tavo/instalador-firma-digital
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
instalador-firma-digital/03-install.sh
tavo-wasd f1548c5b06 debian & macosx
2024-05-05 19:21:58 -06:00

168 lines
5.9 KiB
Bash
Raw Blame History

#!/bin/sh
deb_install_certs() {
# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
SAVE_FILE="$1"
SAVE_DIR="${SAVE_FILE%/*}"
[ -z "$SAVE_DIR" ] && return 1
SUDO_PASSWORD="$(get_pass "$MENU" "$TITLE")"
[ -z "$SUDO_PASSWORD" ] && return 1
printf '\033[1mInstalando y habilitando dependencias...\033[0m\n' # DEBUG
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx > /dev/null
systemctl enable --now pcscd.socket
'
# Instalación de los certificados
(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
printf '\033[1mInstalando Certificados...\033[0m\n' # DEBUG
for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do
certname="${cert##*/}" ; printf '%s' "$SUDO_PASSWORD" | sudo -S cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
done
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
for file in /usr/local/share/ca-certificates/*.crt ; do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
find /usr/local/share/ca-certificates/ -type f -empty -delete
for i in /usr/local/share/ca-certificates/*.tmp ; do mv "$i" "${i%.tmp}" ; done
update-ca-certificates --fresh > /dev/null
'
# Instalación del módulo PKCS#11
printf '\033[1mInstalando Módulo PKCS#11...\033[0m\n' # DEBUG
PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient_*.deb")"
PACKAGE_DIR="${PACKAGE%/*}"
PACKAGE="${PACKAGE##*/}"
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/ ; mkdir -p /usr/lib/x86_64-linux-gnu/'
(cd "$PACKAGE_DIR" && ar p "$PACKAGE" data.tar.gz | tar zx ./usr/lib/x64-athena/libASEP11.so)
printf '%s' "$SUDO_PASSWORD" | sudo -S cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
ln -sf /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
'
printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
mkdir -p /etc/Athena/
echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
<IDProtect>
<TokenLibs>
<IDProtect>
<Cards>
<IDProtectXF>
<ATR type='hexBinary'>3BDC00FF8091FE1FC38073C821106600000000000000</ATR>
<ATRMask type='hexBinary'>FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000</ATRMask>
</IDProtectXF>
</Cards>
</IDProtect>
<ChipDoc>
<Cards>
<ChipDocEMV>
<ATR type='hexBinary'>3BEA00008131FE450031C173C840000090007A</ATR>
<ATRMask type='hexBinary'>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</ATRMask>
</ChipDocEMV>
</Cards>
</ChipDoc>
</TokenLibs>
</IDProtect>\" > /etc/Athena/IDPClientDB.xml
"
printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
mkdir -p /usr/share/p11-kit/modules
echo 'remote: |bwrap --unshare-all --dir /tmp --ro-bind /etc/Athena /etc/Athena --proc /proc --dev /dev --ro-bind /usr /usr --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd p11-kit remote /usr/lib/x86_64-linux-gnu/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
"
printf '\033[1mConfigurando p11-kit update symlinks...\033[0m\n' # DEBUG
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
mkdir -p /usr/local/sbin
echo \"#!/bin/sh
FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so
FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so
THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so
NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
if [ -e \"\$FIREFOX_LIB\" ]
then
if ! [ -L \"\$FIREFOX_LIB\" ]
then
echo \"Firefox libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\"
fi
fi
if [ -e \"\$FIREFOX_ESR_LIB\" ]
then
if ! [ -L \"\$FIREFOX_ESR_LIB\" ]
then
echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\"
fi
fi
if [ -e \"\$THUNDERBIRD_LIB\" ]
then
if ! [ -L \"\$THUNDERBIRD_LIB\" ]
then
echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\"
fi
fi
if [ -e \"\$NSS_LIB\" ]
then
if ! [ -L \"\$NSS_LIB\" ]
then
echo \"NSS libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\"
fi
fi\" > /usr/local/sbin/update-p11-kit-symlinks
chmod +x /usr/local/sbin/update-p11-kit-symlinks
"
printf '\033[1mConfigurando módulo mantenimiento systemd...\033[0m\n' # DEBUG
sudo sh -c "
mkdir -p /etc/systemd/system
echo \"[Unit]
Description=mantenimiento de enlaces a p11-kit-proxy
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/update-p11-kit-symlinks
[Install]
WantedBy=multi-user.target
\" > /etc/systemd/system/p11-kit-proxy-updater.service
systemctl enable --now p11-kit-proxy-updater.service
"
printf '\033[1mInstalando trust module pk11...\033[0m\n' # DEBUG
printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
mkdir -p /etc/pkcs11/modules/
echo 'disable-in:' > /etc/pkcs11/modules/p11-kit-trust.module
"
}
install_certs() {
SAVE_FILE="$1"
FILE="${SAVE_FILE##*/}"
if [ "$FILE" = "ClientesMAC_rev35.dmg" ] ; then
open "$SAVE_FILE"
elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
deb_install_certs "$SAVE_FILE" || return 1
elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
echo
fi
}
Reference in a new issue View git blame Copy permalink