我的服务器没法连外网,以下是sh里面的内容:
#!/bin/sh
# shellcheck shell=dash
# shellcheck disable=SC2039 # local is non-POSIX
# This is just a little script that can be downloaded from the internet to
# install rustup
. It just does platform detection, downloads the installer
# and runs it
.
# It runs on Unix shells like {a,ba,da,k,z}sh
. It uses the common `local`
# extension
. Note: Most shells limit `local` to 1 var per line, contra bash
.
# Some versions of ksh have no `local` keyword
. Alias it to `typeset`, but
# beware this makes variables global with f()-style function syntax in ksh93
.
# mksh has this alias by default
.
has_local() {
# shellcheck disable=SC2034 # deliberately unused
local _has_local
}
has_local 2>/dev/null || alias local=typeset
is_zsh() {
[ -n "${ZSH_VERSION-}" ]
}
set -u
# If RUSTUP_UPDATE_ROOT is unset or empty, default it
.
RUSTUP_UPDATE_ROOT="${RUSTUP_UPDATE_ROOT:-https://static
.rust-lang
.org/rustup}"
# Set quiet as a global for ease of use
RUSTUP_QUIET=no
# NOTICE: If you change anything here, please make the same changes in setup_mode
.rs
usage() {
cat <<EOF
rustup-init 1
.28
.2 (d1f31992a 2025-04-28)
The installer for rustup
Usage: rustup-init[EXE] [OPTIONS]
Options:
-v, --verbose
Set log level to 'DEBUG' if 'RUSTUP_LOG' is unset
-q, --quiet
Disable progress output, set log level to 'WARN' if 'RUSTUP_LOG' is unset
-y
Disable confirmation prompt
--default-host <DEFAULT_HOST>
Choose a default host triple
--default-toolchain <DEFAULT_TOOLCHAIN>
Choose a default toolchain to install
. Use 'none' to not install any toolchains at all
--profile <PROFILE>
[default: default] [possible values: minimal, default, complete]
-c, --component <COMPONENT>
Comma-separated list of component names to also install
-t, --target <TARGET>
Comma-separated list of target names to also install
--no-update-default-toolchain
Don't update any existing default toolchain after install
--no-modify-path
Don't configure the PATH environment variable
-h, --help
Print help
-V, --version
Print version
EOF
}
main() {
downloader --check
need_cmd uname
need_cmd mktemp
need_cmd chmod
need_cmd mkdir
need_cmd rm
need_cmd rmdir
get_architecture || return 1
local _arch="$RETVAL"
assert_nz "$_arch" "arch"
local _ext=""
case "$_arch" in
*windows*)
_ext="
.exe"
;;
esac
local _url
if [ "${RUSTUP_VERSION+set}" = 'set' ]; then
say "\`RUSTUP_VERSION\` has been set to \`${RUSTUP_VERSION}\`"
_url="${RUSTUP_UPDATE_ROOT}/archive/${RUSTUP_VERSION}"
else
_url="${RUSTUP_UPDATE_ROOT}/dist"
fi
_url="${_url}/${_arch}/rustup-init${_ext}"
local _dir
if ! _dir="$(ensure mktemp -d)"; then
# Because the previous command ran in a subshell, we must manually
# propagate exit status
.
exit 1
fi
local _file="${_dir}/rustup-init${_ext}"
local _ansi_escapes_are_valid=false
if [ -t 2 ]; then
if [ "${TERM+set}" = 'set' ]; then
case "$TERM" in
xterm*|rxvt*|urxvt*|linux*|vt*)
_ansi_escapes_are_valid=true
;;
esac
fi
fi
# check if we have to use /dev/tty to prompt the user
local need_tty=yes
for arg in "$@"; do
case "$arg" in
--help)
usage
exit 0
;;
--quiet)
RUSTUP_QUIET=yes
;;
*)
OPTIND=1
if [ "${arg%%--*}" = "" ]; then
# Long option (other than --help);
# don't attempt to interpret it
.
continue
fi
while getopts :hqy sub_arg "$arg"; do
case "$sub_arg" in
h)
usage
exit 0
;;
q)
RUSTUP_QUIET=yes
;;
y)
# user wants to skip the prompt --
# we don't need /dev/tty
need_tty=no
;;
*)
;;
esac
done
;;
esac
done
say 'downloading installer'
ensure mkdir -p "$_dir"
ensure downloader "$_url" "$_file" "$_arch"
ensure chmod u+x "$_file"
if [ ! -x "$_file" ]; then
err "Cannot execute $_file (likely because of mounting /tmp as noexec)
."
