Provide more full fixup of openssl invocation in wget

For IPv4 and IPv6, strip the ':443' for arguments where it doesn't make sense. For IPv6, strip out [, ], and '%' from those arguments.
2025-11-02 04:12:33 +00:00 · 2025-03-19 12:41:50 -04:00
parent e25b3acd98
commit ef68259745
2 changed files with 31 additions and 9 deletions
--- a/confluent_osdeploy/ubuntu20.04/initramfs/scripts/init-premount/confluent
+++ b/confluent_osdeploy/ubuntu20.04/initramfs/scripts/init-premount/confluent
@@ -1,4 +1,5 @@
 cd /sys/class/net
+cp /tls/* /etc/ssl/certs/
 for nic in *; do
    ip link set $nic up
 done
@@ -89,12 +90,22 @@ fi
 echo "Preparing to deploy $osprofile from $MGR"
 echo $osprofile > /custom-installation/confluent/osprofile
 mv /usr/bin/openssl /usr/bin/ossl
-echo '#!/bin/sh' > /usr/bin/openssl
-echo 'args=$*' >> /usr/bin/openssl
-echo 'args=$(echo $args|sed -e "s/-verify_hostname.*//")' >> /usr/bin/openssl
-echo 'exec /usr/bin/ossl $args' >> /usr/bin/openssl
+cat > /usr/bin/openssl << 'EOF'
+#!/bin/sh
+AMENDARGS=0
+nargs=""
+for arg in $*; do
+    if [ "$arg" == "-servername" ]; then
+        AMENDARGS=1
+    fi
+    if [ "$AMENDARGS" == "1" ]; then
+        arg=$(echo $arg|sed -e 's/:443$//' -e 's/\[//' -e 's/\]//' -e 's/%.*//')
+    fi
+    nargs="$nargs $arg"
+done
+exec /usr/bin/ossl $nargs
+EOF
 chmod +x /usr/bin/openssl
-cp /tls/* /etc/ssl/certs/
 echo URL=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso >> /conf/param.conf
 fcmdline="$(cat /custom-installation/confluent/cmdline.orig) url=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso"
 if [ ! -z "$cons" ]; then
--- a/confluent_osdeploy/ubuntu22.04/initramfs/scripts/init-premount/confluent
+++ b/confluent_osdeploy/ubuntu22.04/initramfs/scripts/init-premount/confluent
@@ -93,10 +93,21 @@ echo $osprofile > /custom-installation/confluent/osprofile
 DIRECTISO=$(blkid -t TYPE=iso9660 |grep -Ei ' LABEL="Ubuntu-Server '$VERSION_ID)
 if [ -z "$DIRECTISO" ]; then
    mv /usr/bin/openssl /usr/bin/ossl
-    echo '#!/bin/sh' > /usr/bin/openssl
-    echo 'args=$*' >> /usr/bin/openssl
-    echo 'args=$(echo $args|sed -e "s/-verify_hostname.*//")' >> /usr/bin/openssl
-    echo 'exec /usr/bin/ossl $args' >> /usr/bin/openssl
+    cat > /usr/bin/openssl << 'EOF'
+#!/bin/sh
+AMENDARGS=0
+nargs=""
+for arg in $*; do
+    if [ "$arg" == "-servername" ]; then
+        AMENDARGS=1
+    fi
+    if [ "$AMENDARGS" == "1" ]; then
+        arg=$(echo $arg|sed -e 's/:443$//' -e 's/\[//' -e 's/\]//' -e 's/%.*//')
+    fi
+    nargs="$nargs $arg"
+done
+exec /usr/bin/ossl $nargs
+EOF
    chmod +x /usr/bin/openssl
    echo URL=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso >> /conf/param.conf
    fcmdline="$(cat /custom-installation/confluent/cmdline.orig) url=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso"