diff options
| author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2020-06-05 08:12:12 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-05 08:12:12 -0400 |
| commit | 7707f9aa3afaacfab6612a66f9e643be91f7f00f (patch) | |
| tree | 944a5dadb561a6ddd194bf5536fd3f12085bbbad /packaging/makeself/install-or-update.sh | |
| parent | 5776deefc2ab4a9c0c47c9ccb78d75d50187f3ab (diff) | |
Fixed handling of OpenSSL on CentOS/RHEL by bundling a static copy and selecting a configuration directory at install time. (#9263)
* Bundle static OpenSSL in our static builds.
This adds code to bundle a static locally built copy of OpenSSL into our
static builds instead of using the Alpine provided copy. It fixes two
cases where our usage of OpenSSL currently fails:
* On CentOS, RHEL, OEL, Amazon Linux, and their derivatives, the OpenSSL
configuration directory is `/etc/pki/tls` instead of the normal
`/etc/ssl`. Any usage of TLS in our static builds currently fails
there because it can't find that directory.
* TLS usage fails similarly on systems that do not have OpenSSL at all
for the same reason.
To fix this, the newly bundled copy of OpenSSL is built to use
`/opt/netdata/etc/ssl` as it's configuration directory. This directory
is a symlink created at install time pointing to one of the following
locations (in order of precedence):
* `/etc/pki/tls` (for CentOS, RHEL, OEL, AL, and similar).
* `/etc/ssl` (for sane distros that just use the default path).
* `/opt/netdata/share/ssl` (for systems that don't have OpenSSL, this
contains a copy of the config and certificates from the build
environment).
* Ensure other components are built with local OpenSSL.
* Clone directly from the desired tag.
Diffstat (limited to 'packaging/makeself/install-or-update.sh')
| -rwxr-xr-x | packaging/makeself/install-or-update.sh | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh index fd64015c3b..5dc1754775 100755 --- a/packaging/makeself/install-or-update.sh +++ b/packaging/makeself/install-or-update.sh @@ -248,6 +248,24 @@ fi # ----------------------------------------------------------------------------- +echo "Configure TLS certificate paths" +if [ ! -L /opt/netdata/etc/ssl ] && [ -d /opt/netdata/etc/ssl ] ; then + echo "Preserving existing user configuration for TLS" +else + if [ -d /etc/pki/tls ] ; then + echo "Using /etc/pki/tls for TLS configuration and certificates" + ln -sf /etc/pki/tls /opt/netdata/etc/ssl + elif [ -d /etc/ssl ] ; then + echo "Using /etc/ssl for TLS configuration and certificates" + ln -sf /etc/ssl /opt/netdata/etc/ssl + else + echo "Using bundled TLS configuration and certificates" + ln -sf /opt/netdata/share/ssl /opt/netdata/etc/ssl + fi +fi + +# ----------------------------------------------------------------------------- + echo "Save install options" grep -qv 'IS_NETDATA_STATIC_BINARY="yes"' "${NETDATA_PREFIX}/etc/netdata/.environment" || echo IS_NETDATA_STATIC_BINARY=\"yes\" >> "${NETDATA_PREFIX}/etc/netdata/.environment" sed -i "s/REINSTALL_OPTIONS=\".*\"/REINSTALL_OPTIONS=\"${REINSTALL_OPTIONS}\"/" "${NETDATA_PREFIX}/etc/netdata/.environment" |