infra: bootstrap.sh annotate

changelog shortlog graph tags branches changeset files file revisions raw help

Mercurial > infra / annotate bootstrap.sh

changeset 371:	7dcabf3e0edc
parent:	7c19637786a7
author:	Richard Westhaver <ellis@rwest.io>
date:	Tue, 24 Sep 2024 15:53:24 -0400
permissions:	-rwxr-xr-x
description:	no link in bootstrap.sh

239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	1	#!/bin/sh
295 61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	2
255 ad70dec68fa1 autogen updates and moved Containerfiles Richard Westhaver <ellis@rwest.io> parents: 254 diff changeset	3
239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	4	main() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	5	. ./check.sh
295 61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	6	if [[ -z "${INFRA_PROFILE:-}" ]]; then
61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	7	export INFRA_PROFILE="${1:-default.sxp}"
61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	8	else
61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	9	export INFRA_PROFILE="${INFRA_PROFILE}"
61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	10	fi
61f88f16e0f1 autogen updates Richard Westhaver <ellis@rwest.io> parents: 294 diff changeset	11	set -eu
239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	12	download --check
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	13	local _arch=$(_read arch \| tr -d '"')
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	14	local _ext=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	15	case "$_arch" in
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	16	windows)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	17	_ext=".exe"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	18	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	19	esac
260 c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	20	local _url="https://packy.compiler.company/dist/${_arch}/pack"
239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	21	local _stash
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	22	if ! _stash=".stash"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	23	# Because the previous command ran in a subshell, we must manually
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	24	# propagate exit status.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	25	exit 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	26	fi
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	27	# setup default directories
239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	28	ensure mkdir -p "${_stash}/src"
256 9d6a767d72f0 add ublksrv and blake3 Richard Westhaver <ellis@rwest.io> parents: 255 diff changeset	29	ensure mkdir -p "${_stash}/share/lisp/fasl"
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	30	ensure mkdir -p "${_stash}/tmp"
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	31	ensure mkdir -p "${_stash}/share/store/dist"
239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	32	ensure mkdir -p "${_stash}/bin"
256 9d6a767d72f0 add ublksrv and blake3 Richard Westhaver <ellis@rwest.io> parents: 255 diff changeset	33	ensure mkdir -p "${_stash}/lib"
9d6a767d72f0 add ublksrv and blake3 Richard Westhaver <ellis@rwest.io> parents: 255 diff changeset	34	ensure mkdir -p "${_stash}/include"
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	35
255 ad70dec68fa1 autogen updates and moved Containerfiles Richard Westhaver <ellis@rwest.io> parents: 254 diff changeset	36	cd "${_stash}"
260 c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	37	local _sbcl_pack="sbcl.tar.zst"
266 0e3229b8409f autogen src Richard Westhaver <ellis@rwest.io> parents: 265 diff changeset	38	# local _rocksdb_pack="rocksdb.tar.zst"
260 c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	39	local _core_pack="core.tar.zst"
293 39291a549477 speedup bootstrap with compressed infra.core Richard Westhaver <ellis@rwest.io> parents: 292 diff changeset	40	local _infra_core="infra.core"
272 a2313c7003d4 better vc bundles Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	41	# local _core_src_pack="core-source.tar.zst"
256 9d6a767d72f0 add ublksrv and blake3 Richard Westhaver <ellis@rwest.io> parents: 255 diff changeset	42	local _sbcl_url="${_url}/${_sbcl_pack}"
266 0e3229b8409f autogen src Richard Westhaver <ellis@rwest.io> parents: 265 diff changeset	43	# local _rocksdb_url="${_url}/${_rocksdb_pack}"
256 9d6a767d72f0 add ublksrv and blake3 Richard Westhaver <ellis@rwest.io> parents: 255 diff changeset	44	local _core_url="${_url}/${_core_pack}"
293 39291a549477 speedup bootstrap with compressed infra.core Richard Westhaver <ellis@rwest.io> parents: 292 diff changeset	45	local _infra_core_url="https://packy.compiler.company/dist/${_arch}/lisp/${_infra_core}"
272 a2313c7003d4 better vc bundles Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	46	# local _core_src_url="${_url}/${_core_src_pack}"
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	47	if [ ! -f "tmp/$_sbcl_pack" ]; then
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	48	ensure download "$_sbcl_url" "tmp/$_sbcl_pack" "$_arch"
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	49	unzstd "tmp/${_sbcl_pack}"
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	50	tar -C tmp -xf "tmp/sbcl.tar"
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	51	cd tmp/sbcl && INSTALL_ROOT=$(realpath ../..) sh install.sh && cd ../..