err "Please copy the file to a location where you can execute binaries and run
./rustup-init${_ext}
."
exit 1
fi
if [ "$need_tty" = "yes" ] && [ ! -t 0 ]; then
# The installer is going to want to ask for confirmation by
# reading stdin
. This script was piped into `sh` though and
# doesn't have stdin to pass to its children
. Instead we're going
# to explicitly connect /dev/tty to the installer's stdin
.
if [ ! -t 1 ]; then
err "Unable to run interactively
. Run with -y to accept defaults, --help for additional options"
exit 1;
fi
ignore "$_file" "$@" < /dev/tty
else
ignore "$_file" "$@"
fi
local _retval=$?
ignore rm "$_file"
ignore rmdir "$_dir"
return "$_retval"
}
get_current_exe() {
# Returns the executable used for system architecture detection
# This is only run on Linux
local _current_exe
if test -L /proc/self/exe ; then
_current_exe=/proc/self/exe
else
warn "Unable to find /proc/self/exe
. System architecture detection might be inaccurate
."
if test -n "$SHELL" ; then
_current_exe=$SHELL
else
need_cmd /bin/sh
_current_exe=/bin/sh
fi
warn "Falling back to $_current_exe
."
fi
echo "$_current_exe"
}
get_bitness() {
need_cmd head
# Architecture detection without dependencies beyond coreutils
.
# ELF files start out "\x7fELF", and the following byte is
# 0x01 for
32-bit and
# 0x02 for
64-bit
.
# The printf builtin on some shells like dash only supports octal
# escape sequences, so we use those
.
local _current_exe=$1
local _current_exe_head
_current_exe_head=$(head -c 5 "$_current_exe")
if [ "$_current_exe_head" = "$(printf '\177ELF\001')" ]; then
echo
32
elif [ "$_current_exe_head" = "$(printf '\177ELF\002')" ]; then
echo
64
else
err "unknown platform bitness"
exit 1;
fi
}
is_host_amd
64_elf() {
local _current_exe=$1
need_cmd head
need_cmd tail
# ELF e_machine detection without dependencies beyond coreutils
.
# Two-byte field at offset 0x12 indicates the
CPU,
# but we're interested in it being 0x3E to indicate amd
64, or not that
.
local _current_exe_machine
_current_exe_machine=$(head -c 19 "$_current_exe" | tail -c 1)
[ "$_current_exe_machine" = "$(printf '\076')" ]
}
get_endianness() {
local _current_exe=$1
local
cputype=$2
local suffix_eb=$3
local suffix_el=$4
# detect endianness without od/hexdump, like get_bitness() does
.
need_cmd head
need_cmd tail
local _current_exe_endianness
_current_exe_endianness="$(head -c 6 "$_current_exe" | tail -c 1)"
if [ "$_current_exe_endianness" = "$(printf '\001')" ]; then
echo "${
cputype}${suffix_el}"
elif [ "$_current_exe_endianness" = "$(printf '\002')" ]; then
echo "${
cputype}${suffix_eb}"
else
err "unknown platform endianness"
exit 1
fi
}
# Detect the Linux/LoongArch UAPI flavor, with all errors being non-fatal
.
# Returns 0 or 234 in case of successful detection, 1 otherwise (/tmp being
# noexec, or other causes)
.
check_loongarch_uapi() {
need_cmd base
64
local _tmp
if ! _tmp="$(ensure mktemp)"; then
return 1
fi
# Minimal Linux/LoongArch UAPI detection, exiting with 0 in case of
# upstream ("new world") UAPI, and 234 (-EINVAL truncated) in case of
# old-world (as deployed on several early commercial Linux distributions
# for LoongArch)
.
