trust-store-generators/get-hosts.sh

#!/bin/sh

# Download and merge lists of Gemini hosts from:
# gemini://geminispace.info/known-hosts
# gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt

set -o errexit  # (-e) exit immediately if any command has a non-zero exit status
set -o nounset  # (-u) don't accept undefined variables
#set -o xtrace  # for debugging

# Go where this script is.
cd "$(dirname "$0")" || exit

# If Agunua is installed, use it.
if command -v agunua >/dev/null; then
  # Using Agunua is more secure, because it does certificate pinning.
  hosts1=$(agunua --binary --maximum-time 20 \
    gemini://geminispace.info/known-hosts 2>/dev/null \
    | grep "gemini://" | cut -d ' ' -f 3)
  if [ -z "$hosts1" ]; then
    >&2 echo "geminispace.info/known-hosts download failed."
    exit 1
  fi
  hosts2=$(agunua --binary --maximum-time 20 \
    gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt 2>/dev/null)
  if [ -z "$hosts2" ]; then
    >&2 echo "lupa-capsules.txt download failed."
    exit 1
  fi
else
  # If Agunua is not installed, pipe the request into OpenSSL s_client.
  hosts1=$(printf "gemini://geminispace.info/known-hosts\r\n" \
    | timeout 20 openssl s_client -quiet -connect "geminispace.info:1965" 2>/dev/null \
    | grep "gemini://" | cut -d ' ' -f 3)
  if [ -z "$hosts1" ]; then
    >&2 echo "geminispace.info/known-hosts download failed."
    exit 1
  fi
  hosts2=$(printf "gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt\r\n" \
    | timeout 20 openssl s_client -quiet -connect "gemini.bortzmeyer.org:1965" 2>/dev/null \
    | tail -n +2)
  if [ -z "$hosts2" ]; then
    >&2 echo "lupa-capsules.txt download failed."
    exit 1
  fi
fi

# Concatenate the two files.
hosts="$hosts1
$hosts2"

# Remove empty lines; convert punycode to unicode; sort entries; remove duplicates.
hosts=$(echo "$hosts" | awk NF | idn --allow-unassigned --idna-to-unicode | sort -fu)

# Remove hosts which contain neither "." nor ":", such as "localhost".
hosts=$(echo "$hosts" | grep '\.\|:')

# Remove explicitly excluded hosts.
hosts=$(echo "$hosts" | grep -vxEf excluded-hosts)

if ! echo "$hosts" | grep -qE '\.onion(:.*)?$'; then
  >&2 echo "The .onions are missing!"
  exit 1
fi

if [ -z "$hosts" ]; then
  >&2 echo "hosts file downloads failed."
  exit 1
fi

# Save to temporary file.
tempfile=$(mktemp)
echo "$hosts" > "$tempfile"

# Delete temporary file on exit.
finish() {
  rm -f "$tempfile"
}
trap finish EXIT

# Test if removed hosts are still online.
echo "Testing removed hosts..."
for removed_host in $(diff hosts "$tempfile" | grep ^\< | cut -c 3-); do
  printf "%s" "$removed_host"
  # If direct connection fails, try to connect through Tor.
  if agunua --no-tofu --maximum-time 20 "$removed_host" >/dev/null 2>&1 || \
      agunua --socks 127.0.0.1:9050 --no-tofu --maximum-time 20 "$removed_host" >/dev/null 2>&1; then
    echo " - ONLINE"
    # Add removed host back.
    hosts="$hosts
$removed_host"
  else
    echo " - offilne"
  fi
done

# Sort entries again.
hosts=$(echo "$hosts" | sort)

# Save to file.
echo "$hosts" > hosts

echo OK
init 2021-04-28 09:20:18 +00:00			`#!/bin/sh`

add hosts from Lupa 2021-06-04 11:20:22 +00:00			`# Download and merge lists of Gemini hosts from:`
			`# gemini://geminispace.info/known-hosts`
			`# gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt`
init 2021-04-28 09:20:18 +00:00
			`set -o errexit # (-e) exit immediately if any command has a non-zero exit status`
			`set -o nounset # (-u) don't accept undefined variables`
			`#set -o xtrace # for debugging`