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	52	fi
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	53
272 a2313c7003d4 better vc bundles Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	54	# ensure download "$_core_src_url" "$_core_src_pack" "$_arch"
a2313c7003d4 better vc bundles Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	55	# unzstd "${_core_src_pack}"
a2313c7003d4 better vc bundles Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	56	# tar -xvf "core-source.tar"
a2313c7003d4 better vc bundles Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	57	# mv core src/
260 c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	58	# ensure download "$_rocksdb_url" "${_rocksdb_pack}" "$_arch"
c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	59	# unzstd "${_rocksdb_pack}"
c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	60	# tar -xvf "pack/rocksdb.tar"
c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	61	# cp -rf rocksdb/include/* include/
c5aa261cb836 bootstrap updates Richard Westhaver <ellis@rwest.io> parents: 258 diff changeset	62	# cp -rf rocksdb/*.so lib/
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	63
294 367bc1714864 emacs dist Richard Westhaver <ellis@rwest.io> parents: 293 diff changeset	64	if [ ! -f "bin/skel" ]; then
312 d0429338ca65 bootstrap fix Richard Westhaver <ellis@rwest.io> parents: 298 diff changeset	65	cd tmp
d0429338ca65 bootstrap fix Richard Westhaver <ellis@rwest.io> parents: 298 diff changeset	66	ensure download "$_core_url" "${_core_pack}" "$_arch"
d0429338ca65 bootstrap fix Richard Westhaver <ellis@rwest.io> parents: 298 diff changeset	67	unzstd "${_core_pack}"
d0429338ca65 bootstrap fix Richard Westhaver <ellis@rwest.io> parents: 298 diff changeset	68	tar -xf "core.tar"
d0429338ca65 bootstrap fix Richard Westhaver <ellis@rwest.io> parents: 298 diff changeset	69	cd ..
298 4b7478f58f15 edit tree-sitter-langs Richard Westhaver <ellis@rwest.io> parents: 295 diff changeset	70	cp -rf tmp/core/bin/* bin/
369 7c19637786a7 link core to skel in bootstrap Richard Westhaver <ellis@rwest.io> parents: 312 diff changeset	71	# unpacked core, link binaries
371 7dcabf3e0edc no link in bootstrap.sh Richard Westhaver <ellis@rwest.io> parents: 369 diff changeset	72	cd bin
7dcabf3e0edc no link in bootstrap.sh Richard Westhaver <ellis@rwest.io> parents: 369 diff changeset	73	# ln -sf core skel
7dcabf3e0edc no link in bootstrap.sh Richard Westhaver <ellis@rwest.io> parents: 369 diff changeset	74	# ln -sf core homer
7dcabf3e0edc no link in bootstrap.sh Richard Westhaver <ellis@rwest.io> parents: 369 diff changeset	75	cd ..
298 4b7478f58f15 edit tree-sitter-langs Richard Westhaver <ellis@rwest.io> parents: 295 diff changeset	76	cp -rf tmp/core/share/* share/
294 367bc1714864 emacs dist Richard Westhaver <ellis@rwest.io> parents: 293 diff changeset	77	fi
367bc1714864 emacs dist Richard Westhaver <ellis@rwest.io> parents: 293 diff changeset	78
292 8b0c06b812c1 update to infra.core Richard Westhaver <ellis@rwest.io> parents: 291 diff changeset	79	if [ ! -f "share/lisp/$_infra_core" ]; then
8b0c06b812c1 update to infra.core Richard Westhaver <ellis@rwest.io> parents: 291 diff changeset	80	ensure download "$_infra_core_url" "share/lisp/$_infra_core" "$_arch"
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	81	fi
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	82
292 8b0c06b812c1 update to infra.core Richard Westhaver <ellis@rwest.io> parents: 291 diff changeset	83	chmod +x bin/*
8b0c06b812c1 update to infra.core Richard Westhaver <ellis@rwest.io> parents: 291 diff changeset	84
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	85	say "bootstrap complete"
9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	86
264 8015880d9a0d sync Richard Westhaver <ellis@rwest.io> parents: 261 diff changeset	87	say "starting lisp..."
