Compare commits

..

70 Commits

Author SHA1 Message Date
c26d9c8dfb
nocloud-net is deprecated
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-03-19 09:29:14 +08:00
fd21958883
Download images from bunny.net
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-02-20 21:20:49 +08:00
5343bac65e
Revert last 4 commits
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
This reverts commit ce85723f1a.
2024-02-20 16:09:34 +08:00
7401717352
Try to reopen interfaces at the beginning
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-02-20 13:16:03 +08:00
9c7265e6d4
Try static IP first, then DHCP
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-02-20 12:57:30 +08:00
632556590b
Override DNS even for DHCP
All checks were successful
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-02-20 12:36:35 +08:00
ce85723f1a
Reduce reliance on NTP
All checks were successful
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-02-20 11:53:31 +08:00
6d3b19dfff
Whitespace change to bump version
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-01-30 10:10:50 +08:00
819efecd46
Fix backup.bitmessage.at network device names
Some checks failed
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2024-01-02 21:26:16 +01:00
46eef3e758
Add backup.bitmessage.at
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-12-11 13:12:33 +01:00
aa0cbaca9b
Add node9.sysdeploy.org
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-11-30 07:46:35 +08:00
ef36aa71a3
Use google DNS for node3.surda.cloud
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-09-19 10:55:40 +08:00
a3a1ac2969
Add node3.surda.cloud
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-09-15 09:13:43 +08:00
79c62dd58b
Print more verbose info
All checks were successful
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-07-27 10:51:38 +08:00
73a2e56742
Add node2.surda.cloud (Menara AIMS)
All checks were successful
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-07-24 11:48:52 +08:00
9380a35800
Typo
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-05-14 15:09:42 +08:00
6ccd85fe1d
Typo
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-05-14 15:03:50 +08:00
05ab34d4a2
Typo
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-05-14 14:56:39 +08:00
706c9bae02
Split EFI and non-EFI (WiP)
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-05-14 12:13:45 +08:00
1ddc2fd8d6
Move images back to images.sysdeploy.org
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
- and get rid of https
2023-05-14 11:30:37 +08:00
8ffcfa54be
Update IPAX IP addresses
All checks were successful
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
- subnet shrank and the IPs were redistributed
2023-04-02 08:47:12 +08:00
d4656d0809
Bump to jammy
Some checks failed
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2023-02-28 17:23:18 +01:00
21ac410f73
Add node5.sysdeploy.org
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-10-18 13:06:32 +08:00
dae1e27063
Remove cert debug
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 21:12:45 +08:00
af1a33cbaa
Add Letsencrypt intermediary cert
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 20:56:45 +08:00
68244b00fa
Fix ISRG root cert URL and file name
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 20:51:33 +08:00
879d196089
Cert fix
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- reduce cert debug level
- manually add current Letsencrypt certs
2022-09-20 20:47:43 +08:00
343e4a5666
Add x509 debug to ISO
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 20:34:05 +08:00
3a82e2f83c
Even more verbose debugging
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 20:26:11 +08:00
a85ec6c2cc
More cert debugging
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 20:21:04 +08:00
c719212148
Set time before downloading images
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 19:59:02 +08:00
3e71d4bdf4
Add cert debugging
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 19:51:46 +08:00
90081ecc3a
Fix root cert location (again)
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 19:39:53 +08:00
a54d3a5a69
Update root cert path
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 19:34:22 +08:00
06e4a2d9ca
Add iPXE root CA cert
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 19:28:10 +08:00
f552011aed
Fix sed command line arguments
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 18:59:59 +08:00
7bba9f8d84
Typo
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 18:58:14 +08:00
b8b71aa1bd
Refactor setting default ipxe compile options
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- reduce repeating code
- make parser more tolerant
2022-09-20 18:54:44 +08:00
943372ac70
Use whitespace match in sed
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- it looks like sometimes the config.h uses a space and sometimes a tab
2022-09-20 18:36:13 +08:00
e1c8cbcfbb
Escape spaces
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-20 18:28:00 +08:00
926ffa802f
Fix #undef parser
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- #undef in general.h is followed by two spaces, breaking the parser
2022-09-20 18:20:18 +08:00
af0a880e4a
Change floppy image to USB image
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-09-19 20:31:35 +08:00
535e6fe061
Revert to default ubuntu images
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- get rid of EFI squashfs boot, there is no use for it now
- makes it unnecessary to build extra images
2022-09-19 19:36:35 +08:00
438470ad55
Typo in node8.sysdeploy.org
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- gateway was wrong
2022-08-03 09:50:42 +08:00
61e80eea73
Add node8.sysdeploy.org
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-08-02 22:06:29 +08:00
688d87fcd4
Fix hostname
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
- only in comments, no functional change
2022-07-27 14:59:10 +08:00
d3122e92f7
Add node6.sysdeploy.org
Some checks failed
buildbot/travis_bionic Build done.
buildbot/multibuild_parent Build done.
buildbot/ipxe_x86_build_and_release Build done.