			`# Go where this script is.`
			`cd "$(dirname "$0")" \|\| exit`

			`# If Agunua is installed, use it.`
			`if command -v agunua >/dev/null; then`
			`# Using Agunua is more secure, because it does certificate pinning.`
remove --insecure flag from agunua commands No longer required, since version 1.5. 2021-09-24 09:35:45 +00:00			`hosts1=$(agunua --binary --maximum-time 20 \`
improve failure handling in get-hosts.sh 2021-08-22 15:18:08 +00:00			`gemini://geminispace.info/known-hosts 2>/dev/null \`
init 2021-04-28 09:20:18 +00:00			`\| grep "gemini://" \| cut -d ' ' -f 3)`
improve failure handling in get-hosts.sh 2021-08-22 15:18:08 +00:00			`if [ -z "$hosts1" ]; then`
			`>&2 echo "geminispace.info/known-hosts download failed."`
			`exit 1`
			`fi`
remove --insecure flag from agunua commands No longer required, since version 1.5. 2021-09-24 09:35:45 +00:00			`hosts2=$(agunua --binary --maximum-time 20 \`
improve failure handling in get-hosts.sh 2021-08-22 15:18:08 +00:00			`gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt 2>/dev/null)`
			`if [ -z "$hosts2" ]; then`
			`>&2 echo "lupa-capsules.txt download failed."`
			`exit 1`
			`fi`
init 2021-04-28 09:20:18 +00:00			`else`
			`# If Agunua is not installed, pipe the request into OpenSSL s_client.`
add hosts from Lupa 2021-06-04 11:20:22 +00:00			`hosts1=$(printf "gemini://geminispace.info/known-hosts\r\n" \`
increase timeouts in get-hosts.sh 2021-08-30 19:13:01 +00:00			`\| timeout 20 openssl s_client -quiet -connect "geminispace.info:1965" 2>/dev/null \`
init 2021-04-28 09:20:18 +00:00			`\| grep "gemini://" \| cut -d ' ' -f 3)`
improve failure handling in get-hosts.sh 2021-08-22 15:18:08 +00:00			`if [ -z "$hosts1" ]; then`
			`>&2 echo "geminispace.info/known-hosts download failed."`
			`exit 1`
			`fi`
add hosts from Lupa 2021-06-04 11:20:22 +00:00			`hosts2=$(printf "gemini://gemini.bortzmeyer.org/software/lupa/lupa-capsules.txt\r\n" \`
increase timeouts in get-hosts.sh 2021-08-30 19:13:01 +00:00			`\| timeout 20 openssl s_client -quiet -connect "gemini.bortzmeyer.org:1965" 2>/dev/null \`
add hosts from Lupa 2021-06-04 11:20:22 +00:00			`\| tail -n +2)`
improve failure handling in get-hosts.sh 2021-08-22 15:18:08 +00:00			`if [ -z "$hosts2" ]; then`
			`>&2 echo "lupa-capsules.txt download failed."`
			`exit 1`
			`fi`
init 2021-04-28 09:20:18 +00:00			`fi`

add hosts from Lupa 2021-06-04 11:20:22 +00:00			`# Concatenate the two files.`
			`hosts="$hosts1`
			`$hosts2"`

improve failure handling in get-hosts.sh 2021-08-22 15:18:08 +00:00			`# Remove empty lines; convert punycode to unicode; sort entries; remove duplicates.`
			`hosts=$(echo "$hosts" \| awk NF \| idn --allow-unassigned --idna-to-unicode \| sort -fu)`
add hosts from Lupa 2021-06-04 11:20:22 +00:00
add exclusion list for specific hosts, private IPs and reserved TLDs 2021-06-30 17:57:14 +00:00			`# Remove hosts which contain neither "." nor ":", such as "localhost".`
			`hosts=$(echo "$hosts" \| grep '\.\\|:')`

			`# Remove explicitly excluded hosts.`
			`hosts=$(echo "$hosts" \| grep -vxEf excluded-hosts)`

check for missing .onion capsules 2021-09-16 17:46:43 +00:00			`if ! echo "$hosts" \| grep -qE '\.onion(:.*)?$'; then`
			`>&2 echo "The .onions are missing!"`
			`exit 1`
			`fi`

init 2021-04-28 09:20:18 +00:00			`if [ -z "$hosts" ]; then`
add hosts from Lupa 2021-06-04 11:20:22 +00:00			`>&2 echo "hosts file downloads failed."`
init 2021-04-28 09:20:18 +00:00			`exit 1`
			`fi`

test if removed hosts are still online 2021-09-24 12:18:34 +00:00			`# Save to temporary file.`
			`tempfile=$(mktemp)`
			`echo "$hosts" > "$tempfile"`

			`# Delete temporary file on exit.`
			`finish() {`
			`rm -f "$tempfile"`
			`}`
			`trap finish EXIT`

			`# Test if removed hosts are still online.`
			`echo "Testing removed hosts..."`
			`for removed_host in $(diff hosts "$tempfile" \| grep ^\< \| cut -c 3-); do`
			`printf "%s" "$removed_host"`
			`# If direct connection fails, try to connect through Tor.`
			`if agunua --no-tofu --maximum-time 20 "$removed_host" >/dev/null 2>&1 \|\| \`
			`agunua --socks 127.0.0.1:9050 --no-tofu --maximum-time 20 "$removed_host" >/dev/null 2>&1; then`
			`echo " - ONLINE"`
			`# Add removed host back.`
			`hosts="$hosts`
			`$removed_host"`
			`else`
			`echo " - offilne"`
			`fi`
			`done`

			`# Sort entries again.`
			`hosts=$(echo "$hosts" \| sort)`

init 2021-04-28 09:20:18 +00:00			`# Save to file.`
add hosts from Lupa 2021-06-04 11:20:22 +00:00			`echo "$hosts" > hosts`
init 2021-04-28 09:20:18 +00:00
			`echo OK`