From 6ca5257e908f0377c289bd7959f68c383512f34d Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Tue, 8 Dec 2020 13:28:14 +0100
Subject: [slx-ssl] new module for SSL sat support

---
 modules.d/slx-ssl/hooks/setup-ssl-sat.sh | 34 ++++++++++++++++++++++++++++++++
 modules.d/slx-ssl/module-setup.sh        | 13 ++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 modules.d/slx-ssl/hooks/setup-ssl-sat.sh
 create mode 100755 modules.d/slx-ssl/module-setup.sh

diff --git a/modules.d/slx-ssl/hooks/setup-ssl-sat.sh b/modules.d/slx-ssl/hooks/setup-ssl-sat.sh
new file mode 100644
index 00000000..33e8d506
--- /dev/null
+++ b/modules.d/slx-ssl/hooks/setup-ssl-sat.sh
@@ -0,0 +1,34 @@
+#!/bin/ash
+
+# $FUTURE_ROOT - root dir of final stage 4 (config.tgz extracted to here)
+# $CONFIG      - current path to /opt/openslx/config (changes to this end up in stage 4)
+
+# dracut compat
+FUTURE_ROOT="$NEWROOT"
+# the slx configuration file is already copied to the newroot in an early hook, so:
+CONFIG="${NEWROOT}/opt/openslx/config"
+# systemd context, so need to explicitely source the config for SLX_REMOTE_SSL
+. "$CONFIG"
+# end dracut compat
+
+# Set up SSL communication with server
+if [ -d "${FUTURE_ROOT}/opt/openslx/ssl" ] && ! rmdir "${FUTURE_ROOT}/opt/openslx/ssl"; then
+	# Copy certs and symlinks to CA path
+	cp -a "${FUTURE_ROOT}"/opt/openslx/ssl/* "${FUTURE_ROOT}/etc/ssl/certs/"
+	# Append to combined ca bundle
+	find "${FUTURE_ROOT}/opt/openslx/ssl" -type f -exec cat {} \; \
+		>> "${FUTURE_ROOT}/etc/ssl/certs/ca-certificates.crt"
+	# Move certs (without symlinks), so they will be re-included if we run update-ca-certificates later
+	mkdir -p "${FUTURE_ROOT}/usr/local/share/ca-certificates"
+	find "${FUTURE_ROOT}/opt/openslx/ssl" -type f \
+		-exec mv {} "${FUTURE_ROOT}/usr/local/share/ca-certificates/" \;
+	# Delete symlinks
+	find "${FUTURE_ROOT}/opt/openslx/ssl" -type l -delete
+	# Add entry to /etc/hosts for boot server (satellite server)
+	# Change all the URLs in config to use SSL
+	if [ -n "$SLX_REMOTE_SSL" ] && ! grep -qF 'satellite.bwlehrpool' "/etc/hosts"; then
+		echo "$SLX_REMOTE_SSL    satellite.bwlehrpool" >> "/etc/hosts"
+		sed -i "s,http://${SLX_REMOTE_SSL}/,https://satellite.bwlehrpool/," "${CONFIG}"
+	fi
+fi
+true
diff --git a/modules.d/slx-ssl/module-setup.sh b/modules.d/slx-ssl/module-setup.sh
new file mode 100755
index 00000000..1080c6ea
--- /dev/null
+++ b/modules.d/slx-ssl/module-setup.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+check() {
+	# Tell dracut that this module should only be included if it is required
+	# explicitly.
+	return 255
+}
+depends() {
+	echo dnbd3-rootfs
+}
+install() {
+	# config.tgz unpacking happens in pre-pivot/20
+	inst_hook pre-pivot 30 "$moddir/hooks/setup-ssl-sat.sh"
+}
-- 
cgit v1.2.3-55-g7522