Use busybox wget

- No need for real wget anymore, newer busybox wget works just fine with https urls
- Add needed libraries for resolving

Author: Sebastian L

src/etc/initramfs-tools/hooks/wget.sh

@@ -5,28 +5,12 @@ case $1 in
 esac
 . /usr/share/initramfs-tools/hook-functions
 
-copy_exec /usr/bin/wget /usr/bin/real_wget
-
-strace_and_copy_libs_for_url ()
-{
-  LIB_PAT="\".*/lib/.*\""
-  STRACED_LIBS=$(strace /usr/bin/wget --no-iri -q -O - "$1" 2>&1 | grep -o "$LIB_PAT")
-
-  echo "$STRACED_LIBS" | while IFS= read -r line
-    do
-    # Strip the quotation marks
-    line="${line%\"}"
-    line="${line#\"}"
-
-    if [ -f "$line" ]
-    then
-      copy_exec "$line"
-    fi
-  done
-}
-
-strace_and_copy_libs_for_url "https://www.debian.org"
-strace_and_copy_libs_for_url "https://raw.githubusercontent.com/stupidpupil/https-keyscript/master/tests/fixtures/encrypted_keyfile"
-strace_and_copy_libs_for_url "https://mozilla-modern.badssl.com"
+# To find out what library are needed do
+# strace busybox wget https://badssl.com 2>&1 | grep open
+for needed_lib in "libnss_dns.*" "libnss_files.so.*" "libresolv.so.*" "ld-linux-*.so.*" "libc.so.*"
+do
+	lib=$(find /lib/ -name "$needed_lib" -type f)
+	copy_exec "$lib"
+done
 
 copy_exec /etc/ssl/certs/ca-certificates.crt

src/lib/cryptsetup/scripts/wget_or_ask

@@ -34,14 +34,6 @@ if  [ -z "$url" ] || [ -z "$openssl_passphrase" ]; then
   use_https=0
 fi
 
-if [ -x /usr/bin/real_wget ]; then
-  wget_path="/usr/bin/real_wget"
-elif [ -x /usr/bin/wget ]; then
-  wget_path="/usr/bin/wget"
-else
-  wget_path="wget"
-fi
-
 #
 # Plymouth helper functions
 #
@@ -149,7 +141,7 @@ https_try_fetch ()
 
   message "Fetching remote keyfile for $CRYPTTAB_NAME..."
 
-  encrypted_keyfile=$($wget_path --secure-protocol=PFS -q -O - "$url")
+  encrypted_keyfile=$(wget -q -O - "$url")
 
   if [ $? -eq 0 ]; then
     decrypted_keyfile=$(echo "$encrypted_keyfile" | openssl enc -base64 -aes-256-cbc -md sha256 -d -salt -k "$openssl_passphrase")