271 cd797f4eb846 rm infra.asd Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	88	cd .. && \
292 8b0c06b812c1 update to infra.core Richard Westhaver <ellis@rwest.io> parents: 291 diff changeset	89	.stash/bin/sbcl --core .stash/share/lisp/infra.core \
271 cd797f4eb846 rm infra.asd Richard Westhaver <ellis@rwest.io> parents: 266 diff changeset	90	--load autogen.lisp \
290 02f74f65976c add back t-rec script Richard Westhaver <ellis@rwest.io> parents: 286 diff changeset	91	--eval "(infra/autogen:autogen)" \
02f74f65976c add back t-rec script Richard Westhaver <ellis@rwest.io> parents: 286 diff changeset	92	--non-interactive \
02f74f65976c add back t-rec script Richard Westhaver <ellis@rwest.io> parents: 286 diff changeset	93	--no-userinit --no-sysinit
291 9c37db8ed167 bump Richard Westhaver <ellis@rwest.io> parents: 290 diff changeset	94
264 8015880d9a0d sync Richard Westhaver <ellis@rwest.io> parents: 261 diff changeset	95	say "OK"
239 7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	96	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	97
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	98	_read() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	99	grep ":$1" $INFRA_HOST_CONFIG \| cut -d' ' -f 2-
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	100	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	101
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	102	# Check if curl supports the --retry flag, then pass it to the curl invocation.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	103	check_curl_for_retry_support() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	104	local _retry_supported=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	105	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	106	if check_help_for "notspecified" "curl" "--retry"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	107	_retry_supported="--retry 3"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	108	if check_help_for "notspecified" "curl" "--continue-at"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	109	# "-C -" tells curl to automatically find where to resume the download when retrying.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	110	_retry_supported="--retry 3 -C -"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	111	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	112	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	113	RETVAL="$_retry_supported"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	114	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	115
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	116	# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	117	# if support by local tools is detected. Detection currently supports these curl backends:
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	118	# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	119	get_ciphersuites_for_curl() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	120	if [ -n "${TLS_CIPHERSUITES-}" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	121	# user specified custom cipher suites, assume they know what they're doing
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	122	RETVAL="$TLS_CIPHERSUITES"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	123	return
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	124	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	125	local _openssl_syntax="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	126	local _gnutls_syntax="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	127	local _backend_supported="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	128	if curl -V \| grep -q ' OpenSSL/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	129	_openssl_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	130	elif curl -V \| grep -iq ' LibreSSL/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	131	_openssl_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	132	elif curl -V \| grep -iq ' BoringSSL/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	133	_openssl_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	134	elif curl -V \| grep -iq ' GnuTLS/'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	135	_gnutls_syntax="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	136	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	137	_backend_supported="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	138	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	139	local _args_supported="no"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	140	if [ "$_backend_supported" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	141	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	142	if check_help_for "notspecified" "curl" "--tlsv1.2" "--ciphers" "--proto"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	143	_args_supported="yes"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	144	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	145	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	146	local _cs=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	147	if [ "$_args_supported" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	148	if [ "$_openssl_syntax" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	149	_cs=$(get_strong_ciphersuites_for "openssl")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	150	elif [ "$_gnutls_syntax" = "yes" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	151	_cs=$(get_strong_ciphersuites_for "gnutls")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	152	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	153	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	154	RETVAL="$_cs"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	155	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	156
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	157	# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	158	# if support by local tools is detected. Detection currently supports these wget backends:
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	159	# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	160	get_ciphersuites_for_wget() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	161	if [ -n "${TLS_CIPHERSUITES-}" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	162	# user specified custom cipher suites, assume they know what they're doing
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	163	RETVAL="$TLS_CIPHERSUITES"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	164	return
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	165	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	166	local _cs=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	167	if wget -V \| grep -q '\-DHAVE_LIBSSL'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	168	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	169	if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	170	_cs=$(get_strong_ciphersuites_for "openssl")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	171	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	172	elif wget -V \| grep -q '\-DHAVE_LIBGNUTLS'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	173	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	174	if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	175	_cs=$(get_strong_ciphersuites_for "gnutls")
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	176	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	177	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	178	RETVAL="$_cs"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	179	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	180
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	181	check_help_for() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	182	local _arch
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	183	local _cmd
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	184	local _arg
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	185	_arch="$1"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	186	shift
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	187	_cmd="$1"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	188	shift
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	189	local _category
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	190	if "$_cmd" --help \| grep -q 'For all options use the manual or "--help all".'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	191	_category="all"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	192	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	193	_category=""
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	194	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	195
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	196	case "$_arch" in
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	197	darwin)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	198	if check_cmd sw_vers; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	199	case $(sw_vers -productVersion) in
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	200	10.*)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	201	# If we're running on macOS, older than 10.13, then we always
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	202	# fail to find these options to force fallback
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	203	if [ "$(sw_vers -productVersion \| cut -d. -f2)" -lt 13 ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	204	# Older than 10.13
