Skip to content

Add HTTPS support if cPanel Server doesn't support #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sysrenan wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add HTTPS support if cPanel Server doesn't support #51

sysrenan wants to merge 2 commits into from

Conversation

@sysrenan
Copy link

@sysrenan sysrenan commented Nov 4, 2014

This will check if the server is running cPanel, then it will check if WGET has HTTPS support, if it doesn't it will remove the current WGET RPM and install it from YUM.

@sysrenan
Add HTTPS support if cPanel Server doesn't support
cc7156a 
This will check if the server is running cPanel, then it will check if WGET has HTTPS support, if it doesn't it will remove the current WGET RPM and install it from YUM.
@sysrenan
Update fixbash
6833b29
@mhensler
Copy link
Contributor

mhensler commented Nov 4, 2014

Rather than force users to update wget, it may be better to use a non-https download (http or ftp).

@wreiske
Copy link
Owner

wreiske commented Nov 4, 2014

I would rather not have users pipe a command directly into bash from an insecure connection! shellshocker.net does not serve any traffic on http other than a 301 redirect to https, that will never change.

@mhensler
Copy link
Contributor

mhensler commented Nov 4, 2014

These wget lines in this script are downloading bash source and patches. I believe it is another script that uses curl to pipe into bash.

@wreiske
Copy link
Owner

wreiske commented Nov 4, 2014

Ahh - I took at look at the commit diff now.

Maybe it would be better to ask the user before the script continues, something like:

"We've detected that cpanel is installed on your system. In order to continue, we need to install a newer version of wget on your system. Is that okay? [n]"

We don't have any documentation on the website about touching other programs, bash being the only exception. Might be a good idea to have a disclaimer.

@sysrenan
Copy link
Author

sysrenan commented Nov 5, 2014

I believe a message would be great, since I know many people just copy/paste this into their servers and expect it to work, as you've seen through the comments made by users using this script.

The issue I had was that many servers didn't have HTTPS support for WGET, so I was getting many errors while downloading all patches, and I had to reinstall wget with the needed support. This was just a quick fix since HTTPS support for WGET can be good in many ways.

Another way would be to change the "wget -N" command into a "curl", but either ways I would add a few checks to see if the user actually have those commands/libraries available before executing them to prevent errors.

Let me know if you want me to do some changes and add the message you suggested for cPanel users or if you want another solution you might have in mind.

On a side note I would even check the OS the user is running and fix the libraries accordingly.

@mhensler
Copy link
Contributor

mhensler commented Nov 5, 2014

I toyed with changing all wget lines to curl. It works, but the output just isn't pretty.

echo "Downloading Bash..."
if [ -e bash-4.3.tar.gz ]; then
    curl -# -O -z bash-4.3.tar.gz https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
else
    curl -# -O https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
fi

echo "Downloading Bash patches..."
i=0
while [ true ]; do
    i=`expr $i + 1`;
    if [ -e bash43-$(printf '%03g' $i) ]; then
        curl -# -O -z bash43-$(printf '%03g' $i) https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i)
    else
        curl -# -O https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i)
    fi
    curl -# -O -z bash43-$(printf '%03g' $i) https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i)
    if [ $? -ne 0 ]; then break; fi
done

At this point, just to get a fix in place, I'm leaning towards printing an error with a prompt for the user to approve having the script reinstall wget (defaulting to N).

@sysrenan, I see you have --nodeps. But, I believe the openssl library is needed to enable https support for wget. I'm not sure how we want to handle that.

@sysrenan
Copy link
Author

sysrenan commented Nov 5, 2014

Great. I'll test the output.

As far as the --nodeps that is to remove just wget and nothing else, all cPanel server is sure to have openssl already installed as they deal alot with SSL, specially on the WHM (admin) panel. So we should be fine there. And, I believe that is actually their recommended way to remove it and install from YUM.

@wreiske
Copy link
Owner

wreiske commented Nov 5, 2014

Have you tried adding --silent to curl to cleanup the output? ;) 👍

@mhensler
Copy link
Contributor

mhensler commented Nov 5, 2014

@wreiske I did try adding -s, which completely muted all output. I liked the progress bar that -# produced, but it does not also print the name of the file currently being downloaded. And, that just produces an odd output when downloading the patches. Using -s would work, but give the user no indication that progress is being made. Not necessarily a bad thing. Your call.

@sysrenan
Copy link
Author

sysrenan commented Nov 5, 2014

How about something like this:
curl --progress-bar https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz -o bash-4.3.tar.gz 2>&1 | tr $'\r' $'\n' | sed -r 's/[# ]+/#/g;'

Maybe a message before this starts, something like, "Downloading bash-4.3.tar.gz..".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sysrenan @mhensler @wreiske