2022-07-27 09:58:01 +08:00
243906ba6b
Fix EFI signing cert (typo)
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-12-01 23:04:35 +08:00
ca76f25aa4
EFI signing debug
Some checks failed
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-12-01 22:38:38 +08:00
e3ace96932
Fix EFI signing
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-12-01 22:30:46 +08:00
93998bd7a7
Add signing to EFI
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-12-01 22:14:29 +08:00
255a95b0cd
node4.sysdeploy.org interface name change
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-29 17:46:45 +08:00
d8762420c8
Add node4.sysdeploy.org MAC
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-29 15:31:54 +08:00
28edcef522
Add floppy disk image
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-29 14:58:38 +08:00
f227080af7
V2 cloud-init sysdeploy API with UUID
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-19 16:37:53 +08:00
a71be1a44e
Typo
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-03 15:34:48 +08:00
a3d3a33b60
Image verify name fix
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-03 14:32:43 +08:00
009bbb05d6
Combine initrd and squashfs and unified boot
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
- one one initrd which also includes squashfs
- same procedure for EFI and non-EFI
2021-11-03 14:18:01 +08:00
5623a9dd8c
Redesign EFI boot
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
- I didn't understand correctly how it works, both cpio archives should be
  uncompressed
2021-11-03 13:52:49 +08:00
33c4bfb58e
Redesign EFI boot
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
- concatenating two gzipped cpio archives doesn't work, so we need to do it
  differently
2021-11-03 13:40:02 +08:00
3c694ab4f4
Kernel command line fix for multiple initrd
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-03 12:36:05 +08:00
a77e66c18a
Split EFI and legacy boot
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
- needs to work slightly differently
2021-11-03 11:10:44 +08:00
ba9f7e23bf
Append squashfs.cpio.gz into initrd
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-11-02 23:06:28 +08:00
6cf7728451
Add: node3.sysdeploy.org
All checks were successful
buildbot/travis_bionic Build done.
buildbot/ipxe_x86_build_and_release Build done.
2021-07-31 13:28:22 +08:00
4e2bb6630d
Dummy commit to force buildbot rebuild (removed trailing whitespace in embed.ipxe) 2021-05-29 06:22:13 -07:00
c4a532ebae
Add functionality for BuildBot to build and release IPXE EFI 2021-05-27 23:04:33 -07:00
9655c066f8
Add functions to build PXE bin and upload as release artifact 2021-05-05 05:12:24 -07:00
33fbab7679
Add: correct IP for node2.bitmessage.at 2021-05-05 11:50:00 +02:00
c5e2c6a4a3
Add: node2.bitmessage.at
- at the moment only a fake IP address for testing purposes
- will provide real IP in a future commit
2021-05-02 20:41:02 +02:00
bffbacba14
Fix failure to try second NIC when first NIC is present but has no connectivity 2021-05-01 23:50:28 -07:00
2 changed files with 551 additions and 50 deletions

View File

@ -1,5 +1,6 @@
#!/usr/bin/env bash
LE_CERT=isrgrootx1.pem,isrg-root-x2.pem,lets-encrypt-r3.pem
function clone_ipxe_upstream() {
local ipxe_src_dir="$1"
@ -28,25 +29,27 @@ function sed_enabled_ipxe_features() {
return 1
fi
sed -i 's/^\/\/\#define\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\/\/\#define\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
for OPTION in DOWNLOAD_PROTO_HTTPS \
NSLOOKUP_CMD \
TIME_CMD \
DIGEST_CMD \
REBOOT_CMD \
POWEROFF_CMD \
IMAGE_TRUST_CMD \
NTP_CMD \
CERT_CMD
do
sed -i -r \
"s/^\\/+#define[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
"${ipxe_src_dir}/src/config/general.h"
sed -i -r \
"s/^#undef[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
"${ipxe_src_dir}/src/config/general.h"
done
sed -i 's/^\#undef\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
echo "Downloading default iPXE CA certificate"
cd ipxe/src
wget https://letsencrypt.org/certs/{isrgrootx1,isrg-root-x2,lets-encrypt-r3}.pem
return 0
}
@ -81,7 +84,7 @@ function make_ipxe_lkrn() {
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr"
return 0
@ -117,7 +120,121 @@ function make_ipxe_iso() {
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.iso EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr"
return 0
}
function make_ipxe_dsk() {
local ipxe_src_dir="$1"
local embed_file="$2"
local signing_cert="$3"
local ca_cert="$4"
embed_file="$(realpath "${embed_file}")"
signing_cert="$(realpath "${signing_cert}")"
ca_cert="$(realpath "${ca_cert}")"
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "$embed_file" ]]; then
>&2 echo "IPXE embedded file does not exist."
