fickit: Able to update already existing metadata iso

2023-10-23 10:32:22 +02:00 · 2023-10-23 10:32:22 +02:00 · 598b34eb4f
parent f6bb741070
commit 598b34eb4f
1 changed files with 29 additions and 8 deletions
--- a/configs/gen_metadata.sh
+++ b/configs/gen_metadata.sh
@ -7,6 +7,19 @@ escape_newline () {
    sed 's/$/\\n/g' | tr -d '\n'
 }

+if [ $# -gt 0 ]
+then
+    # Expect a previous ISO to update:
+    # Keep: DM_CRYPT, DHPARAMs and SYNCHRO_SSH_KEY
+
+    isoinfo -i "$1" -X -find -iname "USER_DAT*"
+
+    export DM_CRYPT=$(jq -r '."dm-crypt".entries.key.content' USER_DAT.\;1)
+    export DHPARAM=$(jq -r '."tls_config".entries."dhparams-4096.pem".content' USER_DAT.\;1)
+    export SYNCRO_PRIVATE_KEY=$(jq -r '.synchro.entries.id_ed25519.content' USER_DAT.\;1)
+    export SYNCRO_PUBLIC_KEY=$(jq -r '.synchro.entries."id_ed25519.pub".content' USER_DAT.\;1)
+fi
+
 which vault > /dev/null 2> /dev/null || { echo "Please install vault" >&2; exit 1; }

 export VAULT_ADDR="${VAULT_ADDR:-"https://vault.srs.epita.fr:443"}"
@ -17,22 +30,30 @@ OUTPUT_PATH="${OUTPUT_PATH:-"$(mktemp -d)"}"
 command -v vault &> /dev/null || (echo "vault could not be found" && exit)
 vault login -method=oidc -no-print 2> /dev/null

-export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
+[ -z "${DM_CRYPT}" ] && export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
 export CERT_PEM="$(vault kv get --field=cert.pem fic/cert/fic.srs.epita.fr | escape_newline)"
 export CHAIN_PEM="$(vault kv get --field=chain.pem fic/cert/fic.srs.epita.fr | escape_newline)"
 export FULLCHAIN_PEM="$(vault kv get --field=fullchain.pem fic/cert/fic.srs.epita.fr | escape_newline)"
 export PRIVKEY_PEM="$(vault kv get --field=privkey.pem fic/cert/fic.srs.epita.fr | escape_newline)"

+if [ -z "${SYNCRO_PUBLIC_KEY}" ] || [ -z "${SYNCRO_PRIVATE_KEY}" ]
+then
+    ssh-keygen -a 100 -t ed25519 -q -f "$SSH_PATH" -N "" <<< 'y'

-ssh-keygen -a 100 -t ed25519 -q -f "$SSH_PATH" -N "" <<< 'y'
+    export SYNCRO_PUBLIC_KEY="$(cat "$SSH_PATH".pub | escape_newline)"
+    export SYNCRO_PRIVATE_KEY="$(cat "$SSH_PATH" | escape_newline)"
+fi

-export SYNCRO_PUBLIC_KEY="$(cat "$SSH_PATH".pub | escape_newline)"
-export SYNCRO_PRIVATE_KEY="$(cat "$SSH_PATH" | escape_newline)"
+if [ -z "${DHPARAM}" ] && ! [ -f "$DHPARAM_PATH" ]
+then
+    command -v openssl &> /dev/null || (echo "openssl could not be found" && exit)

-echo -e "\n\nGenerating DH params please wait"
-
-command -v openssl &> /dev/null || (echo "openssl could not be found" && exit)
-openssl dhparam -out "$DHPARAM_PATH" 4096 &>/dev/null
+    echo -e "\n\nGenerating DH params please wait"
+    openssl dhparam -out "$DHPARAM_PATH" 4096 &>/dev/null
+elif ! [ -f "$DHPARAM_PATH" ]
+then
+    echo "${DHPARAM}" > "${DHPARAM_PATH}"
+fi
 export DHPARAM="$(cat "$DHPARAM_PATH" | escape_newline)"

 TEMPLATE='