Add a https transfer method (sharing all host details with the http

transfer). Make this method the default for all downloads. Try to make sure the binary pkg installation (which runs in a chroot in the already installed system) can make use of SSL verification. This does NOT fix the missing SSL verification in most install media even if using https (due to not fully populated /etc/openssl/certs).
2023-12-17 18:46:42 +00:00 · 2023-12-17 18:46:42 +00:00 · 0578ab99d9
parent 10e8a7f20c
commit 0578ab99d9
6 changed files with 57 additions and 29 deletions
--- a/usr.sbin/sysinst/configmenu.c
+++ b/usr.sbin/sysinst/configmenu.c
@ -1,4 +1,4 @@
-/* $NetBSD: configmenu.c,v 1.17 2022/05/18 16:39:03 martin Exp $ */
+/* $NetBSD: configmenu.c,v 1.18 2023/12/17 18:46:42 martin Exp $ */

 /*-
 * Copyright (c) 2012 The NetBSD Foundation, Inc.
@ -324,6 +324,9 @@ set_binpkg(struct menudesc *menu, void *arg)
 	int allok = 0;
 	arg_rv parm;

+	if (config_network(0))
+		mnt_net_config();
+
 	do {
 		parm.rv = -1;
 		parm.arg = additional_pkgs;
@ -333,7 +336,16 @@ set_binpkg(struct menudesc *menu, void *arg)
 			return 0;
 		}

-		make_url(pkgpath, &pkg, pkg_dir);
+		/*
+		 * Make sure we have the TLS certs in a usable state
+		 * (if target is a new installation)
+		 */
+		if (pkg.xfer == XFER_HTTPS) {
+			run_program(RUN_CHROOT | RUN_SILENT,
+			    "/bin/sh /etc/rc.d/certctl_init onestart");
+			make_url(pkgpath, &pkg, pkg_dir);
+		}
+
 		if (run_program(RUN_DISPLAY | RUN_PROGRESS | RUN_CHROOT,
 			"pkg_add %s/pkgin", pkgpath) == 0) {
 			allok = 1;
--- a/usr.sbin/sysinst/defs.h
+++ b/usr.sbin/sysinst/defs.h
@ -1,4 +1,4 @@
-/*	$NetBSD: defs.h,v 1.89 2023/03/14 09:54:40 kre Exp $	*/
+/*	$NetBSD: defs.h,v 1.90 2023/12/17 18:46:42 martin Exp $	*/

 /*
 * Copyright 1997 Piermont Information Systems Inc.
@ -599,10 +599,13 @@ extern const char *ushell;

 #define	XFER_FTP	0
 #define	XFER_HTTP	1
-#define	XFER_MAX	XFER_HTTP
+#define	XFER_HTTPS	2
+#define	XFER_MAX	XFER_HTTPS
+#define	XFER_HOST_MAX	XFER_HTTP	/* http and https share a server name */
+#define	XFER_HOST(XFER)	((XFER) == XFER_FTP ? 0 : 1)

 struct ftpinfo {
-	char xfer_host[XFER_MAX+1][STRSIZE];
+	char xfer_host[XFER_HOST_MAX+1][STRSIZE];
 	char dir[STRSIZE] ;
 	char user[SSTRSIZE];
 	char pass[STRSIZE];
--- a/usr.sbin/sysinst/main.c
+++ b/usr.sbin/sysinst/main.c
@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.31 2023/06/09 18:44:16 martin Exp $	*/
+/*	$NetBSD: main.c,v 1.32 2023/12/17 18:46:42 martin Exp $	*/

