11#! /bin/bash
2+ set -euo pipefail
23
3- # Constants
44INSTALL=" install"
55UNINSTALL=" uninstall"
66CONF_FILE=/etc/ibmcloud/share.conf
77
8- # Temporary: Add a test certificate to /etc/stunnel if stunnel is installed
9- # This is a non-production test certificate used only during development.
10- # Once certificates signed by a trusted CA are adopted, this will be removed
11- # and the trusted CA certs will be preinstalled with the OS.
8+ # Base path relative to this script:
9+ SCRIPT_DIR=" $( cd -- " $( dirname -- " ${BASH_SOURCE[0]} " ) " > /dev/null 2>&1 && pwd) "
10+ PACKAGES_BASE=" ${SCRIPT_DIR} /packages"
11+
12+ # ---------- tiny helpers ----------
13+ setup_stunnel_directories () {
14+ local DIR_LIST=" /var/run/stunnel4/ /etc/stunnel /var/log/stunnel"
15+ sudo mkdir -p $DIR_LIST
16+ sudo chmod 744 $DIR_LIST
17+ }
18+
1219create_stunnel_cert_if_installed () {
13- if command -v stunnel > /dev/null 2>&1 && [ -d /etc/stunnel ]; then
14- cat << EOF > /etc/stunnel/allca.pem
20+ if command -v stunnel > /dev/null 2>&1 && [ -d /etc/stunnel ]; then
21+ sudo tee /etc/stunnel/allca.pem > /dev/null << ' EOF '
1522-----BEGIN CERTIFICATE-----
1623MIIFdTCCA12gAwIBAgIUdNDeiuIBYhInN5rrT+FZPmE5vy4wDQYJKoZIhvcNAQEL
1724BQAwSjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZEYWxs
@@ -45,211 +52,120 @@ M76z0t8anU9C7BTX8C7THFHid/LRS/1UlvuJKkQYsUgxac+OFcrw32NiZ5QTJ8Z8
45526sIG86suxYkB
4653-----END CERTIFICATE-----
4754EOF
48- echo " Created /etc/stunnel/allca.pem certificate."
49- else
50- echo " stunnel not installed or /etc/stunnel does not exist; skipping cert creation."
51- fi
52- }
53-
54- store_stunnel_env () {
55- local stunnel_env=" STUNNEL_ENV"
56-
57- # It is okay to store empty value.
58- local value=" $STUNNEL_ENV "
59-
60- sed -i.bak " /${stunnel_env} =/d" " $CONF_FILE "
61-
62- if ! grep -q $stunnel_env $CONF_FILE
63- then
64- echo ${stunnel_env} =" $value " >> $CONF_FILE
65- fi
55+ fi
6656}
6757
68- store_trusted_ca_file_name () {
69- local root_ca= " TRUSTED_ROOT_CACERT "
70-
71- sed -i.bak " / ${root_ca} =/d " " $CONF_FILE "
58+ store_kv () { local k= " $1 " v= " $2 " ; sudo mkdir -p " $( dirname " $CONF_FILE " ) " ; sudo touch " $CONF_FILE " ; sudo sed -i.bak " /^ ${k} =*/d " " $CONF_FILE " ; echo " ${k} = ${v} " | sudo tee -a " $CONF_FILE " > /dev/null ; }
59+ store_stunnel_env (){ store_kv STUNNEL_ENV " ${STUNNEL_ENV :- } " ; }
60+ store_trusted_ca_file_name (){ store_kv TRUSTED_ROOT_CACERT " $* " ; }
61+ store_arch_env (){ store_kv ARCH_ENV " $( uname -m ) " ; }
7262
73- if ! grep -q $root_ca $CONF_FILE
74- then
75- echo ${root_ca} =" $@ " >> $CONF_FILE
76- fi
77- }
63+ # ---------- OFFLINE installers (match your path layout) ----------
7864
79- # Create necessary directories
80- setup_stunnel_directories () {
81- DIR_LIST=" /var/run/stunnel4/ /etc/stunnel /var/log/stunnel"
82- sudo mkdir -p $DIR_LIST
83- sudo chmod 744 $DIR_LIST
84- }
85-
86- # Install stunnel on Ubuntu/Debian-based systems
8765install_stunnel_ubuntu_debian () {
88- echo " Starting installation of stunnel on Ubuntu/Debian-based system..."
89- # Update apt and install stunnel
90- sudo apt-get update
91- sudo apt-get install -y stunnel4
92- setup_stunnel_directories
93- create_stunnel_cert_if_installed
94-
95- store_trusted_ca_file_name " /etc/ssl/certs/ca-certificates.crt"
96- store_stunnel_env
97- store_arch_env
98- # Verify installation
99- if command -v stunnel > /dev/null; then
100- echo " stunnel installed successfully!"
101- else
102- echo " Failed to install stunnel."
