From 8ee7f9c19ebbd39f58adc916ee11fe0b58ac80e6 Mon Sep 17 00:00:00 2001 From: tavo-wasd Date: Sat, 4 May 2024 01:43:10 -0600 Subject: [PATCH] track --- 05-depend.sh | 19 ------ 05-install.sh | 143 +++++++++++++++++++++++++++++++++++++++ 06-firmador-libre.sh | 19 ++++++ 06-install.sh | 125 ---------------------------------- 07-main.sh => 06-main.sh | 16 ++++- 5 files changed, 175 insertions(+), 147 deletions(-) delete mode 100644 05-depend.sh create mode 100644 05-install.sh create mode 100644 06-firmador-libre.sh delete mode 100644 06-install.sh rename 07-main.sh => 06-main.sh (91%) diff --git a/05-depend.sh b/05-depend.sh deleted file mode 100644 index 45fc0e3..0000000 --- a/05-depend.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -install_deps() { - # @@@ Support other distros - MENU="$1" - if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then - echo - elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then - # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/ - get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' - apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx - systemctl enable --now pcscd.socket - ' - elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then - echo - elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then - echo - fi -} diff --git a/05-install.sh b/05-install.sh new file mode 100644 index 0000000..fb4a00e --- /dev/null +++ b/05-install.sh @@ -0,0 +1,143 @@ +#!/bin/sh + +config_deb_install_certs() { +# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/ +SAVE_FILE="$1" +SAVE_DIR="${SAVE_FILE%/*}" +[ -z "$SAVE_DIR" ] && return 1 + +get_pass "$MENU" "$TITLE" | sudo -S sh -c ' +apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx +systemctl enable --now pcscd.socket +' + +# Instalación de los certificados +(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE") +printf '\033[1mInstalando Certificados...\033[0m\n' +for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do certname="${cert##*/}" ; sudo cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt" ; done +sudo sh -c ' +for file in /usr/local/share/ca-certificates/*.crt ; do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done +find /usr/local/share/ca-certificates/ -type f -empty -delete +for i in /usr/local/share/ca-certificates/*.tmp ; do mv "$i" "${i%.tmp}" ; done +update-ca-certificates --fresh +' + +# Instalación del módulo PKCS#11 +printf '\033[1mInstalando Módulo PKCS#11...\033[0m\n' +ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so +sudo cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/ +sudo sh -c ' +mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/ +ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/ +ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/ +ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/ +ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/ +ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS +' + +printf '\033[1mConfigurando IDPClientDB...\033[0m\n' +sudo sh -c " +mkdir -p /etc/Athena/ +echo \" + + + + + + 3BDC00FF8091FE1FC38073C821106600000000000000 + FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000 + + + + + + + 3BEA00008131FE450031C173C840000090007A + FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + + + + +\" | tee /etc/Athena/IDPClientDB.xml +" + +printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' +sudo sh -c " +mkdir -p /usr/share/p11-kit/modules +echo 'remote: |bwrap --unshare-all --dir /tmp --ro-bind /etc/Athena /etc/Athena --proc /proc --dev /dev --ro-bind /usr /usr --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd p11-kit remote /usr/lib/x86_64-linux-gnu/libASEP11.so' | tee /usr/share/p11-kit/modules/firma-digital.module +" + +printf '\033[1mConfigurando p11-kit update symlinks...\033[0m\n' +sudo sh -c " +mkdir -p /usr/local/sbin +echo \"#!/bin/sh + +FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so +FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so +THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so +NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so + +if [ -e \"\$FIREFOX_LIB\" ] +then + if ! [ -L \"\$FIREFOX_LIB\" ] + then + echo \"Firefox libnssckbi.so is not a symlink. Fixing...\" + mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak + ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\" + fi +fi + +if [ -e \"\$FIREFOX_ESR_LIB\" ] +then + if ! [ -L \"\$FIREFOX_ESR_LIB\" ] + then + echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\" + mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak + ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\" + fi +fi + +if [ -e \"\$THUNDERBIRD_LIB\" ] +then + if ! [ -L \"\$THUNDERBIRD_LIB\" ] + then + echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\" + mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak + ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\" + fi +fi + +if [ -e \"\$NSS_LIB\" ] +then + if ! [ -L \"\$NSS_LIB\" ] + then + echo \"NSS libnssckbi.so is not a symlink. Fixing...\" + mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak + ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\" + fi +fi\" | tee /usr/local/sbin/update-p11-kit-symlinks +chmod +x /usr/local/sbin/update-p11-kit-symlinks +" + +printf '\033[1mConfigurando módulo mantenimiento systemd...\033[0m\n' +sudo sh -c " +mkdir -p /etc/systemd/system +echo \"[Unit] +Description=mantenimiento de enlaces a p11-kit-proxy + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/update-p11-kit-symlinks + +[Install] +WantedBy=multi-user.target +\" | tee /etc/systemd/system/p11-kit-proxy-updater.service +systemctl enable --now p11-kit-proxy-updater.service +" + +printf '\033[1mInstalando trust module pk11...