common: move probe into a new SslProbe package

Because Proxmox::Lib::Common isn't actually `use`d by most packages.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/common/pkg/Proxmox/Lib/Common.pm b/common/pkg/Proxmox/Lib/Common.pm
index e87acf46248435ee96d91a6ea005ca7cfc5a314b..1e6b26d6982d23d3a892148ec4fc0eb38ced2c42 100644 (file)
--- a/common/pkg/Proxmox/Lib/Common.pm
+++ b/common/pkg/Proxmox/Lib/Common.pm
@@ -40,88 +40,4 @@ BEGIN {
     }
 }
 
-=head1 Environment Variable Safety
-
-Perl's handling of environment variables was completely messed up until v5.38.
-Using `setenv` such as use din the `openssl-probe` crate would cause it to
-crash later on, therefore we provide a perl-version of env var probing instead,
-and override the crate with one that doesn't replace the variables if they are
-already set correctly.
-
-=cut
-
-# Copied from openssl-probe
-my @cert_dirs = (
-    "/var/ssl",
-    "/usr/share/ssl",
-    "/usr/local/ssl",
-    "/usr/local/openssl",
-    "/usr/local/etc/openssl",
-    "/usr/local/share",
-    "/usr/lib/ssl",
-    "/usr/ssl",
-    "/etc/openssl",
-    "/etc/pki/ca-trust/extracted/pem",
-    "/etc/pki/tls",
-    "/etc/ssl",
-    "/etc/certs",
-    "/opt/etc/ssl",
-    "/data/data/com.termux/files/usr/etc/tls",
-    "/boot/system/data/ssl",
-);
-
-# Copied from openssl-probe
-my @cert_file_names = (
-    "cert.pem",
-    "certs.pem",
-    "ca-bundle.pem",
-    "cacert.pem",
-    "ca-certificates.crt",
-    "certs/ca-certificates.crt",
-    "certs/ca-root-nss.crt",
-    "certs/ca-bundle.crt",
-    "CARootCertificates.pem",
-    "tls-ca-bundle.pem",
-);
-
-my sub probe_ssl_vars : prototype() {
-    my $result_file = $ENV{SSL_CERT_FILE};
-    my $result_file_changed = 0;
-    my $result_dir = $ENV{SSL_CERT_DIR};
-    my $result_dir_changed = 0;
-
-    for my $certs_dir (@cert_dirs) {
-       if (!defined($result_file)) {
-           for my $file (@cert_file_names) {
-               my $path = "$certs_dir/$file";
-               if (-e $path) {
-                   $result_file = $path;
-                   $result_file_changed = 1;
-                   last;
-               }
-           }
-       }
-       if (!defined($result_dir)) {
-           for my $file (@cert_file_names) {
-               my $path = "$certs_dir/certs";
-               if (-d $path) {
-                   $result_dir = $path;
-                   $result_dir_changed = 1;
-                   last;
-               }
-           }
-       }
-       last if defined($result_file) && defined($result_dir);
-    }
-
-    if ($result_file_changed && defined($result_file)) {
-       $ENV{SSL_CERT_FILE} = $result_file;
-    }
-    if ($result_dir_changed && defined($result_dir)) {
-       $ENV{SSL_CERT_DIR} = $result_dir;
-    }
-}
-
-probe_ssl_vars();
-
 1;

diff --git a/common/pkg/Proxmox/Lib/SslProbe.pm b/common/pkg/Proxmox/Lib/SslProbe.pm
new file mode 100644 (file)
index 0000000..e6de890
--- /dev/null
+++ b/common/pkg/Proxmox/Lib/SslProbe.pm
@@ -0,0 +1,100 @@
+package Proxmox::Lib::SslProbe;
+
+use strict;
+use warnings;
+
+=head1 Environment Variable Safety
+
+Perl's handling of environment variables was completely messed up until v5.38.
+Using `setenv` such as use din the `openssl-probe` crate would cause it to
+crash later on, therefore we provide a perl-version of env var probing instead,
+and override the crate with one that doesn't replace the variables if they are
+already set correctly.
+
+=cut
+
+BEGIN {
+    # Copied from openssl-probe
+    my @cert_dirs = (
+       "/var/ssl",
+       "/usr/share/ssl",
+       "/usr/local/ssl",
+       "/usr/local/openssl",
+       "/usr/local/etc/openssl",
+       "/usr/local/share",
+       "/usr/lib/ssl",
+       "/usr/ssl",
+       "/etc/openssl",
+       "/etc/pki/ca-trust/extracted/pem",
+       "/etc/pki/tls",
+       "/etc/ssl",
+       "/etc/certs",
+       "/opt/etc/ssl",
+       "/data/data/com.termux/files/usr/etc/tls",
+       "/boot/system/data/ssl",
+    );
+
+    # Copied from openssl-probe
+    my @cert_file_names = (
+       "cert.pem",
+       "certs.pem",
+       "ca-bundle.pem",
+       "cacert.pem",
+       "ca-certificates.crt",
+       "certs/ca-certificates.crt",
+       "certs/ca-root-nss.crt",
+       "certs/ca-bundle.crt",
+       "CARootCertificates.pem",
+       "tls-ca-bundle.pem",
+    );
+
+    my $probed_ssl_vars = 0;
+
+    # The algorithm here is taken from the `openssl-probe` crate and should
+    # produce the exact same result in order to ensure the rust code does not
+    # call `setenv()`.
+    my sub probe_ssl_vars : prototype() {
+       return if $probed_ssl_vars;
+       $probed_ssl_vars = 1;
+
+       my $result_file = $ENV{SSL_CERT_FILE};
+       my $result_file_changed = 0;
+       my $result_dir = $ENV{SSL_CERT_DIR};
+       my $result_dir_changed = 0;
+
+       for my $certs_dir (@cert_dirs) {
+           if (!defined($result_file)) {
+               for my $file (@cert_file_names) {
+                   my $path = "$certs_dir/$file";
+                   if (-e $path) {
+                       $result_file = $path;
+                       $result_file_changed = 1;
+                       last;
+                   }
+               }
+           }
+           if (!defined($result_dir)) {
+               for my $file (@cert_file_names) {
+                   my $path = "$certs_dir/certs";
+                   if (-d $path) {
+                       $result_dir = $path;
+                       $result_dir_changed = 1;
+                       last;
+                   }
+               }
+           }
+           last if defined($result_file) && defined($result_dir);
+       }
+
+       if ($result_file_changed && defined($result_file)) {
+           $ENV{SSL_CERT_FILE} = $result_file;
+       }
+       if ($result_dir_changed && defined($result_dir)) {
+           $ENV{SSL_CERT_DIR} = $result_dir;
+       }
+    }
+
+    probe_ssl_vars();
+}
+
+1;