 /*
 * Copyright 1997 Piermont Information Systems Inc.
@ -132,8 +132,8 @@ static const struct f_arg fflagopts[] = {
 	{"xfer dir", "/usr/INSTALL", xfer_dir, sizeof xfer_dir},
 	{"ext dir", "", ext_dir_bin, sizeof ext_dir_bin},
 	{"ext src dir", "", ext_dir_src, sizeof ext_dir_src},
-	{"ftp host", SYSINST_FTP_HOST, ftp.xfer_host[XFER_FTP], sizeof ftp.xfer_host[XFER_FTP]},
-	{"http host", SYSINST_HTTP_HOST, ftp.xfer_host[XFER_HTTP], sizeof ftp.xfer_host[XFER_HTTP]},
+	{"ftp host", SYSINST_FTP_HOST, ftp.xfer_host[XFER_HOST(XFER_FTP)], sizeof ftp.xfer_host[XFER_HOST(XFER_FTP)]},
+	{"http host", SYSINST_HTTP_HOST, ftp.xfer_host[XFER_HOST(XFER_HTTP)], sizeof ftp.xfer_host[XFER_HOST(XFER_HTTP)]},
 	{"ftp dir", SYSINST_FTP_DIR, ftp.dir, sizeof ftp.dir},
 	{"ftp prefix", "/" ARCH_SUBDIR "/binary/sets", set_dir_bin, sizeof set_dir_bin},
 	{"ftp src prefix", "/source/sets", set_dir_src, sizeof set_dir_src},
@ -150,15 +150,15 @@ static const struct f_arg fflagopts[] = {
 	{"targetroot mount", "/targetroot", targetroot_mnt, sizeof targetroot_mnt},
 	{"dist postfix", "." SETS_TAR_SUFF, dist_postfix, sizeof dist_postfix},
 	{"dist tgz postfix", ".tgz", dist_tgz_postfix, sizeof dist_tgz_postfix},
-	{"pkg host", SYSINST_PKG_HOST, pkg.xfer_host[XFER_FTP], sizeof pkg.xfer_host[XFER_FTP]},
-	{"pkg http host", SYSINST_PKG_HTTP_HOST, pkg.xfer_host[XFER_HTTP], sizeof pkg.xfer_host[XFER_HTTP]},
+	{"pkg host", SYSINST_PKG_HOST, pkg.xfer_host[XFER_HOST(XFER_FTP)], sizeof pkg.xfer_host[XFER_HOST(XFER_FTP)]},
+	{"pkg http host", SYSINST_PKG_HTTP_HOST, pkg.xfer_host[XFER_HOST(XFER_HTTP)], sizeof pkg.xfer_host[XFER_HOST(XFER_HTTP)]},
 	{"pkg dir", SYSINST_PKG_DIR, pkg.dir, sizeof pkg.dir},
 	{"pkg prefix", "/" PKG_ARCH_SUBDIR "/" PKG_SUBDIR "/All", pkg_dir, sizeof pkg_dir},
 	{"pkg user", "ftp", pkg.user, sizeof pkg.user},
 	{"pkg pass", "", pkg.pass, sizeof pkg.pass},
 	{"pkg proxy", "", pkg.proxy, sizeof pkg.proxy},
-	{"pkgsrc host", SYSINST_PKGSRC_HOST, pkgsrc.xfer_host[XFER_FTP], sizeof pkgsrc.xfer_host[XFER_FTP]},
-	{"pkgsrc http host", SYSINST_PKGSRC_HTTP_HOST, pkgsrc.xfer_host[XFER_HTTP], sizeof pkgsrc.xfer_host[XFER_HTTP]},
+	{"pkgsrc host", SYSINST_PKGSRC_HOST, pkgsrc.xfer_host[XFER_HOST(XFER_FTP)], sizeof pkgsrc.xfer_host[XFER_HOST(XFER_FTP)]},
+	{"pkgsrc http host", SYSINST_PKGSRC_HTTP_HOST, pkgsrc.xfer_host[XFER_HOST(XFER_HTTP)], sizeof pkgsrc.xfer_host[XFER_HOST(XFER_HTTP)]},
 	{"pkgsrc dir", "", pkgsrc.dir, sizeof pkgsrc.dir},
 	{"pkgsrc prefix", "pub/pkgsrc/stable", pkgsrc_dir, sizeof pkgsrc_dir},
 	{"pkgsrc user", "ftp", pkgsrc.user, sizeof pkgsrc.user},
@ -191,7 +191,7 @@ init(void)
 		else
 			strlcpy(arg->var, arg->dflt, arg->size);
 	}
-	pkg.xfer = pkgsrc.xfer = XFER_HTTP;
+	ftp.xfer = pkg.xfer = pkgsrc.xfer = XFER_HTTPS;

 	clr_arg.bg=COLOR_BLUE;
 	clr_arg.fg=COLOR_WHITE;
--- a/usr.sbin/sysinst/menus.entropy
+++ b/usr.sbin/sysinst/menus.entropy
@ -1,4 +1,4 @@
-/*	$NetBSD: menus.entropy,v 1.2 2021/10/08 15:59:55 martin Exp $	*/
+/*	$NetBSD: menus.entropy,v 1.3 2023/12/17 18:46:42 martin Exp $	*/

 /*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -75,10 +75,12 @@ menu entropy_ftpsource, y=-4, x=0, w=70, no box, no clear,
 	exitstring MSG_download_entropy;
 	option {src_legend(menu, MSG_Host,
 			((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer_host[
-			((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer]);},
+			XFER_HOST(((struct ftpinfo*)
+			((arg_rv*)arg)->arg)->xfer)]);},
 		action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
-			src_prompt(MSG_Host, fpi->xfer_host[fpi->xfer],
-			sizeof fpi->xfer_host[fpi->xfer]); };
+			src_prompt(MSG_Host,
+			fpi->xfer_host[XFER_HOST(fpi->xfer)],
+			sizeof fpi->xfer_host[XFER_HOST(fpi->xfer)]); };
 	option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);},
 		action { src_prompt(MSG_entropy_path_and_file,
 			entropy_file, sizeof entropy_file); };
--- a/usr.sbin/sysinst/menus.mi
+++ b/usr.sbin/sysinst/menus.mi
@ -1,4 +1,4 @@
-/*	$NetBSD: menus.mi,v 1.28 2023/02/12 20:14:32 abs Exp $	*/
+/*	$NetBSD: menus.mi,v 1.29 2023/12/17 18:46:42 martin Exp $	*/