#
# See https://gist
.github
.com/xen0n/5ee04aaa6cecc5c7794b9a0c3b65fc7f for
# source to this helper binary
.
ignore base
64 -d > "$_tmp" <<EOF
f0VMRgIBAQAAAAAAAAAAAAIAAgEBAAAAeAAgAAAAAABAAAAAAAAAAAAAAAAAAAAAQQAAAEAAOAAB
AAAAAAAAAAEAAAAFAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAJAAAAAAAAAAkAAAAAAAAAAAA
AQAAAAAABCiAAwUAFQAGABUAByCAAwsYggMAACsAC3iBAwAAKwAxen0n
EOF
ignore chmod u+x "$_tmp"
if [ ! -x "$_tmp" ]; then
ignore rm "$_tmp"
return 1
fi
"$_tmp"
local _retval=$?
ignore rm "$_tmp"
return "$_retval"
}
ensure_loongarch_uapi() {
check_loongarch_uapi
case $? in
0)
return 0
;;
234)
err 'Your Linux kernel does not provide the ABI required by this Rust distribution
.'
err 'Please check with your OS provider for how to obtain a compatible Rust package for your system
.'
exit 1
;;
*)
warn "Cannot determine current system's ABI flavor, continuing anyway
."
warn 'Note that the official Rust distribution only works with the upstream kernel ABI
.'
warn 'Installation will fail if your running kernel happens to be incompatible
.'
;;
esac
}
get_architecture() {
local _ostype _
cputype _bitness _arch _clibtype
_ostype="$(uname -s)"
_
cputype="$(uname -m)"
_clibtype="gnu"
if [ "$_ostype" = Linux ]; then
if [ "$(uname -o)" = Android ]; then
_ostype=Android
fi
if ldd --version 2>&1 | grep -q 'musl'; then
_clibtype="musl"
fi
fi
if [ "$_ostype" = Darwin ]; then
# Darwin `uname -m` can lie due to Rosetta shenanigans
. If you manage to
# invoke a native shell binary and then a native uname binary, you can
# get the real answer, but that's hard to ensure, so instead we use
# `sysctl` (which doesn't lie) to check for the actual architecture
.
if [ "$_
cputype" = i386 ]; then
# Handling i386 compatibility mode in older macOS versions (<10
.15)
# running on x86_
64-based Macs
.
# Starting from 10
.15, macOS explicitly bans all i386 binaries from running
.
# See: <https://support
.apple
.com/en-us/HT208436>
# Avoid `sysctl: unknown oid` stderr output and/or non-zero exit code
.
if sysctl hw
.optional
.x86_
64 2> /dev/null || true | grep -q ': 1'; then
_
cputype=x86_
64
fi
elif [ "$_
cputype" = x86_
64 ]; then
# Handling x86-
64 compatibility mode (a
.k
.a
. Rosetta 2)
# in newer macOS versions (>=
11) running on arm
64-based Macs
.
# Rosetta 2 is built exclusively for x86-
64 and cannot run i386 binaries
.
# Avoid `sysctl: unknown oid` stderr output and/or non-zero exit code
.
if sysctl hw
.optional
.arm
64 2> /dev/null || true | grep -q ': 1'; then
_
cputype=arm
64
fi
fi
fi
if [ "$_ostype" = SunOS ]; then
# Both Solaris and illumos presently announce as "SunOS" in "uname -s"
# so use "uname -o" to disambiguate
. We use the full path to the
# system uname in case the user has coreutils uname first in PATH,
# which has historically sometimes printed the wrong value here
.
if [ "$(/usr/bin/uname -o)" = illumos ]; then
_ostype=illumos
fi
# illumos systems have multi-arch userlands, and "uname -m" reports the
# machine hardware name; e
.g
., "i86pc" on both
32- and
64-bit x86
# systems
. Check for the native (widest) instruction set on the
# running kernel:
if [ "$_
cputype" = i86pc ]; then
_
cputype="$(
isainfo -n)"
fi
fi
local _current_exe
case "$_ostype" in
Android)
_ostype=linux-android
;;
Linux)
_current_exe=$(get_current_exe)
_ostype=unknown-linux-$_clibtype
_bitness=$(get_bitness "$_current_exe")
;;
FreeBSD)
_ostype=unknown-freebsd
;;
NetBSD)
_ostype=unknown-netbsd
;;
DragonFly)
_ostype=unknown-dragonfly
;;
Darwin)
_ostype=apple-darwin
;;
illumos)
_ostype=unknown-illumos
;;
MINGW* | MSYS* | CYGWIN* | Windows_NT)
_ostype=pc-windows-gnu
;;
*)
