diff --git a/src/DEBIAN/control b/src/DEBIAN/control index d64cb60..5a25a9e 100644 --- a/src/DEBIAN/control +++ b/src/DEBIAN/control @@ -6,6 +6,6 @@ Homepage: https://github.com/stupidpupil/https-keyscript Architecture: all Priority: optional Section: admin -Depends: cryptsetup (>= 2), wget (>= 1.15) +Depends: cryptsetup (>= 2), busybox (>= 1.30) Recommends: keyutils (>= 1.5) Installed-Size: 5 diff --git a/src/etc/initramfs-tools/hooks/wget.sh b/src/etc/initramfs-tools/hooks/wget.sh index 556da06..6e6edf2 100755 --- a/src/etc/initramfs-tools/hooks/wget.sh +++ b/src/etc/initramfs-tools/hooks/wget.sh @@ -5,28 +5,15 @@ case $1 in esac . /usr/share/initramfs-tools/hook-functions -copy_exec /usr/bin/wget /usr/bin/real_wget - -strace_and_copy_libs_for_url () -{ - LIB_PAT="\".*/lib/.*\"" - STRACED_LIBS=$(strace /usr/bin/wget --no-iri -q -O - "$1" 2>&1 | grep -o "$LIB_PAT") - - echo "$STRACED_LIBS" | while IFS= read -r line - do - # Strip the quotation marks - line="${line%\"}" - line="${line#\"}" - - if [ -f "$line" ] - then - copy_exec "$line" - fi - done -} - -strace_and_copy_libs_for_url "https://www.debian.org" -strace_and_copy_libs_for_url "https://raw.githubusercontent.com/stupidpupil/https-keyscript/master/tests/fixtures/encrypted_keyfile" -strace_and_copy_libs_for_url "https://mozilla-modern.badssl.com" +# To find out what library are needed do +# strace busybox wget https://badssl.com 2>&1 | grep open +for needed_lib in "libnss_dns*.so*" "libnss_files*.so*" "libresolv*.so*" "ld-linux*.so*" "libc-*.so" "libc.so.*" +do + lib=$(find /lib/ -name "$needed_lib" -type f) + if [ ! -z $lib ] + then + copy_exec "$lib" + fi +done copy_exec /etc/ssl/certs/ca-certificates.crt diff --git a/src/lib/cryptsetup/scripts/wget_or_ask b/src/lib/cryptsetup/scripts/wget_or_ask index 186a422..40398d7 100755 --- a/src/lib/cryptsetup/scripts/wget_or_ask +++ b/src/lib/cryptsetup/scripts/wget_or_ask @@ -34,14 +34,6 @@ if [ -z "$url" ] || [ -z "$openssl_passphrase" ]; then use_https=0 fi -if [ -x /usr/bin/real_wget ]; then - wget_path="/usr/bin/real_wget" -elif [ -x /usr/bin/wget ]; then - wget_path="/usr/bin/wget" -else - wget_path="wget" -fi - # # Plymouth helper functions # @@ -149,7 +141,7 @@ https_try_fetch () message "Fetching remote keyfile for $CRYPTTAB_NAME..." - encrypted_keyfile=$($wget_path --secure-protocol=PFS -q -O - "$url") + encrypted_keyfile=$(wget -q -O - "$url") if [ $? -eq 0 ]; then decrypted_keyfile=$(echo "$encrypted_keyfile" | openssl enc -base64 -aes-256-cbc -md sha256 -d -salt -k "$openssl_passphrase")