 /*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -366,8 +366,12 @@ menu ftpsource, y=-4, x=0, w=70, no box, no clear,
 		msg_display_subst(MSG_ftpsource, 2, "." SETS_TAR_SUFF,
 		    url_proto((uintptr_t)((arg_rv*)arg)->arg));
 	    };
-	option {src_legend(menu, MSG_Host, ftp.xfer_host[(uintptr_t)((arg_rv*)arg)->arg]);},
-		action { src_prompt(MSG_Host, ftp.xfer_host[(uintptr_t)((arg_rv*)arg)->arg], sizeof ftp.xfer_host[(uintptr_t)((arg_rv*)arg)->arg]); };
+	option {src_legend(menu, MSG_Host, ftp.xfer_host[
+		XFER_HOST((uintptr_t)((arg_rv*)arg)->arg)]);},
+		action { src_prompt(MSG_Host, ftp.xfer_host[
+		XFER_HOST((uintptr_t)((arg_rv*)arg)->arg)],
+		sizeof ftp.xfer_host[XFER_HOST(
+		(uintptr_t)((arg_rv*)arg)->arg)]); };
 	option {src_legend(menu, MSG_Base_dir, ftp.dir);},
 		action { src_prompt(MSG_Base_dir, ftp.dir, sizeof ftp.dir); };
 	option {src_legend(menu, MSG_Set_dir_bin, set_dir_bin);},
@ -566,8 +570,11 @@ menu zeroconf, title "Zeroconf", no clear;
 menu binpkg, y=-4, x=0, w=70, no box, no clear,
 	    exitstring MSG_Install_pkgin;
 	display action { msg_display(MSG_pkgpath); };
-	option {src_legend(menu, MSG_Host, pkg.xfer_host[pkg.xfer]);},
-		action { src_prompt(MSG_Host, pkg.xfer_host[pkg.xfer], sizeof pkg.xfer_host[pkg.xfer]); };
+	option {src_legend(menu, MSG_Host,
+		pkg.xfer_host[XFER_HOST(pkg.xfer)]);},
+		action { src_prompt(MSG_Host,
+		pkg.xfer_host[XFER_HOST(pkg.xfer)],
+		sizeof pkg.xfer_host[XFER_HOST(pkg.xfer)]); };
 	option {src_legend(menu, MSG_Base_dir, pkg.dir);},
 		action { src_prompt(MSG_Base_dir, pkg.dir, sizeof pkg.dir); };
 	option {src_legend(menu, MSG_Pkg_dir, pkg_dir);},
@ -613,9 +620,11 @@ menu binpkg, y=-4, x=0, w=70, no box, no clear,
 menu pkgsrc, y=-4, x=0, w=70, no box, no clear,
 	    exit, exitstring MSG_Install_pkgsrc;
 	display action { msg_display(MSG_pkgsrc); };
-	option {src_legend(menu, MSG_Host, pkgsrc.xfer_host[pkgsrc.xfer]);},
-		action { src_prompt(MSG_Host, pkgsrc.xfer_host[pkgsrc.xfer],
-			sizeof pkgsrc.xfer_host[pkgsrc.xfer]); };
+	option {src_legend(menu, MSG_Host, pkgsrc.xfer_host[
+		XFER_HOST(pkgsrc.xfer)]);},
+		action { src_prompt(MSG_Host,
+			pkgsrc.xfer_host[XFER_HOST(pkgsrc.xfer)],
+			sizeof pkgsrc.xfer_host[XFER_HOST(pkgsrc.xfer)]); };
 	option {src_legend(menu, MSG_Pkgsrc_dir, pkgsrc_dir);},
 		action { src_prompt(MSG_Pkgsrc_dir, pkgsrc_dir, sizeof pkgsrc_dir); };
 	option {src_legend(menu, MSG_User, pkgsrc.user);},
--- a/usr.sbin/sysinst/net.c
+++ b/usr.sbin/sysinst/net.c
@ -1,4 +1,4 @@
-/*	$NetBSD: net.c,v 1.44 2023/01/03 16:16:15 martin Exp $	*/
+/*	$NetBSD: net.c,v 1.45 2023/12/17 18:46:42 martin Exp $	*/

 /*
 * Copyright 1997 Piermont Information Systems Inc.
@ -905,8 +905,9 @@ const char *
 url_proto(unsigned int xfer)
 {
 	switch (xfer) {
-	case XFER_FTP:	return "ftp";
-	case XFER_HTTP:	return "http";
+	case XFER_FTP:		return "ftp";
+	case XFER_HTTP:		return "http";
+	case XFER_HTTPS:	return "https";
 	}

 	return "";
@ -956,7 +957,8 @@ make_url(char *urlbuffer, struct ftpinfo *f, const char *dir)
 			RFC1738_SAFE_LESS_SHELL_PLUS_SLASH, 0);

 	snprintf(urlbuffer, STRSIZE, "%s://%s%s/%s", url_proto(f->xfer),
-	    ftp_user_encoded, f->xfer_host[f->xfer], ftp_dir_encoded);
+	    ftp_user_encoded, f->xfer_host[XFER_HOST(f->xfer)],
+	    ftp_dir_encoded);
 }