Download gnupghome.tar when net-booting

This contains a keyring that is generated on the server for each client that netboots.
author: Andrew Cady <d@jerkface.net> 2016-05-01 03:30:20 -0400
committer: Andrew Cady <d@jerkface.net> 2016-05-01 03:30:20 -0400
commit: 38e2aaaa634eb731c9221bee522958334b4fc7e9 (patch)
tree: 5ae29976ec1b82947dc29bea46e7ec24a7fa412f
parent: 06dc6f6c4b662f798d4f4221fd110b33e768d3ce (diff)
4 files changed, 86 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index bcf851b..893216b 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ prefix?=/usr/local
 all: samizdat-paths.sh
-bin_programs=$(addprefix src/, xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh btarfs) samizdat-paths.sh
+bin_programs=$(addprefix src/, xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh btarfs dnsmasq-dhcp-script.sh) samizdat-paths.sh
 # TODO: compile these here
 samizdat_execs=$(addprefix /home/d/src/samizdat/, wait_for_files samizdat-pinentry dynmenu src/samizdat-password-agent src/samizdat-gpg-agent)
@@ -10,6 +10,8 @@ samizdat_execs=$(addprefix /home/d/src/samizdat/, wait_for_files samizdat-pinent
 initrd_files:=$(wildcard src/initrd/*)
 initramfs_conf_files:=$(wildcard initramfs-tools/*)
+isolinux_files:=$(wildcard isolinux/*)
 .PHONY: samizdat-paths.sh
 samizdat-paths.sh: src/samizdat-paths.in
        sed -e "s?PREFIX?$(prefix)?g" $< > $@
@@ -25,3 +27,4 @@ install:
        mkdir -p ${instdir}${samizdat_linux_dir}
        cp -r ${initrd_files} ${instdir}${samizdat_initrd_files_dir}
        cp -r ${initramfs_conf_files} ${instdir}${samizdat_initramfs_conf_dir}
+        cp -r ${isolinux_files} ${instdir}${samizdat_isolinux_dir}
diff --git a/initramfs-tools/scripts/samizdat b/initramfs-tools/scripts/samizdat
index 232e3ac..374979f 100644
--- a/initramfs-tools/scripts/samizdat
+++ b/initramfs-tools/scripts/samizdat
@@ -7,11 +7,22 @@ mountroot()
  samizdat_install_udev_rules
  mkfifo "$MENUFIFO"
  sh /scripts/local-top/nbd & # I guess this isn't getting called otherwise?
+  wait_for_gnupghome_tar
  bootmenu
  bootwait root-mounted
  chvt 1
 }
+wait_for_gnupghome_tar()
+{
+  [ -e /gnupghome.tar ] && return
+  [ "${nbdroot%%,*}" ] || return
+  (while ! tftp -g -r gnupghome.tar -l /gnupghome.tar.$$ ${nbdroot%%,*}; do
+    sleep 1;
+  done
+  mv /gnupghome.tar.$$ /gnupghome.tar)
+}
 samizdat_install_udev_rules()
 {
  mkdir -p /etc/udev/rules.d
diff --git a/src/dnsmasq-dhcp-script.sh b/src/dnsmasq-dhcp-script.sh
new file mode 100644
index 0000000..167d229
--- /dev/null
+++ b/src/dnsmasq-dhcp-script.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+. samizdat-paths.sh
+TFTP_ROOT=${samizdat_isolinux_dir}
+[ "$1 $4" = "tftp ${TFTP_ROOT}/linux/vmlinuz" ] || exit
+# $2 is the length of the file
+CLIENT_IP=$3
+# dnsmasq clears the environment.  kiki needs at least $HOME
+export USER=root
+export MAIL=/var/mail/root
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+export LANG=en_US.UTF-8
+export HOME=/root
+export LANGUAGE=en_US:en
+export LOGNAME=root
+debug()
+{
+    LOGDIR=/var/log/dnsmasq-dhcp-script
+    mkdir -p "$LOGDIR"
+    exec > "$LOGDIR/$$.log" 2>&1
+    set -x
+}
+new_child()
+{
+    child_dir=$samizdat_child_dir/child.$$
+    if [ -d "$child_dir" ]; then
+        rmdir "$child_dir" || exit 1
+    fi
+    sh -x "$(which keygen.sh)" "$child_dir" || return
+    tar --exclude '*~' -zcf "$child_dir"/gnupghome.tar -C "$child_dir"/root/.gnupg . || return
+    tftp_dir="${TFTP_ROOT}"/"$CLIENT_IP"
+    if [ ! -d "$tftp_dir" ]; then
+        ATOMIC=y
+        dest_dir="$tftp_dir"~
+        # DNSMASQ DOCUMENTATION IS WRONG OMFG
+        # Otherwise this symlink farm would be unnecessary
+        mkdir -p "$dest_dir"
+        (cd "$dest_dir" && ln -sf ../* . && rm "$CLIENT_IP"~) || return
+    else
+        dest_dir="$tftp_dir"
+    fi
+    chown dnsmasq "$child_dir" "$child_dir"/gnupghome.tar
+    ln -sf "$child_dir"/gnupghome.tar "$dest_dir"/
+    if [ "$ATOMIC" ]; then
+        mv -T "$dest_dir" "$tftp_dir"
+    fi
+}
+cleanup_after_fail()
+{
+    umount "$child_dir"
+    rmdir "$child_dir"
+}
+debug
+(new_child || cleanup_after_fail) &
diff --git a/src/keygen.sh b/src/keygen.sh
index 4c13e67..5b48512 100755
--- a/src/keygen.sh
+++ b/src/keygen.sh
@@ -60,13 +60,19 @@ doublecheck()
 silent()
 {
+    case "$-" in
+        *x*) return ;;
+    esac
+    SILENT=y
    exec 3>&1 4>&2
    exec >/dev/null 2>&1
 }
 noisy()
 {
-    exec >&3 2>&1
+    if [ "$SILENT" ]; then
+        exec >&3 2>&1
+    fi
 }
 new_child()
author	Andrew Cady <d@jerkface.net>	2016-05-01 03:30:20 -0400
committer	Andrew Cady <d@jerkface.net>	2016-05-01 03:30:20 -0400
commit	38e2aaaa634eb731c9221bee522958334b4fc7e9 (patch)
tree	5ae29976ec1b82947dc29bea46e7ec24a7fa412f
parent	06dc6f6c4b662f798d4f4221fd110b33e768d3ce (diff)

