initrd/bootstrap.go

package main

import (
	"bytes"
	"io/ioutil"
	"log"
	"os"
	"path/filepath"
	"strings"

	"novit.nc/direktil/initrd/config"
)

func bootstrap(cfg *config.Config) {
	if cfg.Bootstrap.Dev == "" {
		fatalf("bootstrap device not defined!")
	}

	const bsDir = "/bootstrap"
	os.MkdirAll(bsDir, 0700)

	run("mount", cfg.Bootstrap.Dev, bsDir)

	baseDir := filepath.Join(bsDir, bootVersion)
	sysCfgPath := filepath.Join(baseDir, "config.yaml")

	if _, err := os.Stat(sysCfgPath); os.IsNotExist(err) {
		log.Printf("bootstrap %q does not exist", bootVersion)

		seed := cfg.Bootstrap.Seed
		if seed == "" {
			fatalf("boostrap seed not defined, admin required")
		}

		log.Printf("seeding bootstrap from %s", seed)

		// TODO
	}

	layersDir = baseDir
	layersOverride["modules"] = "/modules.sqfs"
	sysCfg := applyConfig(sysCfgPath, false)

	// mounts are v2 only
	for _, mount := range sysCfg.Mounts {
		log.Print("mount ", mount.Dev, " to system's ", mount.Path)

		path := filepath.Join("/system", mount.Path)

		os.MkdirAll(path, 0755)

		args := []string{mount.Dev, path}
		if mount.Type != "" {
			args = append(args, "-t", mount.Type)
		}
		if mount.Options != "" {
			args = append(args, "-o", mount.Options)
		}

		run("mount", args...)
	}

	// setup root user
	if ph := sysCfg.RootUser.PasswordHash; ph != "" {
		log.Print("setting root's password")
		setUserPass("root", ph)
	}
	if ak := sysCfg.RootUser.AuthorizedKeys; len(ak) != 0 {
		log.Print("setting root's authorized keys")
		setAuthorizedKeys(ak)
	}
}

func setUserPass(user, passwordHash string) {
	const fpath = "/system/etc/shadow"

	ba, err := ioutil.ReadFile(fpath)
	if err != nil {
		fatalf("failed to read shadow: %v", err)
	}

	lines := bytes.Split(ba, []byte{'\n'})

	buf := new(bytes.Buffer)
	for _, line := range lines {
		line := string(line)
		p := strings.Split(line, ":")
		if len(p) < 2 || p[0] != user {
			buf.WriteString(line)
			continue
		}

		p[1] = passwordHash
		line = strings.Join(p, ":")

		buf.WriteString(line)
		buf.WriteByte('\n')
	}

	err = ioutil.WriteFile(fpath, buf.Bytes(), 0600)
	if err != nil {
		fatalf("failed to write shadow: %v", err)
	}
}

func setAuthorizedKeys(ak []string) {
	buf := new(bytes.Buffer)
	for _, k := range ak {
		buf.WriteString(k)
		buf.WriteByte('\n')
	}

	const sshDir = "/system/root/.ssh"
	err := os.MkdirAll(sshDir, 0700)
	if err != nil {
		fatalf("failed to create %s: %v", sshDir, err)
	}

	err = ioutil.WriteFile(filepath.Join(sshDir, "authorized_keys"), buf.Bytes(), 0600)
	if err != nil {
		fatalf("failed to write authorized keys: %v", err)
	}
}
boot v2 progress: disks, ssh, success... 2022-03-08 10:45:56 +00:00			`package main`

			`import (`
			`"bytes"`
			`"io/ioutil"`
			`"log"`
			`"os"`
			`"path/filepath"`
			`"strings"`

			`"novit.nc/direktil/initrd/config"`
			`)`

			`func bootstrap(cfg *config.Config) {`
			`if cfg.Bootstrap.Dev == "" {`
			`fatalf("bootstrap device not defined!")`
			`}`

			`const bsDir = "/bootstrap"`
			`os.MkdirAll(bsDir, 0700)`

			`run("mount", cfg.Bootstrap.Dev, bsDir)`

			`baseDir := filepath.Join(bsDir, bootVersion)`
			`sysCfgPath := filepath.Join(baseDir, "config.yaml")`

			`if _, err := os.Stat(sysCfgPath); os.IsNotExist(err) {`
			`log.Printf("bootstrap %q does not exist", bootVersion)`

			`seed := cfg.Bootstrap.Seed`
			`if seed == "" {`
			`fatalf("boostrap seed not defined, admin required")`
			`}`

			`log.Printf("seeding bootstrap from %s", seed)`

			`// TODO`
			`}`

			`layersDir = baseDir`
			`layersOverride["modules"] = "/modules.sqfs"`
			`sysCfg := applyConfig(sysCfgPath, false)`

			`// mounts are v2 only`
			`for _, mount := range sysCfg.Mounts {`
			`log.Print("mount ", mount.Dev, " to system's ", mount.Path)`

			`path := filepath.Join("/system", mount.Path)`

			`os.MkdirAll(path, 0755)`

			`args := []string{mount.Dev, path}`
			`if mount.Type != "" {`
			`args = append(args, "-t", mount.Type)`
			`}`
			`if mount.Options != "" {`
			`args = append(args, "-o", mount.Options)`
			`}`

			`run("mount", args...)`
			`}`

			`// setup root user`
			`if ph := sysCfg.RootUser.PasswordHash; ph != "" {`
			`log.Print("setting root's password")`
			`setUserPass("root", ph)`
			`}`
			`if ak := sysCfg.RootUser.AuthorizedKeys; len(ak) != 0 {`
			`log.Print("setting root's authorized keys")`
			`setAuthorizedKeys(ak)`
			`}`
			`}`

			`func setUserPass(user, passwordHash string) {`
			`const fpath = "/system/etc/shadow"`

			`ba, err := ioutil.ReadFile(fpath)`
			`if err != nil {`
			`fatalf("failed to read shadow: %v", err)`
			`}`

			`lines := bytes.Split(ba, []byte{'\n'})`

			`buf := new(bytes.Buffer)`
			`for _, line := range lines {`
			`line := string(line)`
			`p := strings.Split(line, ":")`
			`if len(p) < 2 \|\| p[0] != user {`
			`buf.WriteString(line)`
			`continue`
			`}`

			`p[1] = passwordHash`
			`line = strings.Join(p, ":")`

			`buf.WriteString(line)`
			`buf.WriteByte('\n')`
			`}`

			`err = ioutil.WriteFile(fpath, buf.Bytes(), 0600)`
			`if err != nil {`
			`fatalf("failed to write shadow: %v", err)`
			`}`
			`}`

			`func setAuthorizedKeys(ak []string) {`
			`buf := new(bytes.Buffer)`
			`for _, k := range ak {`
			`buf.WriteString(k)`
			`buf.WriteByte('\n')`
			`}`

			`const sshDir = "/system/root/.ssh"`
			`err := os.MkdirAll(sshDir, 0700)`
			`if err != nil {`
			`fatalf("failed to create %s: %v", sshDir, err)`
			`}`

			`err = ioutil.WriteFile(filepath.Join(sshDir, "authorized_keys"), buf.Bytes(), 0600)`
			`if err != nil {`
			`fatalf("failed to write authorized keys: %v", err)`
			`}`
			`}`