Compare commits

..

No commits in common. "master" and "g_040fa526b4301be17db990f20da4e9ee9b093e3b" have entirely different histories.

2 changed files with 50 additions and 551 deletions

View File

@ -1,6 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
LE_CERT=isrgrootx1.pem,isrg-root-x2.pem,lets-encrypt-r3.pem
function clone_ipxe_upstream() { function clone_ipxe_upstream() {
local ipxe_src_dir="$1" local ipxe_src_dir="$1"
@ -29,27 +28,25 @@ function sed_enabled_ipxe_features() {
return 1 return 1
fi fi
for OPTION in DOWNLOAD_PROTO_HTTPS \ sed -i 's/^\/\/\#define\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
NSLOOKUP_CMD \ sed -i 's/^\/\/\#define\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
TIME_CMD \ sed -i 's/^\/\/\#define\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
DIGEST_CMD \ sed -i 's/^\/\/\#define\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
REBOOT_CMD \ sed -i 's/^\/\/\#define\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
POWEROFF_CMD \ sed -i 's/^\/\/\#define\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
IMAGE_TRUST_CMD \ sed -i 's/^\/\/\#define\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
NTP_CMD \ sed -i 's/^\/\/\#define\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
CERT_CMD sed -i 's/^\/\/\#define\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
do
sed -i -r \
"s/^\\/+#define[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
"${ipxe_src_dir}/src/config/general.h"
sed -i -r \
"s/^#undef[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
"${ipxe_src_dir}/src/config/general.h"
done
echo "Downloading default iPXE CA certificate" sed -i 's/^\#undef\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
cd ipxe/src sed -i 's/^\#undef\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
wget https://letsencrypt.org/certs/{isrgrootx1,isrg-root-x2,lets-encrypt-r3}.pem sed -i 's/^\#undef\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
return 0 return 0
} }
@ -84,7 +81,7 @@ function make_ipxe_lkrn() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin/ipxe.lkrn EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -120,121 +117,7 @@ function make_ipxe_iso() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin/ipxe.iso EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
cd "$curr"
return 0
}
function make_ipxe_dsk() {
local ipxe_src_dir="$1"
local embed_file="$2"
local signing_cert="$3"
local ca_cert="$4"
embed_file="$(realpath "${embed_file}")"
signing_cert="$(realpath "${signing_cert}")"
ca_cert="$(realpath "${ca_cert}")"
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "$embed_file" ]]; then
>&2 echo "IPXE embedded file does not exist."
return 1
fi
if [[ ! -f "$signing_cert" ]]; then
>&2 echo "IPXE signing cert does not exist."
return 1
fi
if [[ ! -f "${ca_cert}" ]]; then
>&2 echo "IPXE CA cert does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr"
return 0
}
function make_ipxe_pxe() {
local ipxe_src_dir="$1"
local embed_file="$2"
local signing_cert="$3"
local ca_cert="$4"
embed_file="$(realpath "${embed_file}")"
signing_cert="$(realpath "${signing_cert}")"
ca_cert="$(realpath "${ca_cert}")"
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "$embed_file" ]]; then
>&2 echo "IPXE embedded file does not exist."
return 1
fi
if [[ ! -f "$signing_cert" ]]; then
>&2 echo "IPXE signing cert does not exist."
return 1
fi
if [[ ! -f "${ca_cert}" ]]; then
>&2 echo "IPXE CA cert does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr"
return 0
}
function make_ipxe_efi() {
local ipxe_src_dir="$1"
local embed_file="$2"
local signing_cert="$3"
local ca_cert="$4"
local efi_key="$5"
local efi_cert="$6"
embed_file="$(realpath "${embed_file}")"
signing_cert="$(realpath "${signing_cert}")"
ca_cert="$(realpath "${ca_cert}")"
efi_key="$(realpath "${efi_key}")"
efi_cert="$(realpath "${efi_cert}")"
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "$embed_file" ]]; then
>&2 echo "IPXE embedded file does not exist."
return 1
fi
if [[ ! -f "$signing_cert" ]]; then
>&2 echo "IPXE signing cert does not exist."
return 1
fi
if [[ ! -f "${ca_cert}" ]]; then
>&2 echo "IPXE CA cert does not exist."
return 1
fi
curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
mv bin-x86_64-efi/ipxe.efi bin/
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi
cd "$curr" cd "$curr"
return 0 return 0
@ -255,24 +138,11 @@ function make_ipxe_bin_shasums() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
>&2 echo "IPXE USB build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/bin/" || return 1 cd "${ipxe_src_dir}/src/bin/" || return 1
sha256sum ipxe.lkrn ipxe.iso ipxe.usb ipxe.pxe ipxe.efi > SHA256SUMS || return 2 sha256sum ipxe.lkrn ipxe.iso > SHA256SUMS || return 2
cd "$curr" cd "$curr"
return 0 return 0
} }
@ -427,18 +297,6 @@ function upload_release_ipxe_lkrn() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
>&2 echo "IPXE USB build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist." >&2 echo "IPXE sha256sums file does not exist."