diff --git a/Makefile b/Makefile index bcf851b..893216b 100644 --- a/Makefile +++ b/Makefile
@@ -2,7 +2,7 @@ prefix?=/usr/local
2		2
3	all: samizdat-paths.sh	3	all: samizdat-paths.sh
4		4
5	bin_programs=$(addprefix src/, xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh btarfs) samizdat-paths.sh	5	bin_programs=$(addprefix src/, xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh btarfs dnsmasq-dhcp-script.sh) samizdat-paths.sh
6		6
7	# TODO: compile these here	7	# TODO: compile these here
8	samizdat_execs=$(addprefix /home/d/src/samizdat/, wait_for_files samizdat-pinentry dynmenu src/samizdat-password-agent src/samizdat-gpg-agent)	8	samizdat_execs=$(addprefix /home/d/src/samizdat/, wait_for_files samizdat-pinentry dynmenu src/samizdat-password-agent src/samizdat-gpg-agent)
@@ -10,6 +10,8 @@ samizdat_execs=$(addprefix /home/d/src/samizdat/, wait_for_files samizdat-pinent
10	initrd_files:=$(wildcard src/initrd/*)	10	initrd_files:=$(wildcard src/initrd/*)
11	initramfs_conf_files:=$(wildcard initramfs-tools/*)	11	initramfs_conf_files:=$(wildcard initramfs-tools/*)
12		12
		13	isolinux_files:=$(wildcard isolinux/*)
		14
13	.PHONY: samizdat-paths.sh	15	.PHONY: samizdat-paths.sh
14	samizdat-paths.sh: src/samizdat-paths.in	16	samizdat-paths.sh: src/samizdat-paths.in
15	sed -e "s?PREFIX?$(prefix)?g" $< > $@	17	sed -e "s?PREFIX?$(prefix)?g" $< > $@
@@ -25,3 +27,4 @@ install:
25	mkdir -p ${instdir}${samizdat_linux_dir}	27	mkdir -p ${instdir}${samizdat_linux_dir}
26	cp -r ${initrd_files} ${instdir}${samizdat_initrd_files_dir}	28	cp -r ${initrd_files} ${instdir}${samizdat_initrd_files_dir}
27	cp -r ${initramfs_conf_files} ${instdir}${samizdat_initramfs_conf_dir}	29	cp -r ${initramfs_conf_files} ${instdir}${samizdat_initramfs_conf_dir}
		30	cp -r ${isolinux_files} ${instdir}${samizdat_isolinux_dir}


