fic/server
1
0
Fork 0
Code Issues Pull Requests 8 Releases Wiki Activity

fickit: Able to update already existing metadata iso

Browse Source
This commit is contained in:
nemunaire 2023-10-23 10:32:22 +02:00
parent f6bb741070
commit 598b34eb4f
1 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
configs/gen_metadata.sh
View File

@ -7,6 +7,19 @@ escape_newline () {
sed 's/$/\\n/g' | tr -d '\n' sed 's/$/\\n/g' | tr -d '\n'
} }
if [ $# -gt 0 ]
then
# Expect a previous ISO to update:
# Keep: DM_CRYPT, DHPARAMs and SYNCHRO_SSH_KEY
isoinfo -i "$1" -X -find -iname "USER_DAT*"
export DM_CRYPT=$(jq -r '."dm-crypt".entries.key.content' USER_DAT.\;1)
export DHPARAM=$(jq -r '."tls_config".entries."dhparams-4096.pem".content' USER_DAT.\;1)
export SYNCRO_PRIVATE_KEY=$(jq -r '.synchro.entries.id_ed25519.content' USER_DAT.\;1)
export SYNCRO_PUBLIC_KEY=$(jq -r '.synchro.entries."id_ed25519.pub".content' USER_DAT.\;1)
fi
which vault > /dev/null 2> /dev/null || { echo "Please install vault" >&2; exit 1; } which vault > /dev/null 2> /dev/null || { echo "Please install vault" >&2; exit 1; }
export VAULT_ADDR="${VAULT_ADDR:-"https://vault.srs.epita.fr:443"}" export VAULT_ADDR="${VAULT_ADDR:-"https://vault.srs.epita.fr:443"}"
@ -17,22 +30,30 @@ OUTPUT_PATH="${OUTPUT_PATH:-"$(mktemp -d)"}"
command -v vault &> /dev/null || (echo "vault could not be found" && exit) command -v vault &> /dev/null || (echo "vault could not be found" && exit)
vault login -method=oidc -no-print 2> /dev/null vault login -method=oidc -no-print 2> /dev/null
export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)" [ -z "${DM_CRYPT}" ] && export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
export CERT_PEM="$(vault kv get --field=cert.pem fic/cert/fic.srs.epita.fr | escape_newline)" export CERT_PEM="$(vault kv get --field=cert.pem fic/cert/fic.srs.epita.fr | escape_newline)"
export CHAIN_PEM="$(vault kv get --field=chain.pem fic/cert/fic.srs.epita.fr | escape_newline)" export CHAIN_PEM="$(vault kv get --field=chain.pem fic/cert/fic.srs.epita.fr | escape_newline)"
export FULLCHAIN_PEM="$(vault kv get --field=fullchain.pem fic/cert/fic.srs.epita.fr | escape_newline)" export FULLCHAIN_PEM="$(vault kv get --field=fullchain.pem fic/cert/fic.srs.epita.fr | escape_newline)"
export PRIVKEY_PEM="$(vault kv get --field=privkey.pem fic/cert/fic.srs.epita.fr | escape_newline)" export PRIVKEY_PEM="$(vault kv get --field=privkey.pem fic/cert/fic.srs.epita.fr | escape_newline)"
if [ -z "${SYNCRO_PUBLIC_KEY}" ] || [ -z "${SYNCRO_PRIVATE_KEY}" ]
then
ssh-keygen -a 100 -t ed25519 -q -f "$SSH_PATH" -N "" <<< 'y' ssh-keygen -a 100 -t ed25519 -q -f "$SSH_PATH" -N "" <<< 'y'
export SYNCRO_PUBLIC_KEY="$(cat "$SSH_PATH".pub | escape_newline)" export SYNCRO_PUBLIC_KEY="$(cat "$SSH_PATH".pub | escape_newline)"
export SYNCRO_PRIVATE_KEY="$(cat "$SSH_PATH" | escape_newline)" export SYNCRO_PRIVATE_KEY="$(cat "$SSH_PATH" | escape_newline)"
fi
if [ -z "${DHPARAM}" ] && ! [ -f "$DHPARAM_PATH" ]
then
command -v openssl &> /dev/null || (echo "openssl could not be found" && exit)
echo -e "\n\nGenerating DH params please wait" echo -e "\n\nGenerating DH params please wait"
command -v openssl &> /dev/null || (echo "openssl could not be found" && exit)
openssl dhparam -out "$DHPARAM_PATH" 4096 &>/dev/null openssl dhparam -out "$DHPARAM_PATH" 4096 &>/dev/null
elif ! [ -f "$DHPARAM_PATH" ]
then
echo "${DHPARAM}" > "${DHPARAM_PATH}"
fi
export DHPARAM="$(cat "$DHPARAM_PATH" | escape_newline)" export DHPARAM="$(cat "$DHPARAM_PATH" | escape_newline)"
TEMPLATE=' TEMPLATE='