From 089e555d5196d829d0f211d94dd78d6b100d5d3d Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 6 Dec 2023 11:19:30 +0100
Subject: [PATCH] fixate openssl-probe dependency, probe env vars in perl

This fixes an issue with `openssl-probe` calling `setenv` when (issued
via the `native-tls` crate with the ACME client) which crashes perl.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 common/pkg/Proxmox/Lib/Common.pm | 84 ++++++++++++++++++++++++++++++++
 pmg-rs/debian/control            |  1 +
 2 files changed, 85 insertions(+)

diff --git a/common/pkg/Proxmox/Lib/Common.pm b/common/pkg/Proxmox/Lib/Common.pm
index 1e6b26d..e87acf4 100644
--- a/common/pkg/Proxmox/Lib/Common.pm
+++ b/common/pkg/Proxmox/Lib/Common.pm
@@ -40,4 +40,88 @@ BEGIN {
     }
 }
 
+=head1 Environment Variable Safety
+
+Perl's handling of environment variables was completely messed up until v5.38.
+Using `setenv` such as use din the `openssl-probe` crate would cause it to
+crash later on, therefore we provide a perl-version of env var probing instead,
+and override the crate with one that doesn't replace the variables if they are
+already set correctly.
+
+=cut
+
+# Copied from openssl-probe
+my @cert_dirs = (
+    "/var/ssl",
+    "/usr/share/ssl",
+    "/usr/local/ssl",
+    "/usr/local/openssl",
+    "/usr/local/etc/openssl",
+    "/usr/local/share",
+    "/usr/lib/ssl",
+    "/usr/ssl",
+    "/etc/openssl",
+    "/etc/pki/ca-trust/extracted/pem",
+    "/etc/pki/tls",
+    "/etc/ssl",
+    "/etc/certs",
+    "/opt/etc/ssl",
+    "/data/data/com.termux/files/usr/etc/tls",
+    "/boot/system/data/ssl",
+);
+
+# Copied from openssl-probe
+my @cert_file_names = (
+    "cert.pem",
+    "certs.pem",
+    "ca-bundle.pem",
+    "cacert.pem",
+    "ca-certificates.crt",
+    "certs/ca-certificates.crt",
+    "certs/ca-root-nss.crt",
+    "certs/ca-bundle.crt",
+    "CARootCertificates.pem",
+    "tls-ca-bundle.pem",
+);
+
+my sub probe_ssl_vars : prototype() {
+    my $result_file = $ENV{SSL_CERT_FILE};
+    my $result_file_changed = 0;
+    my $result_dir = $ENV{SSL_CERT_DIR};
+    my $result_dir_changed = 0;
+
+    for my $certs_dir (@cert_dirs) {
+	if (!defined($result_file)) {
+	    for my $file (@cert_file_names) {
+		my $path = "$certs_dir/$file";
+		if (-e $path) {
+		    $result_file = $path;
+		    $result_file_changed = 1;
+		    last;
+		}
+	    }
+	}
+	if (!defined($result_dir)) {
+	    for my $file (@cert_file_names) {
+		my $path = "$certs_dir/certs";
+		if (-d $path) {
+		    $result_dir = $path;
+		    $result_dir_changed = 1;
+		    last;
+		}
+	    }
+	}
+	last if defined($result_file) && defined($result_dir);
+    }
+
+    if ($result_file_changed && defined($result_file)) {
+	$ENV{SSL_CERT_FILE} = $result_file;
+    }
+    if ($result_dir_changed && defined($result_dir)) {
+	$ENV{SSL_CERT_DIR} = $result_dir;
+    }
+}
+
+probe_ssl_vars();
+
 1;
diff --git a/pmg-rs/debian/control b/pmg-rs/debian/control
index 0466605..c35bca2 100644
--- a/pmg-rs/debian/control
+++ b/pmg-rs/debian/control
@@ -3,6 +3,7 @@ Section: perl
 Priority: optional
 Build-Depends: cargo:native <!nocheck>,
                debhelper-compat (= 13),
+               librust-openssl-probe-dev (= 0.1.5-1~bpo12+pve1),
                dh-cargo (>= 25),
                librust-anyhow-1+default-dev,
                librust-env-logger-0.10+default-dev,
-- 
2.39.2