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	205	echo "Warning: Detected macOS platform older than 10.13"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	206	return 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	207	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	208	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	209	11.*)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	210	# We assume Big Sur will be OK for now
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	211	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	212	*)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	213	# Unknown product version, warn and continue
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	214	echo "Warning: Detected unknown macOS major version: $(sw_vers -productVersion)"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	215	echo "Warning TLS capabilities detection may fail"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	216	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	217	esac
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	218	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	219	;;
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	220	esac
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	221	for _arg in "$@"; do
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	222	if ! "$_cmd" --help "$_category" \| grep -q -- "$_arg"; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	223	return 1
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	224	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	225	done
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	226	true # not strictly needed
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	227	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	228
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	229	# Return strong TLS 1.2-1.3 cipher suites in OpenSSL or GnuTLS syntax. TLS 1.2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	230	# excludes non-ECDHE and non-AEAD cipher suites. DHE is excluded due to bad
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	231	# DH params often found on servers (see RFC 7919). Sequence matches or is
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	232	# similar to Firefox 68 ESR with weak cipher suites disabled via about:config.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	233	# $1 must be openssl or gnutls.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	234	get_strong_ciphersuites_for() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	235	if [ "$1" = "openssl" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	236	# OpenSSL is forgiving of unknown values, no problems with TLS 1.3 values on versions that don't support it yet.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	237	echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	238	elif [ "$1" = "gnutls" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	239	# GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	240	# Begin with SECURE128 (and higher) then remove/add to build cipher suites. Produces same 9 cipher suites as OpenSSL but in slightly different order.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	241	echo "SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	242	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	243	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	244
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	245	# This wraps curl or wget. Try curl first, if not installed,
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	246	# use wget instead.
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	247	download() {
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	248	local _dld
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	249	local _ciphersuites
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	250	local _err
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	251	local _status
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	252	local _retry
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	253	if check_cmd curl; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	254	_dld=curl
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	255	elif check_cmd wget; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	256	_dld=wget
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	257	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	258	_dld='curl or wget' # to be used in error message of need_cmd
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	259	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	260	if [ "$1" = --check ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	261	need_cmd "$_dld"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	262	elif [ "$_dld" = curl ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	263	check_curl_for_retry_support
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	264	_retry="$RETVAL"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	265	get_ciphersuites_for_curl
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	266	_ciphersuites="$RETVAL"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	267	if [ -n "$_ciphersuites" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	268	_err=$(curl $_retry --proto '=https' --tlsv1.2 --ciphers "$_ciphersuites" --silent --show-error --fail --location "$1" --output "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	269	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	270	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	271	echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	272	if ! check_help_for "$3" curl --proto --tlsv1.2; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	273	echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	274	_err=$(curl $_retry --silent --show-error --fail --location "$1" --output "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	275	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	276	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	277	_err=$(curl $_retry --proto '=https' --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	278	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	279	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	280	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	281	if [ -n "$_err" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	282	echo "$_err" >&2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	283	if echo "$_err" \| grep -q 404$; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	284	err "installer for platform '$3' not found, this may be unsupported"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	285	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	286	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	287	return $_status
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	288	elif [ "$_dld" = wget ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	289	if [ "$(wget -V 2>&1\|head -2\|tail -1\|cut -f1 -d" ")" = "BusyBox" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	290	echo "Warning: using the BusyBox version of wget. Not enforcing strong cipher suites for TLS or TLS v1.2, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	291	_err=$(wget "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	292	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	293	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	294	get_ciphersuites_for_wget
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	295	_ciphersuites="$RETVAL"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	296	if [ -n "$_ciphersuites" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	297	_err=$(wget --https-only --secure-protocol=TLSv1_2 --ciphers "$_ciphersuites" "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	298	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	299	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	300	echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	301	if ! check_help_for "$3" wget --https-only --secure-protocol; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	302	echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	303	_err=$(wget "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	304	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	305	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	306	_err=$(wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2" 2>&1)
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	307	_status=$?
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	308	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	309	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	310	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	311	if [ -n "$_err" ]; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	312	echo "$_err" >&2
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	313	if echo "$_err" \| grep -q ' 404 Not Found$'; then
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	314	err "installer for platform '$3' not found, this may be unsupported"
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	315	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	316	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	317	return $_status
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	318	else
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	319	err "Unknown downloader" # should not reach here
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	320	fi
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	321	}
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	322
7c6e3bbfe8cd bootstrap mv Richard Westhaver <ellis@rwest.io> parents: 213 diff changeset	323	main "$@" \|\| exit 1