You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

72 lines
2.5 KiB

  1. #!/bin/bash
  2. set +eux
  3. ## Certificate DST_Root_CA-X3 expired, it needs to be removed
  4. ## from list of available certificates. Debian <10 have the issue.
  5. ##
  6. ## Fixing: https://www.reddit.com/r/sysadmin/comments/pzags0/lets_encrypts_dst_root_ca_x3_expired_yesterday/
  7. ## see also: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/?guccounter=1
  8. modified_certificate=
  9. mkdir -p /usr/local/share/ca-certificates/custom
  10. for certfile_name in isrgrootx1:ISRG_Root_X1 isrg-root-x2 lets-encrypt-r3; do
  11. certfile=${certfile_name%%:*}
  12. name=${certfile_name#*:}
  13. echo "Checking $certfile for $name"
  14. if ! [ -e "/usr/local/share/ca-certificates/custom/$certfile".crt ] &&
  15. ! [ -e "/etc/ssl/certs/$name.pem" ]; then
  16. wget --no-check-certificate https://letsencrypt.org/certs/"$certfile".pem \
  17. -O "/usr/local/share/ca-certificates/custom/$certfile".crt
  18. modified_certificate=1
  19. fi
  20. done
  21. if grep "^mozilla/DST_Root_CA_X3.crt" /etc/ca-certificates.conf 2>/dev/null 2>&1; then
  22. sed -ri 's%^(mozilla/DST_Root_CA_X3.crt)%!\1%g' /etc/ca-certificates.conf
  23. fi
  24. if [ -n "$modified_certificate" ]; then
  25. update-ca-certificates
  26. fi
  27. ## We can now do the ``apt-get update`` safely...
  28. apt-get update
  29. apt-get -y install bash-completion wget bzip2 git-core \
  30. less tmux mosh \
  31. sudo git vim file gawk </dev/null
  32. apt-get -y python-software-properties </dev/null ||
  33. apt-get -y software-properties-common </dev/null
  34. type -p lsb_release >/dev/null 2>&1 ||
  35. apt-get install -y lsb-release </dev/null
  36. case $(lsb_release -is) in
  37. Ubuntu)
  38. apt-get install -y language-pack-en </dev/null
  39. ;;
  40. Debian)
  41. if ! type -p locale-gen >/dev/null && [ -x /usr/sbin/locale-gen ]; then
  42. echo "Your shell is incorrectly set as your PATH doesn't contain '/usr/sbin'." >&2
  43. echo "This probably happens because you've incorrectly entered root environment" >&2
  44. echo "Please use 'sudo -i' or 'su -' to enter a root shell from another user." >&2
  45. echo " ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754"
  46. exit 1
  47. fi
  48. sed -ri 's/^\s*#\s*(en_US\.UTF-?8.*)\s*$/\1/g' /etc/locale.gen
  49. locale-gen
  50. ;;
  51. esac
  52. YQ_VERSION=4.27.3
  53. if ! type -p "yq" 2>/dev/null ||
  54. ! version_line=$(yq --version) ||
  55. [[ "${version_line}" != *"${YQ_VERSION}" ]]; then
  56. wget "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64" \
  57. -O /usr/local/bin/yq &&
  58. chmod +x /usr/local/bin/yq
  59. fi