diff --git a/initramfs-tools/scripts/samizdat b/initramfs-tools/scripts/samizdat index 232e3ac..374979f 100644 --- a/initramfs-tools/scripts/samizdat +++ b/initramfs-tools/scripts/samizdat
@@ -7,11 +7,22 @@ mountroot()
7	samizdat_install_udev_rules	7	samizdat_install_udev_rules
8	mkfifo "$MENUFIFO"	8	mkfifo "$MENUFIFO"
9	sh /scripts/local-top/nbd & # I guess this isn't getting called otherwise?	9	sh /scripts/local-top/nbd & # I guess this isn't getting called otherwise?
		10	wait_for_gnupghome_tar
10	bootmenu	11	bootmenu
11	bootwait root-mounted	12	bootwait root-mounted
12	chvt 1	13	chvt 1
13	}	14	}
14		15
		16	wait_for_gnupghome_tar()
		17	{
		18	[ -e /gnupghome.tar ] && return
		19	[ "${nbdroot%%,*}" ] \|\| return
		20	(while ! tftp -g -r gnupghome.tar -l /gnupghome.tar.$$ ${nbdroot%%,*}; do
		21	sleep 1;
		22	done
		23	mv /gnupghome.tar.$$ /gnupghome.tar)
		24	}
		25
15	samizdat_install_udev_rules()	26	samizdat_install_udev_rules()
16	{	27	{
17	mkdir -p /etc/udev/rules.d	28	mkdir -p /etc/udev/rules.d


diff --git a/src/dnsmasq-dhcp-script.sh b/src/dnsmasq-dhcp-script.sh new file mode 100644 index 0000000..167d229 --- /dev/null +++ b/src/dnsmasq-dhcp-script.sh
@@ -0,0 +1,64 @@
		1	#!/bin/sh
		2	. samizdat-paths.sh
		3	TFTP_ROOT=${samizdat_isolinux_dir}
		4	[ "$1 $4" = "tftp ${TFTP_ROOT}/linux/vmlinuz" ] \|\| exit
		5	# $2 is the length of the file
		6	CLIENT_IP=$3
		7
		8	# dnsmasq clears the environment. kiki needs at least $HOME
		9	export USER=root
		10	export MAIL=/var/mail/root
		11	export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
		12	export LANG=en_US.UTF-8
		13	export HOME=/root
		14	export LANGUAGE=en_US:en
		15	export LOGNAME=root
		16
		17	debug()
		18	{
		19	LOGDIR=/var/log/dnsmasq-dhcp-script
		20	mkdir -p "$LOGDIR"
		21	exec > "$LOGDIR/$$.log" 2>&1
		22	set -x
		23	}
		24
		25	new_child()
		26	{
		27	child_dir=$samizdat_child_dir/child.$$
		28	if [ -d "$child_dir" ]; then
		29	rmdir "$child_dir" \|\| exit 1
		30	fi
		31
		32	sh -x "$(which keygen.sh)" "$child_dir" \|\| return
		33	tar --exclude '*~' -zcf "$child_dir"/gnupghome.tar -C "$child_dir"/root/.gnupg . \|\| return
		34
		35	tftp_dir="${TFTP_ROOT}"/"$CLIENT_IP"
		36	if [ ! -d "$tftp_dir" ]; then
		37	ATOMIC=y
		38	dest_dir="$tftp_dir"~
		39
		40	# DNSMASQ DOCUMENTATION IS WRONG OMFG
		41	# Otherwise this symlink farm would be unnecessary
		42
		43	mkdir -p "$dest_dir"
		44	(cd "$dest_dir" && ln -sf ../* . && rm "$CLIENT_IP"~) \|\| return
		45	else
		46	dest_dir="$tftp_dir"
		47	fi
		48
		49	chown dnsmasq "$child_dir" "$child_dir"/gnupghome.tar
		50	ln -sf "$child_dir"/gnupghome.tar "$dest_dir"/
		51
		52	if [ "$ATOMIC" ]; then
		53	mv -T "$dest_dir" "$tftp_dir"
		54	fi
		55	}
		56
		57	cleanup_after_fail()
		58	{
		59	umount "$child_dir"
		60	rmdir "$child_dir"
		61	}
		62
		63	debug
		64	(new_child \|\| cleanup_after_fail) &


diff --git a/src/keygen.sh b/src/keygen.sh index 4c13e67..5b48512 100755 --- a/src/keygen.sh +++ b/src/keygen.sh
@@ -60,13 +60,19 @@ doublecheck()
60		60
61	silent()	61	silent()
62	{	62	{
		63	case "$-" in
		64	x) return ;;
		65	esac
		66	SILENT=y
63	exec 3>&1 4>&2	67	exec 3>&1 4>&2
64	exec >/dev/null 2>&1	68	exec >/dev/null 2>&1
65	}	69	}
66		70
67	noisy()	71	noisy()
68	{	72	{
69	exec >&3 2>&1	73	if [ "$SILENT" ]; then
		74	exec >&3 2>&1
		75	fi
70	}	76	}
71		77
72	new_child()	78	new_child()