return 1 return 1
@ -520,14 +378,6 @@ function upload_release_ipxe_iso() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist." >&2 echo "IPXE sha256sums file does not exist."
return 1 return 1
@ -569,277 +419,6 @@ function upload_release_ipxe_iso() {
return 0 return 0
} }
function upload_release_ipxe_dsk() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
local branch="$3"
local repo_user="$4"
local repo_name="$5"
local api_token_file="$6"
if [ ! -d "$git_repo_dir" ]; then
>&2 echo "Supplied directory does not exist."
return 1
fi
if [[ -z "$branch" ]]; then
>&2 echo "No branch specified."
return 1
fi
if [[ -z "$repo_user" ]]; then
>&2 echo "No repo username specified."
return 1
fi
if [[ -z "$repo_name" ]]; then
>&2 echo "No repo name specified."
return 1
fi
if [[ ! -f "$api_token_file" ]]; then
>&2 echo "API token file does not exist."
return 1
fi
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
>&2 echo "IPXE lkrn build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
>&2 echo "IPXE USB build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
fi
curr="$(pwd)"
cd "$git_repo_dir"
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.usb" \
-H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \
-i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.usb" > release_usb.txt
cat release_usb.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.usb as a release attachment failed."
return 2
fi
tail -n 1 release_usb.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.usb as a release attachment failed."
return 2
fi
cd "$curr"
return 0
}
function upload_release_ipxe_pxe() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
local branch="$3"
local repo_user="$4"
local repo_name="$5"
local api_token_file="$6"
if [ ! -d "$git_repo_dir" ]; then
>&2 echo "Supplied directory does not exist."
return 1
fi
if [[ -z "$branch" ]]; then
>&2 echo "No branch specified."
return 1
fi
if [[ -z "$repo_user" ]]; then
>&2 echo "No repo username specified."
return 1
fi
if [[ -z "$repo_name" ]]; then
>&2 echo "No repo name specified."
return 1
fi
if [[ ! -f "$api_token_file" ]]; then
>&2 echo "API token file does not exist."
return 1
fi
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
>&2 echo "IPXE lkrn build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
fi
curr="$(pwd)"
cd "$git_repo_dir"
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.pxe" \
-H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \
-i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.pxe" > release_pxe.txt
cat release_pxe.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.pxe as a release attachment failed."
return 2
fi
tail -n 1 release_pxe.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.pxe as a release attachment failed."
return 2
fi
cd "$curr"
return 0
}
function upload_release_ipxe_efi() {
local ipxe_src_dir="$1"
local git_repo_dir="$2"
local branch="$3"
local repo_user="$4"
local repo_name="$5"
local api_token_file="$6"
if [ ! -d "$git_repo_dir" ]; then
>&2 echo "Supplied directory does not exist."
return 1
fi
if [[ -z "$branch" ]]; then
>&2 echo "No branch specified."
return 1
fi
if [[ -z "$repo_user" ]]; then
>&2 echo "No repo username specified."
return 1
fi
if [[ -z "$repo_name" ]]; then
>&2 echo "No repo name specified."
return 1
fi
if [[ ! -f "$api_token_file" ]]; then
>&2 echo "API token file does not exist."
return 1
fi
if [ ! -d "$ipxe_src_dir" ]; then
>&2 echo "IPXE supplied directory does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
>&2 echo "IPXE lkrn build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
>&2 echo "IPXE iso build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist."
return 1
fi
curr="$(pwd)"
cd "$git_repo_dir"
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The release info from the curl step cannot be found."
return 2
fi
releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.efi" \
-H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \
-i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.efi" > release_efi.txt
cat release_efi.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.efi as a release attachment failed."
return 2
fi
tail -n 1 release_efi.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.efi as a release attachment failed."
return 2
fi
cd "$curr"
return 0
}
function upload_release_ipxe_shasums() { function upload_release_ipxe_shasums() {
local ipxe_src_dir="$1" local ipxe_src_dir="$1"
local git_repo_dir="$2" local git_repo_dir="$2"
@ -880,14 +459,6 @@ function upload_release_ipxe_shasums() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
>&2 echo "IPXE pxe build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
>&2 echo "IPXE efi build file does not exist."
return 1
fi
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
>&2 echo "IPXE sha256sums file does not exist." >&2 echo "IPXE sha256sums file does not exist."
return 1 return 1