err "unrecognized OS type: $_ostype"
exit 1
;;
esac
case "$_
cputype" in
i386 | i486 | i686 | i786 | x86)
_
cputype=i686
;;
xscale | arm)
_
cputype=arm
if [ "$_ostype" = "linux-android" ]; then
_ostype=linux-androideabi
fi
;;
armv6l)
_
cputype=arm
if [ "$_ostype" = "linux-android" ]; then
_ostype=linux-androideabi
else
_ostype="${_ostype}eabihf"
fi
;;
armv7l | armv8l)
_
cputype=armv7
if [ "$_ostype" = "linux-android" ]; then
_ostype=linux-androideabi
else
_ostype="${_ostype}eabihf"
fi
;;
aarch
64 | arm
64)
_
cputype=aarch
64
;;
x86_
64 | x86-
64 | x
64 | amd
64)
_
cputype=x86_
64
;;
mips)
_
cputype=$(get_endianness "$_current_exe" mips '' el)
;;
mips
64)
if [ "$_bitness" -eq
64 ]; then
# only n
64 ABI is supported for now
_ostype="${_ostype}abi
64"
_
cputype=$(get_endianness "$_current_exe" mips
64 '' el)
fi
;;
ppc)
_
cputype=powerpc
;;
ppc
64)
_
cputype=powerpc
64
;;
ppc
64le)
_
cputype=powerpc
64le
;;
s390x)
_
cputype=s390x
;;
riscv
64)
_
cputype=riscv
64gc
;;
loongarch
64)
_
cputype=loongarch
64
ensure_loongarch_uapi
;;
*)
err "unknown
CPU type: $_
cputype"
exit 1
esac
# Detect
64-bit linux with
32-bit userland
if [ "${_ostype}" = unknown-linux-gnu ] && [ "${_bitness}" -eq
32 ]; then
case $_
cputype in
x86_
64)
if [ -n "${RUSTUP_
CPUTYPE:-}" ]; then
_
cputype="$RUSTUP_
CPUTYPE"
else {
#
32-bit executable for amd
64 = x
32
if is_host_amd
64_elf "$_current_exe"; then {
err "This host is running an x
32 userland, for which no native toolchain is provided
."
err "You will have to install multiarch compatibility with i686 or amd
64."
err "To do so, set the RUSTUP_
CPUTYPE environment variable set to i686 or amd
64 and re-run this script
."
err "You will be able to add an x
32 target after installation by running \`rustup target add x86_
64-unknown-linux-gnux
32\`
."
exit 1
}; else
_
cputype=i686
fi
}; fi
;;
mips
64)
_
cputype=$(get_endianness "$_current_exe" mips '' el)
;;
powerpc
64)
_
cputype=powerpc
;;
aarch
64)
_
cputype=armv7
if [ "$_ostype" = "linux-android" ]; then
_ostype=linux-androideabi
else
_ostype="${_ostype}eabihf"
fi
;;
riscv
64gc)
err "riscv
64 with
32-bit userland unsupported"
exit 1
;;
esac
fi
# Detect armv7 but without the
CPU features Rust needs in that build,
# and fall back to arm
.
# See https://github
.com/rust-lang/rustup
.rs/issues/587
.
if [ "$_ostype" = "unknown-linux-gnueabihf" ] && [ "$_
cputype" = armv7 ]; then
if ! (ensure grep '^Features' /proc/
cpuinfo | grep -E -q 'neon|simd') ; then
# Either `/proc/
cpuinfo` is malformed or unavailable, or
# at least one processor does not have NEON (which is asimd on armv8+)
.
_
cputype=arm
fi
fi
_arch="${_
cputype}-${_ostype}"
RETVAL="$_arch"
}
__print() {
if $_ansi_escapes_are_valid; then
printf '\33[1m%s:\33[0m %s\n' "$1" "$2" >&2
else
printf '%s: %s\n' "$1" "$2" >&2
fi
}
warn() {
__print 'warn' "$1" >&2
}
say() {
if [ "$RUSTUP_QUIET" = "no" ]; then
__print 'info' "$1" >&2
fi
}
# NOTE: you are required to exit yourself
# we don't do it here because of multiline errors
err() {
__print 'error' "$1" >&2
}
need_cmd() {
if ! check_cmd "$1"; then
err "need '$1' (command not found)"
exit 1
fi
}
check_cmd() {
command -v "$1" > /dev/null 2>&1
}
assert_nz() {
if [ -z "$1" ]; then
err "assert_nz $2"
exit 1
fi
}
# Run a command that should never fail
. If the command fails execution
# will immediately terminate with an error showing the failing
# command
.
ensure() {
if ! "$@"; then
err "command failed: $*"
exit 1
fi
}
# This is just for indicating that commands' results are being
# intentionally ignored
. Usually, because it's being executed
# as part of error handling
.
