testnet/dtrfs
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7e3d33093a
dtrfs/init_functions.sh

117 lines
3.3 KiB
Bash
Raw Blame History

#!/bin/bash
echo_blue() {
echo -e "\033[34m$1\033[0m"
}
echo_red() {
echo -e "\033[0;31m$1\033[0m"
}
load_modules() {
cat /load_modules.sh | bash
}
create_mounts() {
mount -t proc proc /proc -o nosuid,noexec,nodev
mount -t sysfs sys /sys -o nosuid,noexec,nodev
mount -t devtmpfs dev /dev -o mode=0755,nosuid
mount -t tmpfs run /run -o nosuid,nodev,mode=0755
mkdir -m755 /run/initramfs
if [ -e /sys/firmware/efi ]; then
mount -t efivarfs efivarfs /sys/firmware/efi/efivars -o nosuid,nodev,noexec
fi
# Setup /dev symlinks
if [ -e /proc/kcore ]; then
ln -sfT /proc/kcore /dev/core
fi
ln -sfT /proc/self/fd /dev/fd
ln -sfT /proc/self/fd/0 /dev/stdin
ln -sfT /proc/self/fd/1 /dev/stdout
ln -sfT /proc/self/fd/2 /dev/stderr
}
create_certs() {
cert_dir="/tmp/certs"
key="$cert_dir/guest_api.key"
cert="$cert_dir/guest_api.crt"
subject="/C=W3/O=DeTEE/OU=COCO/CN=guest-api"
mkdir -p "$cert_dir"
openssl genpkey -algorithm RSA -out "$key" \
-pkeyopt rsa_keygen_bits:4096 2>/dev/null
openssl req -x509 -new \
-key "$key" -out "$cert" \
-days 365 -subj "$subject" 2>/dev/null
}
# expects kernel param in this format: detee_net=192.168.122.140_24_192.168.122.1_1.1.1.1
setup_network() {
local settings='' ip_addr='' mask='' cidr='' gateway='' nameserver=''
settings=$(cat /proc/cmdline | grep -oE 'detee_net=[0-9a-z\_\:\.]+' | cut -d '=' -f2)
# TODO: replace with exit 0 when you are ready to force a kernel panic
[[ -z "$settings" ]] && return 0
settings="${settings#detee_net=}"
ip_addr="$( echo ${settings} | cut -d'_' -f1 )"
mask="$( echo ${settings} | cut -d'_' -f2 )"
cidr="${ip_addr}/${mask}"
gateway="$( echo ${settings} | cut -d'_' -f3 )"
nameserver="$( echo ${settings} | cut -d'_' -f4 )"
ip addr add $cidr dev eth0
ip link set eth0 up
ip route add default via $gateway
echo nameserver $nameserver > /etc/resolv.conf
}
install_os() {
local url="$(cat $INSTALL_URL)" hostname=''
# mount root if it exists
blkid | grep vda1 | grep LUKS && {
mount_root
return 0
}
# install OS if disk is empty
(
echo n
echo p
echo
echo
echo
echo w
) | fdisk /dev/vda
cryptsetup luksFormat --batch-mode -d $ROOT_KEYFILE /dev/vda1
cryptsetup open -d $ROOT_KEYFILE /dev/vda1 root
mkfs.ext4 /dev/mapper/root
mount /dev/mapper/root /mnt
wget -O /mnt/template.fsa "$url"
sha256sum /mnt/template.fsa | grep $(cat ${INSTALL_SHA}) || exit 1
fsarchiver restdir /mnt/template.fsa /
rm /mnt/template.fsa
# TODO: decide for UX if maybe we should allow user to inject fstab
echo "" > /mnt/etc/fstab
hostname=$(cat /proc/cmdline | grep -oE 'detee_name=[0-9a-z\_\.\-]+' | cut -d '=' -f2)
[[ -n "$hostname" ]] && echo $hostname > /mnt/etc/hostname
}
# detee_ghu stands for GitHub user and expects format detee_ghu=ghe0
github_ssh_key() {
local key=''
github_user=$(cat /proc/cmdline | grep -oE 'detee_ghu=[0-9a-z\_\.\-]+' | cut -d '=' -f2)
[[ -z "$github_user" ]] && return 0
mkdir -p /mnt/root/.ssh
cd /mnt/root/.ssh
touch authorized_keys
key="$(wget -O - https://github.com/${github_user}.keys)"
grep -F "$( echo key | awk '{ print $2 }' )" authorized_keys || {
echo "$key" >> authorized_keys
chmod 600 authorized_keys
}
}
mount_root() {
cryptsetup open -d $ROOT_KEYFILE /dev/vda1 root
mount /dev/mapper/root /mnt
}
Reference in New Issue View Git Blame Copy Permalink