View File

@ -9,8 +9,8 @@
imgtrust --permanent imgtrust --permanent
# For the "jammy" part of the URL string, in case that changes in the future. # For the "focal" part of the URL string, in case that changes in the future.
set ubuntu-variant jammy set ubuntu-variant focal
goto get_arch goto get_arch
@ -35,47 +35,14 @@ isset ${net${idx}/mac} || goto loop_done
######################## SET STATIC IP INFO HERE ############################# ######################## SET STATIC IP INFO HERE #############################
# Just copy/paste an entire line to add more # Just copy/paste an entire line to add more
# #
echo Checking net${idx} for a static IP config echo Checking net${idx}
# node1.bitmessage.at # node1.bitmessage.at
iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node2.bitmessage.at
iseq ${net${idx}/mac} 28:80:23:a7:52:d0 && set ip-dev-name eno1 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 28:80:23:a7:52:d1 && set ip-dev-name eno2 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node1.surda.cloud # node1.surda.cloud
iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node2.surda.cloud
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d6 && set ip-dev-name eno1 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d7 && set ip-dev-name eno2 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d8 && set ip-dev-name eno3 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d9 && set ip-dev-name eno4 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node3.surda.cloud
iseq ${net${idx}/mac} b8:2a:72:d5:05:36 && set ip-dev-name eno1 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:37 && set ip-dev-name eno2 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:38 && set ip-dev-name eno3 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:39 && set ip-dev-name eno4 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
# node3.sysdeploy.org
iseq ${net${idx}/mac} 00:25:90:a2:9f:e9 && set ip-dev-name eno2 && set ip-addr 104.251.122.45 && set ip-gateway 104.251.122.44 && set ip-netmask 255.255.255.254 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node4.sysdeploy.org
iseq ${net${idx}/mac} 0c:c4:7a:04:ca:60 && set ip-dev-name eno1 && set ip-addr 50.2.185.50 && set ip-gateway 50.2.185.49 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node5.sysdeploy.org
iseq ${net${idx}/mac} d8:9d:67:72:09:50 && set ip-dev-name eno1 && set ip-addr 82.118.227.210 && set ip-gateway 82.118.227.209 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node7.sysdeploy.org
iseq ${net${idx}/mac} 34:17:eb:ea:78:b0 && set ip-dev-name eno1 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 34:17:eb:ea:78:b1 && set ip-dev-name eno2 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node8.sysdeploy.org
iseq ${net${idx}/mac} bc:30:5b:de:3a:9e && set ip-dev-name eno1 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} bc:30:5b:de:3a:9f && set ip-dev-name eno2 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node9.sysdeploy.org
iseq ${net${idx}/mac} 00:25:90:a9:73:76 && set ip-dev-name eno1 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
#iseq ${net${idx}/mac} 00:25:90:a9:73:77 && set ip-dev-name enp0s25 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# backup.bitmessage.at
iseq ${net${idx}/mac} a8:a1:59:c7:21:8f && set ip-dev-name enp39s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} a8:a1:59:c7:21:90 && set ip-dev-name enp38s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# if you don't know the linux interface name, use "clear ip-dev-name", then # if you don't know the linux interface name, use "clear ip-dev-name", then
# it will use ALL interfaces # it will use ALL interfaces
@ -89,9 +56,7 @@ inc idx && goto loop
iseq ${successful} f && goto error_handler || iseq ${successful} f && goto error_handler ||
# If on the other hand we're successful, then we construct the kernel ip= line # If on the other hand we're successful, then we construct the kernel ip= line
set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns} && echo Static IP found set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns}
echo ip-info ${ip-info}
