testnet/dtrfs
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: testnet:v0.7.0
Branches Tags
testnet:master
testnet:add-apache2-license
testnet:add-gplv2-license
testnet:new_install
testnet:v0.7.0
testnet:v0.6.0
testnet:v0.5.0
testnet:v0.3.0
testnet:v0.2.0
testnet:v0.1.1
testnet:v0.1.0
testnet:v0.0.2
testnet:v0.0.1
..
compare: testnet:master
Branches Tags
testnet:master
testnet:add-apache2-license
testnet:add-gplv2-license
testnet:new_install
testnet:v0.7.0
testnet:v0.6.0
testnet:v0.5.0
testnet:v0.3.0
testnet:v0.2.0
testnet:v0.1.1
testnet:v0.1.0
testnet:v0.0.2
testnet:v0.0.1

3 Commits
v0.7.0 ... master

Author SHA1 Message Date
ghe0
d88c175bd9
Switch license to https://unlicense.org/ 2025-08-30 12:13:49 +03:00
ghe0
5f5c9ead51
add xt_REDIRECT kernel module 2025-04-16 18:45:56 +03:00
ghe0
3d90a7b39b
allow injection of hostname via API 2025-03-21 23:05:23 +02:00
18 changed files with 75 additions and 5 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,3 +1,5 @@
# SPDX-License-Identifier: Unlicense
dtrfs.tar dtrfs.tar
build build
tmp tmp

24
LICENSE Normal file
View File

@ -0,0 +1,24 @@
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <https://unlicense.org/>

4
README.md
View File

@ -1,3 +1,7 @@
<!--
SPDX-License-Identifier: Unlicense
-->
## OS template ## OS template
You will need a working OS template to work with this project. You will need a working OS template to work with this project.

2
dtrfs_api/Cargo.lock generated
View File

@ -1,3 +1,5 @@
# SPDX-License-Identifier: Unlicense
# This file is automatically @generated by Cargo. # This file is automatically @generated by Cargo.
# It is not intended for manual editing. # It is not intended for manual editing.
version = 4 version = 4

2
dtrfs_api/Cargo.toml
View File

@ -1,3 +1,5 @@
# SPDX-License-Identifier: Unlicense
[package] [package]
name = "dtrfs_api" name = "dtrfs_api"
version = "0.1.0" version = "0.1.0"

2
dtrfs_api/rustfmt.toml
View File

@ -1,3 +1,5 @@
# SPDX-License-Identifier: Unlicense
reorder_impl_items = true reorder_impl_items = true
use_small_heuristics = "Max" use_small_heuristics = "Max"
merge_imports = true merge_imports = true

5
dtrfs_api/src/main.rs
View File

@ -1,3 +1,5 @@
// SPDX-License-Identifier: Unlicense
mod os; mod os;
mod snp; mod snp;
@ -84,6 +86,7 @@ async fn get_report() -> HttpResponse {
#[derive(Deserialize)] #[derive(Deserialize)]
struct InstallForm { struct InstallForm {
hostname: String,
url: String, url: String,
sha: String, sha: String,
keyfile: String, keyfile: String,
@ -95,7 +98,7 @@ async fn post_install_form(req: HttpRequest, form: web::Form<InstallForm>) -> Ht
if let Err(e) = verify(&req) { if let Err(e) = verify(&req) {
return HttpResponse::BadRequest().body(format!("Signature verification failed: {}", e)); return HttpResponse::BadRequest().body(format!("Signature verification failed: {}", e));
}; };
match os::encrypt_and_install_os(&form.url, &form.sha, &form.keyfile) { match os::encrypt_and_install_os(&form.url, &form.sha, &form.keyfile, &form.hostname) {
Ok(s) => HttpResponse::Ok().body(s), Ok(s) => HttpResponse::Ok().body(s),
Err(e) => HttpResponse::InternalServerError().body(format!("{e:?}")), Err(e) => HttpResponse::InternalServerError().body(format!("{e:?}")),
} }

4
dtrfs_api/src/os.rs
View File

@ -1,3 +1,5 @@
// SPDX-License-Identifier: Unlicense
use crate::snp::get_derived_key; use crate::snp::get_derived_key;
use anyhow::{anyhow, Result}; use anyhow::{anyhow, Result};
use base64::prelude::{Engine, BASE64_URL_SAFE}; use base64::prelude::{Engine, BASE64_URL_SAFE};
@ -15,6 +17,7 @@ pub fn encrypt_and_install_os(
install_url: &str, install_url: &str,
install_sha: &str, install_sha: &str,
keyfile: &str, keyfile: &str,
vm_hostname: &str,
) -> Result<String> { ) -> Result<String> {
let binary_keyfile = BASE64_URL_SAFE.decode(keyfile)?; let binary_keyfile = BASE64_URL_SAFE.decode(keyfile)?;
std::fs::write(BACKUP_KEYFILE_PATH, binary_keyfile)?; std::fs::write(BACKUP_KEYFILE_PATH, binary_keyfile)?;
@ -24,6 +27,7 @@ pub fn encrypt_and_install_os(
.env("INSTALL_SHA", install_sha) .env("INSTALL_SHA", install_sha)
.env("SNP_KEY_FILE", SNP_KEYFILE_PATH) .env("SNP_KEY_FILE", SNP_KEYFILE_PATH)
.env("ROOT_KEYFILE", BACKUP_KEYFILE_PATH) .env("ROOT_KEYFILE", BACKUP_KEYFILE_PATH)
.env("VM_HOSTNAME", vm_hostname)
.output()?; .output()?;
if !install_result.status.success() { if !install_result.status.success() {