103- exit 1
66+ echo " Offline stunnel install (Ubuntu/Debian)…"
67+ . /etc/os-release
68+ : " ${VERSION_ID:? No VERSION_ID} "
69+ local PKG_DIR=" ${PACKAGES_BASE} /ubuntu/${VERSION_ID} "
70+
71+ [[ -d " $PKG_DIR " || { echo " Missing dir: $PKG_DIR " ; exit 1; }
72+
73+ # Find stunnel .deb matching your naming (e.g., stunnel4_3%3a5.72-1build2_amd64.deb)
74+ shopt -s nullglob
75+ local debs=( " $PKG_DIR " * .deb )
76+ shopt -u nullglob
77+ [[ ${# debs[@]} -ge 1 ]] || { echo " No stunnel*.deb in $PKG_DIR " ; exit 1; }
78+
79+ # If multiple exist, pick the highest Version using dpkg semantics
80+ local pick=" " " "
81+ for f in " ${debs[@]} " ; do
82+ ver=" $( dpkg-deb -f " $f " 2> /dev/null || echo 0) "
83+ if [ -z " $best_ver " || dpkg --compare-versions " $ver " " $best_ver " ; then
84+ best_ver=" $ver "
85+ pick=" $f "
10486 fi
105- }
87+ done
10688
107- store_arch_env () {
108- local arch_env= " ARCH_ENV "
89+ echo " Installing: $pick (Version: $best_ver ) "
90+ sudo apt-get -y install " $pick "
10991
110- local value=" $( uname -m) "
92+ setup_stunnel_directories
93+ create_stunnel_cert_if_installed
94+ store_trusted_ca_file_name " /etc/ssl/certs/ca-certificates.crt"
95+ store_stunnel_env
96+ store_arch_env
11197
112- sed -i.bak " /${arch_env} =/d" " $CONF_FILE "
113-
114- if ! grep -q $arch_env $CONF_FILE
115- then
116- echo ${arch_env} =" $value " >> $CONF_FILE
117- fi
98+ command -v stunnel > /dev/null && echo " stunnel installed offline." || { echo " install failed" ; exit 1; }
11899}
119100
120- # Install stunnel on Red Hat/CentOS/Rocky-based systems
101+ # (Optional) If you also want RHEL in the same style: packages/rhel/$MAJOR/stunnel*.rpm
121102install_stunnel_rhel_centos_rocky () {
122- echo " Starting installation of stunnel on Red Hat/CentOS/Rocky-based system..."
123-
124- # Install stunnel
125- sudo yum install -y stunnel
126- setup_stunnel_directories
127- create_stunnel_cert_if_installed
128-
129- store_trusted_ca_file_name " /etc/pki/tls/certs/ca-bundle.crt"
130- store_stunnel_env
131- store_arch_env
132-
133- # Verify installation
134- if command -v stunnel > /dev/null; then
135- echo " stunnel installed successfully!"
136- else
137- echo " Failed to install stunnel."
138- exit 1
139- fi
103+ echo " Offline stunnel install (RHEL/Rocky/CentOS)…"
104+ . /etc/os-release
105+ local MAJOR=" ${VERSION_ID%% .* } "
106+ [[ " $MAJOR " =~ ^(8| 9)$ ]] || { echo " Unsupported RHEL major: $MAJOR " ; exit 1; }
107+
108+ local PKG_DIR=" ${PACKAGES_BASE} /rhel/${MAJOR} "
109+ [[ -d " $PKG_DIR " || { echo " Missing dir: $PKG_DIR " ; exit 1; }
110+
111+ shopt -s nullglob
112+ local rpms=( " $PKG_DIR " * .rpm )
113+ shopt -u nullglob
114+ [[ ${# rpms[@]} -ge 1 ]] || { echo " No stunnel*.rpm in $PKG_DIR " ; exit 1; }
115+
116+ # If multiple, take the most recently modified
117+ local pick
118+ pick=" $( ls -1t " $PKG_DIR " * .rpm | head -n1) "
119+
120+ echo " Installing: $pick "
121+ if command -v dnf > /dev/null 2>&1 ; then
122+ sudo dnf -y install " $pick " ' *'
123+ else
124+ sudo yum -y localinstall " $pick "
125+ fi
126+
127+ setup_stunnel_directories
128+ create_stunnel_cert_if_installed
129+ store_trusted_ca_file_name " /etc/pki/tls/certs/ca-bundle.crt"
130+ store_stunnel_env
131+ store_arch_env
132+
133+ command -v stunnel > /dev/null && echo " stunnel installed offline." || { echo " install failed" ; exit 1; }
140134}
141135
142- # Function to install stunnel on SUSE-based systems
143- install_stunnel_suse () {
144- echo " Starting installation of stunnel on SUSE-based system..."
145- # Install stunnel
146- sudo zypper install -y stunnel
147- setup_stunnel_directories
148- create_stunnel_cert_if_installed
149-
150- store_trusted_ca_file_name " /etc/ssl/ca-bundle.pem"
151- store_stunnel_env
152-
153- # Verify installation
154- if command -v stunnel > /dev/null; then
155- echo " stunnel installed successfully!"
156- else
157- echo " Failed to install stunnel."
158- exit 1
159- fi
160- }
161-
162- # Uninstall stunnel on Ubuntu/Debian-based systems
136+ # ---------- uninstallers ----------
163137uninstall_stunnel_ubuntu_debian () {
164- echo " Uninstalling stunnel on Ubuntu/Debian-based system..."