ignore() {
"$@"
}
# This wraps curl or wget
. Try curl first, if not installed,
# use wget instead
.
downloader() {
# zsh does not split words by default, Required for curl retry arguments below
.
is_zsh && setopt local_options shwordsplit
local _dld
local _ciphersuites
local _err
local _status
local _retry
if check_cmd curl; then
_dld=curl
elif check_cmd wget; then
_dld=wget
else
_dld='curl or wget' # to be used in error message of need_cmd
fi
if [ "$1" = --check ]; then
need_cmd "$_dld"
elif [ "$_dld" = curl ]; then
check_curl_for_retry_support
_retry="$RETVAL"
get_ciphersuites_for_curl
_ciphersuites="$RETVAL"
if [ -n "$_ciphersuites" ]; then
# shellcheck disable=SC2086
_err=$(curl $_retry --proto '=https' --tlsv1
.2 --ciphers "$_ciphersuites" --silent --show-error --fail --location "$1" --output "$2" 2>&1)
_status=$?
else
warn "Not enforcing strong cipher suites for TLS, this is potentially less secure"
if ! check_help_for "$3" curl --proto --tlsv1
.2; then
warn "Not enforcing TLS v1
.2, this is potentially less secure"
# shellcheck disable=SC2086
_err=$(curl $_retry --silent --show-error --fail --location "$1" --output "$2" 2>&1)
_status=$?
else
# shellcheck disable=SC2086
_err=$(curl $_retry --proto '=https' --tlsv1
.2 --silent --show-error --fail --location "$1" --output "$2" 2>&1)
_status=$?
fi
fi
if [ -n "$_err" ]; then
warn "$_err"
if echo "$_err" | grep -q 404$; then
err "installer for platform '$3' not found, this may be unsupported"
exit 1
fi
fi
return $_status
elif [ "$_dld" = wget ]; then
if [ "$(wget -V 2>&1|head -2|tail -1|cut -f1 -d" ")" = "BusyBox" ]; then
warn "using the BusyBox version of wget
. Not enforcing strong cipher suites for TLS or TLS v1
.2, this is potentially less secure"
_err=$(wget "$1" -O "$2" 2>&1)
_status=$?
else
get_ciphersuites_for_wget
_ciphersuites="$RETVAL"
if [ -n "$_ciphersuites" ]; then
_err=$(wget --https-only --secure-protocol=TLSv1_2 --ciphers "$_ciphersuites" "$1" -O "$2" 2>&1)
_status=$?
else
warn "Not enforcing strong cipher suites for TLS, this is potentially less secure"
if ! check_help_for "$3" wget --https-only --secure-protocol; then
warn "Not enforcing TLS v1
.2, this is potentially less secure"
_err=$(wget "$1" -O "$2" 2>&1)
_status=$?
else
_err=$(wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2" 2>&1)
_status=$?
fi
fi
fi
if [ -n "$_err" ]; then
warn "$_err"
if echo "$_err" | grep -q ' 404 Not Found$'; then
err "installer for platform '$3' not found, this may be unsupported"
exit 1
fi
fi
return $_status
else
err "Unknown downloader" # should not reach here
exit 1
fi
}
check_help_for() {
local _arch
local _cmd
local _arg
_arch="$1"
shift
_cmd="$1"
shift
local _category
if "$_cmd" --help | grep -q '"--help all"'; then
_category="all"
else
_category=""
fi
case "$_arch" in
*darwin*)
if check_cmd sw_vers; then
local _os_version
local _os_major
_os_version=$(sw_vers -productVersion)
_os_major=$(echo "$_os_version" | cut -d
. -f1)
case $_os_major in
10)
# If we're running on macOS, older than 10
.13, then we always
# fail to find these options to force fallback
if [ "$(echo "$_os_version" | cut -d
. -f2)" -lt 13 ]; then
# Older than 10
.13
warn "Detected macOS platform older than 10
.13"
return 1
fi
;;
*)
if ! { [ "$_os_major" -eq "$_os_major" ] 2>/dev/null && [ "$_os_major" -ge
11 ]; }; then
# Unknown product version, warn and continue
warn "Detected unknown macOS major version: $_os_version"
warn "TLS capabilities detection may fail"
fi
;; # We assume that macOS v
11+ will always be okay
.
esac
fi
;;
esac
for _arg in "$@"; do
if ! "$_cmd" --help "$_category" | grep -q -- "$_arg"; then
return 1
fi
done
true # not strictly needed
}
# Check if curl supports the --retry flag, then pass it to the curl invocation
.
check_curl_for_retry_support() {
local _retry_supported=""
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc
.
if check_help_for "notspecified" "curl" "--retry"; then
_retry_supported="--retry 3"
if check_help_for "notspecified" "curl" "--continue-at"; then
# "-C -" tells curl to automatically find where to resume the download when retrying
.
