instalador-firma-digital/06-install.sh

#!/bin/sh

config_deb_idpclientdb() {
mkdir -p /etc/Athena/
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?>
<IDProtect>
 <TokenLibs>
  <IDProtect>
   <Cards>
    <IDProtectXF>
     <ATR type='hexBinary'>3BDC00FF8091FE1FC38073C821106600000000000000</ATR>
     <ATRMask type='hexBinary'>FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000</ATRMask>
    </IDProtectXF>
   </Cards>
  </IDProtect>
  <ChipDoc>
   <Cards>
    <ChipDocEMV>
     <ATR type='hexBinary'>3BEA00008131FE450031C173C840000090007A</ATR>
     <ATRMask type='hexBinary'>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</ATRMask>
    </ChipDocEMV>
   </Cards>
  </ChipDoc>
 </TokenLibs>
</IDProtect>" | tee /etc/Athena/IDPClientDB.xml
}

config_deb_update_symlinks() {
echo "#!/bin/sh

FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so
FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so
THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so
NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so

if [ -e \"\$FIREFOX_LIB\" ]
then
    if ! [ -L \"\$FIREFOX_LIB\" ]
    then
        echo \"Firefox libnssckbi.so is not a symlink. Fixing...\"
        mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak
        ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\"
    fi
fi

if [ -e \"\$FIREFOX_ESR_LIB\" ]
then
    if ! [ -L \"\$FIREFOX_ESR_LIB\" ]
    then
        echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\"
        mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak
        ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\"
    fi
fi

if [ -e \"\$THUNDERBIRD_LIB\" ]
then
    if ! [ -L \"\$THUNDERBIRD_LIB\" ]
    then
        echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\"
        mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak
        ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\"
    fi
fi

if [ -e \"\$NSS_LIB\" ]
then
    if ! [ -L \"\$NSS_LIB\" ]
    then
        echo \"NSS libnssckbi.so is not a symlink. Fixing...\"
        mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak
        ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\"
    fi
fi" | tee /usr/local/sbin/update-p11-kit-symlinks
chmod +x /usr/local/sbin/update-p11-kit-symlinks
}

config_deb_systemd_p11_update() {
echo "[Unit]
Description=mantenimiento de enlaces a p11-kit-proxy

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/update-p11-kit-symlinks

[Install]
WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service
systemctl enable --now p11-kit-proxy-updater.service
}

install_certs() {
    # @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/
    MENU="$1"
    if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
        echo
    elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
        # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
        get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
        for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done
        for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
        for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done
        for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done
        update-ca-certificates --fresh
        '
        ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so
        get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
        cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
        mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/
        ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
        ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
        ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
        ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
        ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
        config_deb_idpclientdb
        config_deb_update_symlinks
        config_deb_systemd_p11_update
        mkdir -p /etc/pkcs11/modules/
        echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module
        '
    elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
        echo
    elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
        echo
    fi
}