165- sudo apt-get remove --purge -y stunnel4
166- sudo rm -rf /var/run/stunnel4/ /etc/stunnel
167-
168- if ! command -v stunnel > /dev/null; then
169- echo " stunnel uninstalled successfully!"
170- else
171- echo " Failed to uninstall stunnel."
172- exit 1
173- fi
138+ echo " Uninstalling stunnel (Ubuntu/Debian)…"
139+ sudo apt-get remove --purge -y stunnel4 || true
140+ sudo rm -rf /var/run/stunnel4/ /etc/stunnel
141+ command -v stunnel > /dev/null || echo " stunnel uninstalled."
174142}
175143
176- # Uninstall stunnel on Red Hat/CentOS/Rocky-based systems
177144uninstall_stunnel_rhel_centos_rocky () {
178- echo " Uninstalling stunnel on Red Hat/CentOS/Rocky-based system..."
179- sudo yum remove -y stunnel
180- sudo rm -rf /var/run/stunnel4/ /etc/stunnel
181-
182- if ! command -v stunnel > /dev/null; then
183- echo " stunnel uninstalled successfully!"
184- else
185- echo " Failed to uninstall stunnel."
186- exit 1
187- fi
145+ echo " Uninstalling stunnel (RHEL/Rocky/CentOS)…"
146+ if command -v dnf > /dev/null 2>&1 ; then sudo dnf remove -y stunnel || true ; else sudo yum remove -y stunnel || true ; fi
147+ sudo rm -rf /var/run/stunnel4/ /etc/stunnel
148+ command -v stunnel > /dev/null || echo " stunnel uninstalled."
188149}
189150
190- # Uninstall stunnel on SUSE-based systems
191- uninstall_stunnel_suse () {
192- echo " Uninstalling stunnel on SUSE-based system..."
193- sudo zypper remove -y stunnel
194- sudo rm -rf /var/run/stunnel4/ /etc/stunnel
195-
196- if ! command -v stunnel > /dev/null; then
197- echo " stunnel uninstalled successfully!"
198- else
199- echo " Failed to uninstall stunnel."
200- exit 1
201- fi
202- }
203-
204- # Function to detect the OS and install or uninstall stunnel
151+ # ---------- dispatcher ----------
205152detect_and_handle () {
206- ACTION=$1
207-
208- # Check if the OS release file exists
209- if [ ! -f /etc/os-release ]; then
210- echo " The file /etc/os-release does not exist. Unable to detect OS."
211- exit 1
212- fi
213-
214- # Source the OS release file
215- . /etc/os-release
216-
217- case " $ID " in
153+ local ACTION=" $1 "
154+ [[ -f /etc/os-release ]] || { echo " /etc/os-release missing" ; exit 1; }
155+ . /etc/os-release
156+ case " $ID " in
218157 ubuntu|debian)
219- if [ " $ACTION " == " $INSTALL " ; then
220- install_stunnel_ubuntu_debian
221- elif [ " $ACTION " == " $UNINSTALL " ; then
222- uninstall_stunnel_ubuntu_debian
223- fi
224- ;;
158+ [[ " $ACTION " == " $INSTALL " && install_stunnel_ubuntu_debian || uninstall_stunnel_ubuntu_debian
159+ ;;
225160 centos|rhel|rocky)
226- if [ " $ACTION " == " $INSTALL " ; then
227- install_stunnel_rhel_centos_rocky
228- elif [ " $ACTION " == " $UNINSTALL " ; then
229- uninstall_stunnel_rhel_centos_rocky
230- fi
231- ;;
232- suse|sles)
233- if [ " $ACTION " == " $INSTALL " ; then
234- install_stunnel_suse
235- elif [ " $ACTION " == " $UNINSTALL " ; then
236- uninstall_stunnel_suse
237- fi
238- ;;
239- * )
240- echo " Unsupported OS: $ID "
241- exit 1
242- ;;
243- esac
161+ [[ " $ACTION " == " $INSTALL " && install_stunnel_rhel_centos_rocky || uninstall_stunnel_rhel_centos_rocky
162+ ;;
163+ * )
164+ echo " Unsupported OS: $ID " ; exit 1;;
165+ esac
244166}
245167
246- # Default action is install
247- ACTION=$( echo " ${1:- $INSTALL } " | tr ' [:upper:]' ' [:lower:]' )
248-
249- if [[ " $ACTION " != " $INSTALL " && " $ACTION " != " $UNINSTALL " ; then
250- echo " Invalid argument. Please specify 'install' or 'uninstall'."
251- exit 1
252- fi
253-
254- # Start the installation or uninstallation process
255- detect_and_handle " $ACTION "
168+ # ---------- main ----------
169+ ACTION=" $( echo " ${1:- $INSTALL } " | tr ' [:upper:]' ' [:lower:]' ) "
170+ [[ " $ACTION " == " $INSTALL " || " $ACTION " == " $UNINSTALL " || { echo " Use: install|uninstall" ; exit 1; }
171+ detect_and_handle " $ACTION "
0 commit comments