124 lines
2.5 KiB
Go
124 lines
2.5 KiB
Go
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"io/ioutil"
|
|
"log"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"novit.nc/direktil/initrd/config"
|
|
)
|
|
|
|
func bootstrap(cfg *config.Config) {
|
|
if cfg.Bootstrap.Dev == "" {
|
|
fatalf("bootstrap device not defined!")
|
|
}
|
|
|
|
const bsDir = "/bootstrap"
|
|
os.MkdirAll(bsDir, 0700)
|
|
|
|
run("mount", cfg.Bootstrap.Dev, bsDir)
|
|
|
|
baseDir := filepath.Join(bsDir, bootVersion)
|
|
sysCfgPath := filepath.Join(baseDir, "config.yaml")
|
|
|
|
if _, err := os.Stat(sysCfgPath); os.IsNotExist(err) {
|
|
log.Printf("bootstrap %q does not exist", bootVersion)
|
|
|
|
seed := cfg.Bootstrap.Seed
|
|
if seed == "" {
|
|
fatalf("boostrap seed not defined, admin required")
|
|
}
|
|
|
|
log.Printf("seeding bootstrap from %s", seed)
|
|
|
|
// TODO
|
|
}
|
|
|
|
layersDir = baseDir
|
|
layersOverride["modules"] = "/modules.sqfs"
|
|
sysCfg := applyConfig(sysCfgPath, false)
|
|
|
|
// mounts are v2 only
|
|
for _, mount := range sysCfg.Mounts {
|
|
log.Print("mount ", mount.Dev, " to system's ", mount.Path)
|
|
|
|
path := filepath.Join("/system", mount.Path)
|
|
|
|
os.MkdirAll(path, 0755)
|
|
|
|
args := []string{mount.Dev, path}
|
|
if mount.Type != "" {
|
|
args = append(args, "-t", mount.Type)
|
|
}
|
|
if mount.Options != "" {
|
|
args = append(args, "-o", mount.Options)
|
|
}
|
|
|
|
run("mount", args...)
|
|
}
|
|
|
|
// setup root user
|
|
if ph := sysCfg.RootUser.PasswordHash; ph != "" {
|
|
log.Print("setting root's password")
|
|
setUserPass("root", ph)
|
|
}
|
|
if ak := sysCfg.RootUser.AuthorizedKeys; len(ak) != 0 {
|
|
log.Print("setting root's authorized keys")
|
|
setAuthorizedKeys(ak)
|
|
}
|
|
}
|
|
|
|
func setUserPass(user, passwordHash string) {
|
|
const fpath = "/system/etc/shadow"
|
|
|
|
ba, err := ioutil.ReadFile(fpath)
|
|
if err != nil {
|
|
fatalf("failed to read shadow: %v", err)
|
|
}
|
|
|
|
lines := bytes.Split(ba, []byte{'\n'})
|
|
|
|
buf := new(bytes.Buffer)
|
|
for _, line := range lines {
|
|
line := string(line)
|
|
p := strings.Split(line, ":")
|
|
if len(p) < 2 || p[0] != user {
|
|
buf.WriteString(line)
|
|
continue
|
|
}
|
|
|
|
p[1] = passwordHash
|
|
line = strings.Join(p, ":")
|
|
|
|
buf.WriteString(line)
|
|
buf.WriteByte('\n')
|
|
}
|
|
|
|
err = ioutil.WriteFile(fpath, buf.Bytes(), 0600)
|
|
if err != nil {
|
|
fatalf("failed to write shadow: %v", err)
|
|
}
|
|
}
|
|
|
|
func setAuthorizedKeys(ak []string) {
|
|
buf := new(bytes.Buffer)
|
|
for _, k := range ak {
|
|
buf.WriteString(k)
|
|
buf.WriteByte('\n')
|
|
}
|
|
|
|
const sshDir = "/system/root/.ssh"
|
|
err := os.MkdirAll(sshDir, 0700)
|
|
if err != nil {
|
|
fatalf("failed to create %s: %v", sshDir, err)
|
|
}
|
|
|
|
err = ioutil.WriteFile(filepath.Join(sshDir, "authorized_keys"), buf.Bytes(), 0600)
|
|
if err != nil {
|
|
fatalf("failed to write authorized keys: %v", err)
|
|
}
|
|
}
|