From ef68259745a2425dbb5adee36c8eece9de491e84 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Wed, 19 Mar 2025 12:41:50 -0400 Subject: [PATCH] Provide more full fixup of openssl invocation in wget For IPv4 and IPv6, strip the ':443' for arguments where it doesn't make sense. For IPv6, strip out [, ], and '%' from those arguments. --- .../initramfs/scripts/init-premount/confluent | 21 ++++++++++++++----- .../initramfs/scripts/init-premount/confluent | 19 +++++++++++++---- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/confluent_osdeploy/ubuntu20.04/initramfs/scripts/init-premount/confluent b/confluent_osdeploy/ubuntu20.04/initramfs/scripts/init-premount/confluent index ff3ac42b..297e5c3f 100755 --- a/confluent_osdeploy/ubuntu20.04/initramfs/scripts/init-premount/confluent +++ b/confluent_osdeploy/ubuntu20.04/initramfs/scripts/init-premount/confluent @@ -1,4 +1,5 @@ cd /sys/class/net +cp /tls/* /etc/ssl/certs/ for nic in *; do ip link set $nic up done @@ -89,12 +90,22 @@ fi echo "Preparing to deploy $osprofile from $MGR" echo $osprofile > /custom-installation/confluent/osprofile mv /usr/bin/openssl /usr/bin/ossl -echo '#!/bin/sh' > /usr/bin/openssl -echo 'args=$*' >> /usr/bin/openssl -echo 'args=$(echo $args|sed -e "s/-verify_hostname.*//")' >> /usr/bin/openssl -echo 'exec /usr/bin/ossl $args' >> /usr/bin/openssl +cat > /usr/bin/openssl << 'EOF' +#!/bin/sh +AMENDARGS=0 +nargs="" +for arg in $*; do + if [ "$arg" == "-servername" ]; then + AMENDARGS=1 + fi + if [ "$AMENDARGS" == "1" ]; then + arg=$(echo $arg|sed -e 's/:443$//' -e 's/\[//' -e 's/\]//' -e 's/%.*//') + fi + nargs="$nargs $arg" +done +exec /usr/bin/ossl $nargs +EOF chmod +x /usr/bin/openssl -cp /tls/* /etc/ssl/certs/ echo URL=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso >> /conf/param.conf fcmdline="$(cat /custom-installation/confluent/cmdline.orig) url=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso" if [ ! -z "$cons" ]; then diff --git a/confluent_osdeploy/ubuntu22.04/initramfs/scripts/init-premount/confluent b/confluent_osdeploy/ubuntu22.04/initramfs/scripts/init-premount/confluent index 1e0de226..302b6657 100755 --- a/confluent_osdeploy/ubuntu22.04/initramfs/scripts/init-premount/confluent +++ b/confluent_osdeploy/ubuntu22.04/initramfs/scripts/init-premount/confluent @@ -93,10 +93,21 @@ echo $osprofile > /custom-installation/confluent/osprofile DIRECTISO=$(blkid -t TYPE=iso9660 |grep -Ei ' LABEL="Ubuntu-Server '$VERSION_ID) if [ -z "$DIRECTISO" ]; then mv /usr/bin/openssl /usr/bin/ossl - echo '#!/bin/sh' > /usr/bin/openssl - echo 'args=$*' >> /usr/bin/openssl - echo 'args=$(echo $args|sed -e "s/-verify_hostname.*//")' >> /usr/bin/openssl - echo 'exec /usr/bin/ossl $args' >> /usr/bin/openssl + cat > /usr/bin/openssl << 'EOF' +#!/bin/sh +AMENDARGS=0 +nargs="" +for arg in $*; do + if [ "$arg" == "-servername" ]; then + AMENDARGS=1 + fi + if [ "$AMENDARGS" == "1" ]; then + arg=$(echo $arg|sed -e 's/:443$//' -e 's/\[//' -e 's/\]//' -e 's/%.*//') + fi + nargs="$nargs $arg" +done +exec /usr/bin/ossl $nargs +EOF chmod +x /usr/bin/openssl echo URL=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso >> /conf/param.conf fcmdline="$(cat /custom-installation/confluent/cmdline.orig) url=https://${MGR}:443/confluent-public/os/$osprofile/distribution/install.iso"