_retry_supported="--retry 3 -C -"
fi
fi
RETVAL="$_retry_supported"
}
# Return cipher suite string specified by user, otherwise return strong TLS 1
.2-1
.3 cipher suites
# if support by local tools is detected
. Detection currently supports these curl backends:
# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL)
. Return value can be empty
.
get_ciphersuites_for_curl() {
if [ -n "${RUSTUP_TLS_CIPHERSUITES-}" ]; then
# user specified custom cipher suites, assume they know what they're doing
RETVAL="$RUSTUP_TLS_CIPHERSUITES"
return
fi
local _openssl_syntax="no"
local _gnutls_syntax="no"
local _backend_supported="yes"
if curl -V | grep -q ' OpenSSL/'; then
_openssl_syntax="yes"
elif curl -V | grep -iq ' LibreSSL/'; then
_openssl_syntax="yes"
elif curl -V | grep -iq ' BoringSSL/'; then
_openssl_syntax="yes"
elif curl -V | grep -iq ' GnuTLS/'; then
_gnutls_syntax="yes"
else
_backend_supported="no"
fi
local _args_supported="no"
if [ "$_backend_supported" = "yes" ]; then
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc
.
if check_help_for "notspecified" "curl" "--tlsv1
.2" "--ciphers" "--proto"; then
_args_supported="yes"
fi
fi
local _cs=""
if [ "$_args_supported" = "yes" ]; then
if [ "$_openssl_syntax" = "yes" ]; then
_cs=$(get_strong_ciphersuites_for "openssl")
elif [ "$_gnutls_syntax" = "yes" ]; then
_cs=$(get_strong_ciphersuites_for "gnutls")
fi
fi
RETVAL="$_cs"
}
# Return cipher suite string specified by user, otherwise return strong TLS 1
.2-1
.3 cipher suites
# if support by local tools is detected
. Detection currently supports these wget backends:
# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL)
. Return value can be empty
.
get_ciphersuites_for_wget() {
if [ -n "${RUSTUP_TLS_CIPHERSUITES-}" ]; then
# user specified custom cipher suites, assume they know what they're doing
RETVAL="$RUSTUP_TLS_CIPHERSUITES"
return
fi
local _cs=""
if wget -V | grep -q '\-DHAVE_LIBSSL'; then
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc
.
if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
_cs=$(get_strong_ciphersuites_for "openssl")
fi
elif wget -V | grep -q '\-DHAVE_LIBGNUTLS'; then
# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc
.
if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
_cs=$(get_strong_ciphersuites_for "gnutls")
fi
fi
RETVAL="$_cs"
}
# Return strong TLS 1
.2-1
.3 cipher suites in OpenSSL or GnuTLS syntax
. TLS 1
.2
# excludes non-ECDHE and non-AEAD cipher suites
. DHE is excluded due to bad
# DH params often found on servers (see RFC 7919)
. Sequence matches or is
# similar to Firefox 68 ESR with weak cipher suites disabled via about:config
.
# $1 must be openssl or gnutls
.
get_strong_ciphersuites_for() {
if [ "$1" = "openssl" ]; then
# OpenSSL is forgiving of unknown values, no problems with TLS 1
.3 values on versions that don't support it yet
.
echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
elif [ "$1" = "gnutls" ]; then
# GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1
.3 even if wget doesn't
.
# Begin with SECURE128 (and higher) then remove/add to build cipher suites
. Produces same 9 cipher suites as OpenSSL but in slightly different order
.
echo "SECURE128:-VERS-SSL3
.0:-VERS-TLS1
.0:-VERS-TLS1
.1:-VERS-DTLS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
fi
}
set +u
case "$RUSTUP_INIT_SH_PRINT" in
arch | architecture)
get_architecture || exit 1
echo "$RETVAL"
;;
*)
main "$@" || exit 1
;;
esac
本文探讨了SOLARIS系统下通过isainfo命令查看CPU位数的方法,并对比了isainfo与pmap命令输出的不同,提出了对于64位系统中出现32位地址空间的疑问。
扫一扫
448
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
