3 # Run gpg once to create default options
6 /usr/bin/gpg --yes 2>/dev/null </dev/null
8 # if this file is present, cancel the boot (exit this script)
9 CANCEL_BOOT_FLAG=/tmp/CANCEL_BOOT
11 # where all the configuration files for contacting
12 # the boot server are stored
15 # get the server we are going to be contacting
16 BOOT_SERVER=`cat $BOOT_DIR/boot_server`
17 BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port`
19 # the file to request from the boot server
20 SERVER_BOOT_DIR=`cat $BOOT_DIR/boot_server_path`
22 # location of the cacert for this boot server
23 BOOT_CACERT=$BOOT_DIR/cacert.pem
25 # location of the gpg key ring to verify scripts
26 BOOT_GPG_KEYRING=$BOOT_DIR/pubring.gpg
28 # location of a file containing this boot cd version
29 BOOT_VERSION_FILE=/pl_version
31 # the locations of the downloaded scripts
32 UNVERIFIED_SCRIPT=/tmp/bootscript.gpg
33 VERIFIED_SCRIPT=/tmp/bootscript
35 # asemble the curl transaction
36 CURL_CMD="/usr/bin/curl \
37 --connect-timeout 60 \
39 --form version=<$BOOT_VERSION_FILE \
40 --form cmdline=</proc/cmdline \
41 --form uptime=</proc/uptime \
42 --form ifconfig=</tmp/ifconfig \
43 --form cpuinfo=</proc/cpuinfo \
44 --form meminfo=</proc/meminfo \
45 --form nonce=</tmp/nonce \
47 --output $UNVERIFIED_SCRIPT \
52 --stderr /tmp/curl_errors \
53 --cacert $BOOT_CACERT \
54 https://$BOOT_SERVER:$BOOT_SERVER_PORT/$SERVER_BOOT_DIR"
57 # assemble the gpg command line
58 GPG_CMD="/usr/bin/gpg \
59 --no-default-keyring \
60 --keyring $BOOT_GPG_KEYRING \
61 --output $VERIFIED_SCRIPT \
63 --decrypt $UNVERIFIED_SCRIPT"
66 # now, contact the boot server, run the script, and do it over again.
70 if [[ -f $CANCEL_BOOT_FLAG ]]; then
71 echo "pl_boot: got request to cancel boot, exiting"
75 if [[ $first -eq 0 ]]; then
76 echo "pl_boot: fetching new script in 30 seconds"
81 echo "pl_boot: generating new nonce"
82 /usr/bin/head --bytes=32 /dev/urandom | \
83 /usr/bin/od -tx1 -An --width=32 | \
84 /bin/sed 's/ //g' > /tmp/nonce
86 echo "pl_boot: fetching script from boot server $BOOT_SERVER"
87 rm -f $UNVERIFIED_SCRIPT
90 if [ $curl_err -ne 0 ]; then
91 echo "pl_boot: curl request failed with error $curl_err:"
97 echo "pl_boot: verifying downloaded script"
98 rm -f $VERIFIED_SCRIPT
99 $GPG_CMD 2> /tmp/gpg_errors
100 if [ $? -ne 0 ]; then
101 echo "pl_boot: failed to verify file:"
106 echo "pl_boot: decrypted and verified script succesfully"
108 echo "pl_boot: handing control to download script"
109 rm -f $UNVERIFIED_SCRIPT
110 chmod +x $VERIFIED_SCRIPT
113 echo "pl_boot: downloaded script has returned"
116 echo "pl_boot: automatic boot process canceled by user"