2
dtrfs_api/src/snp.rs
View File

@ -1,3 +1,5 @@
// SPDX-License-Identifier: Unlicense
use anyhow::{Context, Result}; use anyhow::{Context, Result};
use sev::firmware::guest::{AttestationReport, DerivedKey, Firmware, GuestFieldSelect}; use sev::firmware::guest::{AttestationReport, DerivedKey, Firmware, GuestFieldSelect};
use base64::prelude::{Engine, BASE64_URL_SAFE}; use base64::prelude::{Engine, BASE64_URL_SAFE};

1
scripts/arch_guest_mods
View File

@ -126,5 +126,6 @@ xt_nat
xt_nfacct xt_nfacct
xt_NFLOG xt_NFLOG
xt_physdev xt_physdev
xt_REDIRECT
xt_set xt_set
xt_tcpudp xt_tcpudp

3
scripts/create.sh
View File

@ -1,4 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"
source creator_exports.sh source creator_exports.sh
source creator_functions.sh source creator_functions.sh

3
scripts/creator_exports.sh
View File

@ -1,4 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# root of the initrd, that will be used to create the cpio archive # root of the initrd, that will be used to create the cpio archive

2
scripts/creator_functions.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
echo_cyan() { echo_cyan() {
echo -e "\033[0;36m$1\033[0m" echo -e "\033[0;36m$1\033[0m"
} }

3
scripts/init.sh
View File

@ -1,4 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
source /usr/lib/dtrfs/init_functions.sh source /usr/lib/dtrfs/init_functions.sh
install_url="/tmp/detee_install_url" install_url="/tmp/detee_install_url"

2
scripts/init_functions.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
load_modules() { load_modules() {
cat /load_modules.sh | bash cat /load_modules.sh | bash
} }

14
scripts/install_os.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
# This script is called by dtrfs_api to install an OS. # This script is called by dtrfs_api to install an OS.
[[ -z "$INSTALL_URL" ]] && { [[ -z "$INSTALL_URL" ]] && {
@ -7,11 +9,16 @@
exit 1 exit 1
} }
[[ -z "$INSTALL_URL" ]] && { [[ -z "$INSTALL_SHA" ]] && {
echo "Did not find INSTALL_SHA env variable". echo "Did not find INSTALL_SHA env variable".
exit 2 exit 2
} }
[[ -z "$VM_HOSTNAME" ]] && {
echo "Did not find VM_HOSTNAME env variable".
exit 2
}
[[ -f "$ROOT_KEYFILE" ]] || { [[ -f "$ROOT_KEYFILE" ]] || {
echo "Did not find keyfile at the following location: $ROOT_KEYFILE" echo "Did not find keyfile at the following location: $ROOT_KEYFILE"
exit 3 exit 3
@ -55,9 +62,8 @@ fsarchiver restdir /mnt/template.fsa /
rm /mnt/template.fsa rm /mnt/template.fsa
# TODO: decide for UX if maybe we should allow user to inject fstab # TODO: decide for UX if maybe we should allow user to inject fstab
echo "" > /mnt/etc/fstab echo "" > /mnt/etc/fstab
hostname=$(cat /proc/cmdline | grep -oE 'detee_name=[0-9a-z\_\.\-]+' | cut -d '=' -f2) echo "=== Setting up guest hostname as $VM_HOSTNAME"
echo "=== Setting up guest hostname as $hostname" echo $VM_HOSTNAME > /mnt/etc/hostname
[[ -n "$hostname" ]] && echo $hostname > /mnt/etc/hostname
echo "=== Generating SSH public keys" echo "=== Generating SSH public keys"
echo "root:x:0:0:root:/root:/bin/sh" > /etc/passwd echo "root:x:0:0:root:/root:/bin/sh" > /etc/passwd

3
scripts/remote_create.sh
View File

@ -1,4 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"
dir="/tmp/dtrfs" dir="/tmp/dtrfs"

2
scripts/upload_to_registry.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: Unlicense
kernel_path="/boot/vmlinuz-linux" kernel_path="/boot/vmlinuz-linux"
dtrfs_path="$1" dtrfs_path="$1"