\033[0m\n' +sudo sh -c " +mkdir -p /etc/pkcs11/modules/ +echo 'disable-in:' | tee /etc/pkcs11/modules/p11-kit-trust.module +" +} diff --git a/06-firmador-libre.sh b/06-firmador-libre.sh new file mode 100644 index 0000000..7bf4bb7 --- /dev/null +++ b/06-firmador-libre.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +firmador_libre() { +FIRMADOR="https://firmador.libre.cr/firmador.jar" + +if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then + echo +elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then + DIR="$HOME/.local/share/firmador" +elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then + echo +elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then + echo +fi + +mkdir -p "$DIR" +(cd "$DIR" && curl -O "$FIRMADOR") +# DESKTOP +} diff --git a/06-install.sh b/06-install.sh deleted file mode 100644 index 4a464c8..0000000 --- a/06-install.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/sh - -config_deb_idpclientdb() { -mkdir -p /etc/Athena/ -echo " - - - - - - 3BDC00FF8091FE1FC38073C821106600000000000000 - FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000 - - - - - - - 3BEA00008131FE450031C173C840000090007A - FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - - - - -" | tee /etc/Athena/IDPClientDB.xml -} - -config_deb_update_symlinks() { -echo "#!/bin/sh - -FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so -FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so -THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so -NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so - -if [ -e \"\$FIREFOX_LIB\" ] -then - if ! [ -L \"\$FIREFOX_LIB\" ] - then - echo \"Firefox libnssckbi.so is not a symlink. Fixing...\" - mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak - ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\" - fi -fi - -if [ -e \"\$FIREFOX_ESR_LIB\" ] -then - if ! [ -L \"\$FIREFOX_ESR_LIB\" ] - then - echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\" - mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak - ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\" - fi -fi - -if [ -e \"\$THUNDERBIRD_LIB\" ] -then - if ! [ -L \"\$THUNDERBIRD_LIB\" ] - then - echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\" - mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak - ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\" - fi -fi - -if [ -e \"\$NSS_LIB\" ] -then - if ! [ -L \"\$NSS_LIB\" ] - then - echo \"NSS libnssckbi.so is not a symlink. Fixing...\" - mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak - ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\" - fi -fi" | tee /usr/local/sbin/update-p11-kit-symlinks -chmod +x /usr/local/sbin/update-p11-kit-symlinks -} - -config_deb_systemd_p11_update() { -echo "[Unit] -Description=mantenimiento de enlaces a p11-kit-proxy - -[Service] -Type=oneshot -ExecStart=/usr/local/sbin/update-p11-kit-symlinks - -[Install] -WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service -systemctl enable --now p11-kit-proxy-updater.service -} - -install_certs() { - # @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/ - MENU="$1" - if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then - echo - elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then - # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/ - get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' - for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done - for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done - for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done - for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done - update-ca-certificates --fresh - ' - ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so - get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' - cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/ - mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/ - ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/ - ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/ - ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/ - ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/ - ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS - config_deb_idpclientdb - config_deb_update_symlinks - config_deb_systemd_p11_update - mkdir -p /etc/pkcs11/modules/ - echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module - ' - elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then - echo - elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then - echo - fi -} diff --git a/07-main.sh b/06-main.sh similarity index 91% rename from 07-main.sh rename to 06-main.sh index 90d3079..1ababe1 100644 --- a/07-main.sh +++ b/06-main.sh @@ -34,7 +34,8 @@ if [ -e "/bin/zenity" ] ; then # Define where to save file if [ -d "/tmp" ] ; then - SAVE_DIR="/tmp" + SAVE_DIR="/tmp/soportefirmadigital" + mkdir -p "$SAVE_DIR" else zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info SAVE_DIR="$(zenity --file-selection --directory)" @@ -50,7 +51,7 @@ if [ -e "/bin/zenity" ] ; then DOWN="$(du "$SAVE_FILE" 2>/dev/null | awk '{print $1}')" ; [ -z "$DOWN" ] && DOWN=0 r=$(((DOWN*10000)/SIZE)) printf '%d\n' ${r%??} - done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress + done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --auto-close while true ; do ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')" @@ -61,7 +62,16 @@ if [ -e "/bin/zenity" ] ; then ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')" [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1 - #install_certs "$MENU" + if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then + echo + elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then + config_deb_install_certs "$SAVE_FILE" + elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then + echo + elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then + echo + fi + else echo # Welcome