return 1
fi
if [[ ! -f "$signing_cert" ]]; then
>&2 echo "IPXE signing cert does not exist."
return 1
fi
if [[ ! -f "${ca_cert}" ]]; then
>&2 echo "IPXE CA cert does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr"
return 0
}
function make_ipxe_pxe() {
local ipxe_src_dir="$1"
local embed_file="$2"
local signing_cert="$3"
local ca_cert="$4"
embed_file="$(realpath "${embed_file}")"
signing_cert="$(realpath "${signing_cert}")"
ca_cert="$(realpath "${ca_cert}")"
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "$embed_file" ]]; then
>&2 echo "IPXE embedded file does not exist."
return 1
fi
if [[ ! -f "$signing_cert" ]]; then
>&2 echo "IPXE signing cert does not exist."
return 1
fi
if [[ ! -f "${ca_cert}" ]]; then
>&2 echo "IPXE CA cert does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr"
return 0
}
function make_ipxe_efi() {
local ipxe_src_dir="$1"
local embed_file="$2"
local signing_cert="$3"
local ca_cert="$4"
local efi_key="$5"
local efi_cert="$6"
embed_file="$(realpath "${embed_file}")"
signing_cert="$(realpath "${signing_cert}")"
ca_cert="$(realpath "${ca_cert}")"
efi_key="$(realpath "${efi_key}")"
efi_cert="$(realpath "${efi_cert}")"
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "$embed_file" ]]; then
>&2 echo "IPXE embedded file does not exist."
return 1
fi
if [[ ! -f "$signing_cert" ]]; then
>&2 echo "IPXE signing cert does not exist."
return 1
fi
if [[ ! -f "${ca_cert}" ]]; then
>&2 echo "IPXE CA cert does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
mv bin-x86_64-efi/ipxe.efi bin/
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi
cd "$curr"
return 0
@ -138,11 +255,24 @@ function make_ipxe_bin_shasums() {
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
>&2 echo "IPXE USB build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/bin/" || return 1
sha256sum ipxe.lkrn ipxe.iso > SHA256SUMS || return 2
sha256sum ipxe.lkrn ipxe.iso ipxe.usb ipxe.pxe ipxe.efi > SHA256SUMS || return 2
cd "$curr"
return 0
}
@ -297,6 +427,18 @@ function upload_release_ipxe_lkrn() {
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
>&2 echo "IPXE USB build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
@ -378,6 +520,14 @@ function upload_release_ipxe_iso() {
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
@ -419,6 +569,277 @@ function upload_release_ipxe_iso() {
return 0
}
function upload_release_ipxe_dsk() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
local branch="$3"
local repo_user="$4"
local repo_name="$5"
local api_token_file="$6"
if [ ! -d "$git_repo_dir" ]; then
>&2 echo "Supplied directory does not exist."
return 1
fi
if [[ -z "$branch" ]]; then
>&2 echo "No branch specified."
return 1
fi
if [[ -z "$repo_user" ]]; then
>&2 echo "No repo username specified."
return 1
fi
if [[ -z "$repo_name" ]]; then
>&2 echo "No repo name specified."
return 1
fi
if [[ ! -f "$api_token_file" ]]; then
>&2 echo "API token file does not exist."
return 1
fi
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
>&2 echo "IPXE lkrn build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
>&2 echo "IPXE USB build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
fi
curr="$(pwd)"
cd "$git_repo_dir"
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.usb" \
-H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \
-i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.usb" > release_usb.txt
cat release_usb.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.usb as a release attachment failed."
return 2
fi
tail -n 1 release_usb.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.usb as a release attachment failed."
return 2
fi
cd "$curr"
return 0
}
function upload_release_ipxe_pxe() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
local branch="$3"
local repo_user="$4"
local repo_name="$5"
local api_token_file="$6"
if [ ! -d "$git_repo_dir" ]; then
>&2 echo "Supplied directory does not exist."
