Sep 14

先看这个脚本:

#!/bin/bash
alias elog="logger -t $0 -s"
elog() {
    logger -t $0 -s "$@"
}
elog "hahahaha"
test123(){
    elog "i am in function!"
}
test123

运行后提示:

elog: command not found

如果换成 #!/bin/sh 则无问题:

#!/bin/sh
alias elog="logger -t $0 -s"
elog() {
    logger -t $0 -s "$@"
}
elog "hahahaha"
test123(){
    elog "i am in function!"
}
test123

执行后:

<13>Sep 14 11:59:48 /root/init.d/testme: hahahaha
<13>Sep 14 11:59:48 /root/init.d/testme: i am in function!

参考:Execute a passed alias inside a function?

Aliases are expanded when a command is read, not when it is executed. Therefore, an alias definition appearing on the same line as another command does not take effect until the next line of input is read. The commands following the alias definition on that line are not affected by the new alias. This behavior is also an issue when functions are executed. Aliases are expanded when a function definition is read, not when the function is executed, because a function definition is itself a compound command. As a consequence, aliases defined in a function are not available until after that function is executed. To be safe, always put alias definitions on a separate line, and do not use alias in compound commands.

修改为:(函数形式)

#!/bin/bash
elog() {
    logger -t $0 -s "$@"
}
elog "hahahaha"
test123(){
    elog "i am in function!"
}
test123

可行。 :roll: :roll: :roll:

再参考:Linux 环境中 alias 不生效问题

Tags: , , ,

Jan 06

Tomato 下面运行需要 SSL/TLS 连接的 Golang 程序(多为静态编译),可能会出现类似:

x509: certificate signed by unknown authority

这样的证书相关问题,目前遇到过的有 overture 以及 dnscrypt-proxy这里有讨论。

主要就是 x509 默认只在以下目录搜索证书:

"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
"/system/etc/security/cacerts", // Android
"/usr/local/share/certs", // FreeBSD
"/etc/pki/tls/certs", // Fedora/RHEL
"/etc/openssl/certs", // NetBSD

而 Entware 默认是安装在 /opt/etc/ssl 目录下;

查看 Golang 源码提示可以设置环境变量:

https://golang.org/src/crypto/x509/root_unix.go

const (
// certFileEnv is the environment variable which identifies where to locate
// the SSL certificate file. If set this overrides the system default.
certFileEnv = "SSL_CERT_FILE"
// certDirEnv is the environment variable which identifies which directory
// to check for SSL certificate files. If set this overrides the system default.
certDirEnv = "SSL_CERT_DIR"
)

解决办法:

1. 通过 Entware 安装 ca 证书:

opkg update
opkg upgrade
opkg install ca-bundle
opkg install ca-certificates

2. 在 /opt/etc/.profile 中设置环境变量:

# SSL for Golang
export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
export SSL_CERT_DIR=/opt/etc/ssl/certs

这样就没问题了。