3 # Run gpg once to create default options
6 /usr/bin/gpg --yes 2>/dev/null </dev/null
8 # where all the configuration files for contacting
9 # the boot server are stored
12 # get the server we are going to be contacting
13 BOOT_SERVER=`cat $BOOT_DIR/boot_server`
14 BOOT_SERVER_PORT=`cat $BOOT_DIR/boot_server_port`
16 # the file to request from the boot server
17 SERVER_BOOT_DIR=`cat $BOOT_DIR/boot_server_path`
19 # location of the cacert for this boot server
20 BOOT_CACERT=$BOOT_DIR/cacert.pem
22 # location of the gpg key ring to verify scripts
23 BOOT_GPG_KEYRING=$BOOT_DIR/pubring.gpg
25 # location of a file containing this boot cd version
26 BOOT_VERSION_FILE=/pl_version
28 # the locations of the downloaded scripts
29 UNVERIFIED_SCRIPT=/tmp/bootscript.gpg
30 VERIFIED_SCRIPT=/tmp/bootscript
32 # asemble the curl transaction
33 CURL_CMD="/usr/bin/curl \
34 --connect-timeout 60 \
36 --form version=<$BOOT_VERSION_FILE \
37 --form cmdline=</proc/cmdline \
38 --form uptime=</proc/uptime \
39 --form ifconfig=</tmp/ifconfig \
40 --form cpuinfo=</proc/cpuinfo \
41 --form meminfo=</proc/meminfo \
42 --form nonce=</tmp/nonce \
44 --output $UNVERIFIED_SCRIPT \
49 --stderr /tmp/curl_errors \
50 --cacert $BOOT_CACERT \
51 https://$BOOT_SERVER:$BOOT_SERVER_PORT/$SERVER_BOOT_DIR"
54 # assemble the gpg command line
55 GPG_CMD="/usr/bin/gpg \
56 --no-default-keyring \
57 --keyring $BOOT_GPG_KEYRING \
58 --output $VERIFIED_SCRIPT \
60 --decrypt $UNVERIFIED_SCRIPT"
63 # now, contact the boot server, run the script, and do it over again.
67 if [[ $first -eq 0 ]]; then
68 echo "pl_boot: fetching new script in 30 seconds"
73 echo "pl_boot: generating new nonce"
74 /usr/bin/head --bytes=32 /dev/urandom | \
75 /usr/bin/od -tx1 -An --width=32 | \
76 /bin/sed 's/ //g' > /tmp/nonce
78 echo "pl_boot: fetching script from boot server $BOOT_SERVER"
79 rm -f $UNVERIFIED_SCRIPT
82 if [ $curl_err -ne 0 ]; then
83 echo "pl_boot: curl request failed with error $curl_err:"
89 echo "pl_boot: verifing downloaded script"
90 rm -f $VERIFIED_SCRIPT
91 $GPG_CMD 2> /tmp/gpg_errors
93 echo "pl_boot: failed to verify file:"
98 echo "pl_boot: decrypted and verified script succesfully"
100 echo "pl_boot: handing control to download script"
101 rm -f $UNVERIFIED_SCRIPT
102 chmod +x $VERIFIED_SCRIPT
105 echo "pl_boot: downloaded script has returned"
108 echo "pl_boot: automatic boot process canceled"