105 lines
2.7 KiB
Bash
105 lines
2.7 KiB
Bash
#!/bin/bash
|
|
|
|
echo_blue() {
|
|
echo -e "\033[34m$1\033[0m"
|
|
}
|
|
|
|
echo_red() {
|
|
echo -e "\033[0;31m$1\033[0m"
|
|
}
|
|
|
|
load_modules() {
|
|
cat /load_modules.sh | bash
|
|
}
|
|
|
|
create_mounts() {
|
|
mount -t proc proc /proc -o nosuid,noexec,nodev
|
|
mount -t sysfs sys /sys -o nosuid,noexec,nodev
|
|
mount -t devtmpfs dev /dev -o mode=0755,nosuid
|
|
mount -t tmpfs run /run -o nosuid,nodev,mode=0755
|
|
mkdir -m755 /run/initramfs
|
|
|
|
if [ -e /sys/firmware/efi ]; then
|
|
mount -t efivarfs efivarfs /sys/firmware/efi/efivars -o nosuid,nodev,noexec
|
|
fi
|
|
|
|
# Setup /dev symlinks
|
|
if [ -e /proc/kcore ]; then
|
|
ln -sfT /proc/kcore /dev/core
|
|
fi
|
|
ln -sfT /proc/self/fd /dev/fd
|
|
ln -sfT /proc/self/fd/0 /dev/stdin
|
|
ln -sfT /proc/self/fd/1 /dev/stdout
|
|
ln -sfT /proc/self/fd/2 /dev/stderr
|
|
}
|
|
|
|
create_certs() {
|
|
cert_dir="/tmp/certs"
|
|
key="$cert_dir/guest_api.key"
|
|
cert="$cert_dir/guest_api.crt"
|
|
subject="/C=W3/O=DeTEE/OU=COCO/CN=guest-api"
|
|
mkdir -p "$cert_dir"
|
|
openssl genpkey -algorithm RSA -out "$key" \
|
|
-pkeyopt rsa_keygen_bits:4096 2>/dev/null
|
|
openssl req -x509 -new \
|
|
-key "$key" -out "$cert" \
|
|
-days 365 -subj "$subject" 2>/dev/null
|
|
}
|
|
|
|
# expects kernel param in this format: detee_net=192.168.122.140_24_192.168.122.1_1.1.1.1
|
|
setup_network() {
|
|
local settings='' ip_addr='' mask='' cidr='' gateway='' nameserver=''
|
|
settings=$(cat /proc/cmdline | grep -oE 'detee_net=[0-9a-z\_\:\.]+' | cut -d '=' -f2)
|
|
# TODO: replace with exit 0 when you are ready to force a kernel panic
|
|
[[ -z "$settings" ]] && return 0
|
|
settings="${settings#detee_net=}"
|
|
ip_addr="$( echo ${settings} | cut -d'_' -f1 )"
|
|
mask="$( echo ${settings} | cut -d'_' -f2 )"
|
|
cidr="${ip_addr}/${mask}"
|
|
gateway="$( echo ${settings} | cut -d'_' -f3 )"
|
|
nameserver="$( echo ${settings} | cut -d'_' -f4 )"
|
|
|
|
ip addr add $cidr dev eth0
|
|
ip link set eth0 up
|
|
ip route add default via $gateway
|
|
echo nameserver $nameserver > /etc/resolv.conf
|
|
}
|
|
|
|
install_os() {
|
|
local url="$(cat /tmp/install_url)"
|
|
blkid | grep vda1 | grep ext4 && {
|
|
mount_root
|
|
return 0
|
|
}
|
|
fdisk /dev/vda <<EOF
|
|
n
|
|
p
|
|
|
|
|
|
|
|
w
|
|
EOF
|
|
mkfs.ext4 /dev/vda1
|
|
mount_root
|
|
cd /mnt/
|
|
wget -O template.tar.xz "$url"
|
|
tar --numeric-owner -xpJf /mnt/template.tar.xz -C /mnt/
|
|
rm /mnt/template.tar.xz
|
|
rm /mnt/etc/fstab
|
|
}
|
|
|
|
# detee_ghu stands for GitHub user and expects format detee_ghu=ghe0
|
|
github_ssh_key() {
|
|
github_user=$(cat /proc/cmdline | grep -oE 'detee_ghu=[0-9a-z\_\.\-]+' | cut -d '=' -f2)
|
|
[[ -z "$github_user" ]] && return 0
|
|
mkdir -p /mnt/root/.ssh
|
|
cd /mnt/root/.ssh
|
|
wget -O authorized_keys https://github.com/${github_user}.keys
|
|
chmod 600 authorized_keys
|
|
}
|
|
|
|
mount_root() {
|
|
mkdir /mnt
|
|
mount /dev/vda1 /mnt
|
|
}
|