" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	206	# OpenSSL is forgiving of unknown values, no problems with TLS 1.3 values on versions that don't support it yet.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	207	echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	208	elif [ "$1" = "gnutls" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	209	# GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	210	# Begin with SECURE128 (and higher) then remove/add to build cipher suites. Produces same 9 cipher suites as OpenSSL but in slightly different order.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	211	echo "SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	212	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	213	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	214
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	215	check_proc() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	216	# Check for /proc by looking for the /proc/self/exe link
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	217	# This is only run on Linux
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	218	if ! test -L /proc/self/exe ; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	219	err "fatal: Unable to find /proc/self/exe. Is /proc mounted? Installation cannot proceed without /proc."
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	220	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	221	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	222
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	223	get_bitness() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	224	need_cmd head
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	225	# Architecture detection without dependencies beyond coreutils.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	226	# ELF files start out "\x7fELF", and the following byte is
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	227	# 0x01 for 32-bit and
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	228	# 0x02 for 64-bit.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	229	# The printf builtin on some shells like dash only supports octal
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	230	# escape sequences, so we use those.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	231	local _current_exe_head
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	232	_current_exe_head=$(head -c 5 /proc/self/exe )
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	233	if [ "$_current_exe_head" = "$(printf '\177ELF\001')" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	234	echo 32
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	235	elif [ "$_current_exe_head" = "$(printf '\177ELF\002')" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	236	echo 64
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	237	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	238	err "unknown platform bitness"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	239	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	240	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	241
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	242	is_host_amd64_elf() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	243	need_cmd head
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	244	need_cmd tail
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	245	# ELF e_machine detection without dependencies beyond coreutils.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	246	# Two-byte field at offset 0x12 indicates the CPU,
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	247	# but we're interested in it being 0x3E to indicate amd64, or not that.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	248	local _current_exe_machine
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	249	_current_exe_machine=$(head -c 19 /proc/self/exe \| tail -c 1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	250	[ "$_current_exe_machine" = "$(printf '\076')" ]
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	251	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	252
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	253	get_endianness() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	254	local cputype=$1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	255	local suffix_eb=$2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	256	local suffix_el=$3
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	257
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	258	# detect endianness without od/hexdump, like get_bitness() does.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	259	need_cmd head
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	260	need_cmd tail
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	261
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	262	local _current_exe_endianness
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	263	_current_exe_endianness="$(head -c 6 /proc/self/exe \| tail -c 1)"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	264	if [ "$_current_exe_endianness" = "$(printf '\001')" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	265	echo "${cputype}${suffix_el}"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	266	elif [ "$_current_exe_endianness" = "$(printf '\002')" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	267	echo "${cputype}${suffix_eb}"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	268	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	269	err "unknown platform endianness"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	270	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	271	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	272
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	273	# This wraps curl or wget. Try curl first, if not installed,
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	274	# use wget instead.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	275	download() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	276	local _dld
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	277	local _ciphersuites
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	278	local _err
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	279	local _status
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	280	local _retry
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	281	if check_cmd curl; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	282	_dld=curl
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	283	elif check_cmd wget; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	284	_dld=wget
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	285	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	286	_dld='curl or wget' # to be used in error message of need_cmd
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	287	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	288
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	289	if [ "$1" = --check ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	290	need_cmd "$_dld"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	291	elif [ "$_dld" = curl ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	292	check_curl_for_retry_support
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	293	_retry="$RETVAL"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	294	get_ciphersuites_for_curl
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	295	_ciphersuites="$RETVAL"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	296	if [ -n "$_ciphersuites" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	297	_err=$(curl $_retry --proto '=https' --tlsv1.2 --ciphers "$_ciphersuites" --silent --show-error --fail --location "$1" --output "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	298	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	299	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	300	echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	301	if ! check_help_for "$3" curl --proto --tlsv1.2; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	302	echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	303	_err=$(curl $_retry --silent --show-error --fail --location "$1" --output "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	304	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	305	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	306	_err=$(curl $_retry --proto '=https' --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	307	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	308	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	309	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	310	if [ -n "$_err" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	311	echo "$_err" >&2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	312	if echo "$_err" \| grep -q 404$; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	313	err "installer for platform '$3' not found, this may be unsupported"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	314	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	315	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	316	return $_status
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	317	elif [ "$_dld" = wget ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	318	if [ "$(wget -V 2>&1\|head -2\|tail -1\|cut -f1 -d" ")" = "BusyBox" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	319	echo "Warning: using the BusyBox version of wget. Not enforcing strong cipher suites for TLS or TLS v1.2, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	320	_err=$(wget "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	321	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	322	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	323	get_ciphersuites_for_wget
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	324	_ciphersuites="$RETVAL"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	325	if [ -n "$_ciphersuites" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	326	_err=$(wget --https-only --secure-protocol=TLSv1_2 --ciphers "$_ciphersuites" "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	327	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	328	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	329	echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	330	if ! check_help_for "$3" wget --https-only --secure-protocol; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	331	echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	332	_err=$(wget "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	333	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	334	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	335	_err=$(wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	336	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	337	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	338	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	339	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	340	if [ -n "$_err" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	341	echo "$_err" >&2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	342	if echo "$_err" \| grep -q ' 404 Not Found$'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	343	err "installer for platform '$3' not found, this may be unsupported"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	344	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	345	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	346	return $_status
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	347	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	348	err "Unknown downloader" # should not reach here
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	349	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	350	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	351
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	352	main "$@" \|\| exit 1