return 1
fi
if [[ -z "$branch" ]]; then
>&2 echo "No branch specified."
return 1
fi
if [[ -z "$repo_user" ]]; then
>&2 echo "No repo username specified."
return 1
fi
if [[ -z "$repo_name" ]]; then
>&2 echo "No repo name specified."
return 1
fi
if [[ ! -f "$api_token_file" ]]; then
>&2 echo "API token file does not exist."
return 1
fi
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
>&2 echo "IPXE lkrn build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
fi
curr="$(pwd)"
cd "$git_repo_dir"
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.pxe" \
-H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \
-i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.pxe" > release_pxe.txt
cat release_pxe.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.pxe as a release attachment failed."
return 2
fi
tail -n 1 release_pxe.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.pxe as a release attachment failed."
return 2
fi
cd "$curr"
return 0
}
function upload_release_ipxe_efi() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
local branch="$3"
local repo_user="$4"
local repo_name="$5"
local api_token_file="$6"
if [ ! -d "$git_repo_dir" ]; then
>&2 echo "Supplied directory does not exist."
return 1
fi
if [[ -z "$branch" ]]; then
>&2 echo "No branch specified."
return 1
fi
if [[ -z "$repo_user" ]]; then
>&2 echo "No repo username specified."
return 1
fi
if [[ -z "$repo_name" ]]; then
>&2 echo "No repo name specified."
return 1
fi
if [[ ! -f "$api_token_file" ]]; then
>&2 echo "API token file does not exist."
return 1
fi
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
>&2 echo "IPXE lkrn build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
fi
curr="$(pwd)"
cd "$git_repo_dir"
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.efi" \
-H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \
-i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.efi" > release_efi.txt
cat release_efi.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.efi as a release attachment failed."
return 2
fi
tail -n 1 release_efi.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.efi as a release attachment failed."
return 2
fi
cd "$curr"
return 0
}
function upload_release_ipxe_shasums() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
@ -459,6 +880,14 @@ function upload_release_ipxe_shasums() {
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1

View File

@ -9,8 +9,8 @@
imgtrust --permanent
# For the "focal" part of the URL string, in case that changes in the future.
set ubuntu-variant focal
# For the "jammy" part of the URL string, in case that changes in the future.
set ubuntu-variant jammy
goto get_arch
@ -35,14 +35,47 @@ isset ${net${idx}/mac} || goto loop_done
######################## SET STATIC IP INFO HERE #############################
# Just copy/paste an entire line to add more
#
echo Checking net${idx}
echo Checking net${idx} for a static IP config
# node1.bitmessage.at
iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node2.bitmessage.at
iseq ${net${idx}/mac} 28:80:23:a7:52:d0 && set ip-dev-name eno1 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 28:80:23:a7:52:d1 && set ip-dev-name eno2 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node1.surda.cloud
iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node2.surda.cloud
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d6 && set ip-dev-name eno1 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d7 && set ip-dev-name eno2 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d8 && set ip-dev-name eno3 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d9 && set ip-dev-name eno4 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node3.surda.cloud
iseq ${net${idx}/mac} b8:2a:72:d5:05:36 && set ip-dev-name eno1 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:37 && set ip-dev-name eno2 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:38 && set ip-dev-name eno3 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:39 && set ip-dev-name eno4 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
# node3.sysdeploy.org
iseq ${net${idx}/mac} 00:25:90:a2:9f:e9 && set ip-dev-name eno2 && set ip-addr 104.251.122.45 && set ip-gateway 104.251.122.44 && set ip-netmask 255.255.255.254 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node4.sysdeploy.org
iseq ${net${idx}/mac} 0c:c4:7a:04:ca:60 && set ip-dev-name eno1 && set ip-addr 50.2.185.50 && set ip-gateway 50.2.185.49 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node5.sysdeploy.org
iseq ${net${idx}/mac} d8:9d:67:72:09:50 && set ip-dev-name eno1 && set ip-addr 82.118.227.210 && set ip-gateway 82.118.227.209 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node7.sysdeploy.org
iseq ${net${idx}/mac} 34:17:eb:ea:78:b0 && set ip-dev-name eno1 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 34:17:eb:ea:78:b1 && set ip-dev-name eno2 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node8.sysdeploy.org
iseq ${net${idx}/mac} bc:30:5b:de:3a:9e && set ip-dev-name eno1 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} bc:30:5b:de:3a:9f && set ip-dev-name eno2 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node9.sysdeploy.org
iseq ${net${idx}/mac} 00:25:90:a9:73:76 && set ip-dev-name eno1 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
#iseq ${net${idx}/mac} 00:25:90:a9:73:77 && set ip-dev-name enp0s25 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# backup.bitmessage.at
iseq ${net${idx}/mac} a8:a1:59:c7:21:8f && set ip-dev-name enp39s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} a8:a1:59:c7:21:90 && set ip-dev-name enp38s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# if you don't know the linux interface name, use "clear ip-dev-name", then
# it will use ALL interfaces
@ -56,7 +89,9 @@ inc idx && goto loop
iseq ${successful} f && goto error_handler ||
# If on the other hand we're successful, then we construct the kernel ip= line
set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns}
set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns} && echo Static IP found
