5 # Run gpg once to create default options
8 /usr/bin/gpg --yes 2>/dev/null </dev/null
10 # if this file is present, cancel the boot (exit this script)
11 CANCEL_BOOT_FLAG=/tmp/CANCEL_BOOT
13 # how many times to fail in attempting to contact primary server
14 # before falling back to original. if the backup fails this many times
15 # too, then the process is repeated started with the primary server
16 ATTEMPTS_BEFORE_BACKUP=3
18 # where all the configuration files for contacting
19 # the boot server are stored
22 # get the server we are going to be contacting
23 BOOT_SERVER=`cat $BOOT_DIR/boot_server`
24 BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port`
26 # the file to request from the boot server
27 BOOT_SERVER_PATH=`cat $BOOT_DIR/boot_server_path`
29 # location of the cacert for this boot server
30 BOOT_SERVER_CACERT=$BOOT_DIR/cacert.pem
32 # location of the gpg key ring to verify scripts
33 BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/pubring.gpg
35 # get the backup server we are going to be contacting
36 BACKUP_BOOT_SERVER=`cat $BOOT_DIR/backup/boot_server`
37 BACKUP_BOOT_SERVER_PORT=`cat $BOOT_DIR/backup/boot_server_port`
39 # the file to request from the backup boot server
40 BACKUP_BOOT_SERVER_PATH=`cat $BOOT_DIR/backup/boot_server_path`
42 # location of the cacert for the backup boot server
43 BACKUP_BOOT_SERVER_CACERT=$BOOT_DIR/backup/cacert.pem
45 # location of the gpg key ring for backup server to verify scripts
46 BACKUP_BOOT_SERVER_GPG_KEYRING=$BOOT_DIR/backup/pubring.gpg
48 # location of a file containing this boot cd version
49 BOOT_VERSION_FILE=/pl_version
51 # the locations of the downloaded scripts
52 UNVERIFIED_SCRIPT=/tmp/bootscript.gpg
53 VERIFIED_SCRIPT=/tmp/bootscript
56 # --------------------------
59 # now, contact the boot server, run the script, and do it over again.
62 # set to one when we are trying to contact backup server
65 # start out contacting the primary servers
66 CONNECT_BOOT_SERVER=$BOOT_SERVER
67 CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT
68 CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH
69 CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
70 CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
74 if [[ -f $CANCEL_BOOT_FLAG ]]; then
75 echo "pl_boot: got request to cancel boot, exiting"
79 if [[ $contact_count -ge $ATTEMPTS_BEFORE_BACKUP ]]; then
83 if [[ $on_backup_server == 1 ]]; then
84 echo "pl_boot: failed to contact backup server, trying primary."
88 CONNECT_BOOT_SERVER=$BOOT_SERVER
89 CONNECT_BOOT_SERVER_PORT=$BOOT_SERVER_PORT
90 CONNECT_BOOT_SERVER_PATH=$BOOT_SERVER_PATH
91 CONNECT_BOOT_SERVER_GPG_KEYRING=$BOOT_SERVER_GPG_KEYRING
92 CONNECT_BOOT_SERVER_CACERT=$BOOT_SERVER_CACERT
94 echo "pl_boot: failed to contact primary server, trying backup."
98 CONNECT_BOOT_SERVER=$BACKUP_BOOT_SERVER
99 CONNECT_BOOT_SERVER_PORT=$BACKUP_BOOT_SERVER_PORT
100 CONNECT_BOOT_SERVER_PATH=$BACKUP_BOOT_SERVER_PATH
101 CONNECT_BOOT_SERVER_GPG_KEYRING=$BACKUP_BOOT_SERVER_GPG_KEYRING
102 CONNECT_BOOT_SERVER_CACERT=$BACKUP_BOOT_SERVER_CACERT
106 if [[ $contact_count != 0 ]]; then
108 if [[ $on_backup_server == 1 ]]; then
109 echo "pl_boot: attempting to fetch script from backup server in 30s"
111 echo "pl_boot: attempting to fetch script from primary server in 30s"
116 # assemble the curl transaction
117 CURL_CMD="/usr/bin/curl \
118 --connect-timeout 60 \
120 --form version=<$BOOT_VERSION_FILE \
121 --form cmdline=</proc/cmdline \
122 --form uptime=</proc/uptime \
123 --form ifconfig=</tmp/ifconfig \
124 --form nonce=</tmp/nonce \
126 --output $UNVERIFIED_SCRIPT \
131 --stderr /tmp/curl_errors \
132 --cacert $CONNECT_BOOT_SERVER_CACERT \
133 https://$CONNECT_BOOT_SERVER:$CONNECT_BOOT_SERVER_PORT/$CONNECT_BOOT_SERVER_PATH"
135 # assemble the gpg command line
136 GPG_CMD="/usr/bin/gpg \
137 --no-default-keyring \
138 --keyring $CONNECT_BOOT_SERVER_GPG_KEYRING \
139 --output $VERIFIED_SCRIPT \
141 --decrypt $UNVERIFIED_SCRIPT"
143 echo "pl_boot: generating new nonce"
144 /usr/bin/head --bytes=32 /dev/urandom | \
145 /usr/bin/od -tx1 -An --width=32 | \
146 /bin/sed 's/ //g' > /tmp/nonce
148 echo "pl_boot: fetching script from boot server $CONNECT_BOOT_SERVER"
150 rm -f $UNVERIFIED_SCRIPT
153 if [ $curl_err -ne 0 ]; then
154 echo "pl_boot: curl request failed with error $curl_err:"
157 if [ -n "$DISCONNECTED_OPERATION" ]; then
158 mkdir /tmp/boot-media
159 mount -U "$DISCONNECTED_OPERATION" /tmp/boot-media
160 cp /tmp/boot-media/bootscript.gpg $UNVERIFIED_SCRIPT
161 umount /tmp/boot-media
162 rmdir /tmp/boot-media
166 elif [ -n "$DISCONNECTED_OPERATION" ]; then
167 mkdir /tmp/boot-media
168 mount -U "$DISCONNECTED_OPERATION" /tmp/boot-media
169 cp $UNVERIFIED_SCRIPT /tmp/boot-media
170 umount /tmp/boot-media
171 rmdir /tmp/boot-media
174 echo "pl_boot: verifying downloaded script"
175 rm -f $VERIFIED_SCRIPT
176 $GPG_CMD 2> /tmp/gpg_errors
177 if [ $? -ne 0 ]; then
178 echo "pl_boot: failed to verify file:"
183 echo "pl_boot: decrypted and verified script succesfully"
185 echo "pl_boot: handing control to download script"
186 rm -f $UNVERIFIED_SCRIPT
187 chmod +x $VERIFIED_SCRIPT
190 echo "pl_boot: downloaded script has returned"
193 echo "pl_boot: automatic boot process canceled by user"