echo ip-info ${ip-info}
# And setup IPXE networking.
@ -89,12 +124,38 @@ goto boot_all
#################
:try_next_card
imgfree
ifclose
sleep 1
# If dhcp, it will go to the static boot, which already has ifopen
iseq ip-info dhcp || ifopen
iseq ip-info dhcp || sleep 1
iseq ip-info dhcp && clear ip-info && goto try_static_from_dhcp_fail || goto try_next_static_card
:try_static_from_dhcp_fail
iseq arch-info arm64 && goto static_ip_boot_arm64 ||
iseq arch-info amd64 && goto static_ip_boot_amd64 ||
goto error_handler
:try_next_static_card
isset ip-dev-name && clear ip-dev-name
isset ip-addr && clear ip-addr
isset ip-gateway && clear ip-gateway
isset ip-netmask && clear ip-netmask
isset ip-dns && clear ip-dns
isset successful && clear successful
set successful f
isset idx && inc idx || goto error_handler
goto loop
# In case we want to... log?? Or do something else.
:error_handler
echo "###########################################################"
echo "An unspecified error has occurred."
echo "The system will sleep for two minutes and then reboot."
echo "###########################################################"
echo ###########################################################
echo An unspecified error has occurred.
echo The system will sleep for two minutes and then reboot.
echo ###########################################################
sleep 60
sleep 60
reboot
@ -103,7 +164,6 @@ sleep 5
exit
# Get relevant CPU arch.
:get_arch
iseq ${buildarch} arm32 && goto start_arm32 ||
@ -112,7 +172,6 @@ iseq ${buildarch} i386 && goto start_i386 ||
iseq ${buildarch} x86_64 && goto start_amd64 ||
goto error_handler
# Builds may be done on 32-bit, but machines will always be 64-bit.
# Keep this section just in case we want to use 32-bit machines in the future.
:start_arm32
@ -151,18 +210,20 @@ goto static_ip_boot_setup
:boot_all
# Get accurate time so we can set the clock in kernel boot cmdline
echo Syncing time over NTP
ntp pool.ntp.org || goto error_handler
# check for EFI
iseq ${platform} efi && goto is_efi || goto not_efi
# We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
# integrity and validation to imgverify.
# Naming the squashfs download "/squashfs" is required, otherwise the boot
# kernel fails to load it in the "root=" part of the kernel cmdline.
# However, note that imgverify will fail if you refer to it as "/squashfs"
# instead of "squashfs".
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto error_handler
imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
# "--signer" validates against the subject common name field of the signing
# certificate. That signing cert must have both the digital signature key
# usage set and the code-signing key usage extension set.
@ -171,25 +232,36 @@ imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${u
# make sure you pick a common name with a FQDN you control, even if you're
# using a custom CA that you import during build.
:is_efi
echo Attempting EFI boot
set initrd1 initrd=initrd.cpio
isset initrd2 && clear initrd2
initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto error_handler
imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio || goto try_next_card
imgverify --signer images.sysdeploy.org initrd.cpio http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler
kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto error_handler
imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
goto efi_and_not_efi
:not_efi
echo Attempting legacy boot
set initrd1 initrd=boot-initrd
set initrd2 initrd=squashfs
# Get accurate time so we can set the clock in kernel boot cmdline
ntp pool.ntp.org || goto error_handler
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card
imgverify --signer images.sysdeploy.org squashfs http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
echo ip-info ${ip-info}
initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card
imgverify --signer images.sysdeploy.org boot-initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
:efi_and_not_efi
kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
imgverify --signer images.sysdeploy.org boot-kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
sleep 1
boot boot-kernel initrd=boot-initrd rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/ || goto error_handler
boot boot-kernel ${initrd1} ${initrd2} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler
# unixtime variable must be used with int32, because that's the only way it
# will display as decimal digits. unit32 and string both display as hex.
# Therefore this will stop working in 2038.