# And setup IPXE networking. # And setup IPXE networking.
@ -124,38 +89,12 @@ goto boot_all
################# #################
:try_next_card
imgfree
ifclose
sleep 1
# If dhcp, it will go to the static boot, which already has ifopen
iseq ip-info dhcp || ifopen
iseq ip-info dhcp || sleep 1
iseq ip-info dhcp && clear ip-info && goto try_static_from_dhcp_fail || goto try_next_static_card
:try_static_from_dhcp_fail
iseq arch-info arm64 && goto static_ip_boot_arm64 ||
iseq arch-info amd64 && goto static_ip_boot_amd64 ||
goto error_handler
:try_next_static_card
isset ip-dev-name && clear ip-dev-name
isset ip-addr && clear ip-addr
isset ip-gateway && clear ip-gateway
isset ip-netmask && clear ip-netmask
isset ip-dns && clear ip-dns
isset successful && clear successful
set successful f
isset idx && inc idx || goto error_handler
goto loop
# In case we want to... log?? Or do something else. # In case we want to... log?? Or do something else.
:error_handler :error_handler
echo ########################################################### echo "###########################################################"
echo An unspecified error has occurred. echo "An unspecified error has occurred."
echo The system will sleep for two minutes and then reboot. echo "The system will sleep for two minutes and then reboot."
echo ########################################################### echo "###########################################################"
sleep 60 sleep 60
sleep 60 sleep 60
reboot reboot
@ -164,6 +103,7 @@ sleep 5
exit exit
# Get relevant CPU arch. # Get relevant CPU arch.
:get_arch :get_arch
iseq ${buildarch} arm32 && goto start_arm32 || iseq ${buildarch} arm32 && goto start_arm32 ||
@ -172,6 +112,7 @@ iseq ${buildarch} i386 && goto start_i386 ||
iseq ${buildarch} x86_64 && goto start_amd64 || iseq ${buildarch} x86_64 && goto start_amd64 ||
goto error_handler goto error_handler
# Builds may be done on 32-bit, but machines will always be 64-bit. # Builds may be done on 32-bit, but machines will always be 64-bit.
# Keep this section just in case we want to use 32-bit machines in the future. # Keep this section just in case we want to use 32-bit machines in the future.
:start_arm32 :start_arm32
@ -210,20 +151,18 @@ goto static_ip_boot_setup
:boot_all :boot_all
# Get accurate time so we can set the clock in kernel boot cmdline
echo Syncing time over NTP
ntp pool.ntp.org || goto error_handler
# check for EFI
iseq ${platform} efi && goto is_efi || goto not_efi
# We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate # We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
# integrity and validation to imgverify. # integrity and validation to imgverify.
# Naming the squashfs download "/squashfs" is required, otherwise the boot # Naming the squashfs download "/squashfs" is required, otherwise the boot
# kernel fails to load it in the "root=" part of the kernel cmdline. # kernel fails to load it in the "root=" part of the kernel cmdline.
# However, note that imgverify will fail if you refer to it as "/squashfs" # However, note that imgverify will fail if you refer to it as "/squashfs"
# instead of "squashfs". # instead of "squashfs".
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto error_handler
imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
# "--signer" validates against the subject common name field of the signing # "--signer" validates against the subject common name field of the signing
# certificate. That signing cert must have both the digital signature key # certificate. That signing cert must have both the digital signature key
# usage set and the code-signing key usage extension set. # usage set and the code-signing key usage extension set.
@ -232,36 +171,25 @@ iseq ${platform} efi && goto is_efi || goto not_efi
# make sure you pick a common name with a FQDN you control, even if you're # make sure you pick a common name with a FQDN you control, even if you're
# using a custom CA that you import during build. # using a custom CA that you import during build.
:is_efi
echo Attempting EFI boot
set initrd1 initrd=initrd.cpio
isset initrd2 && clear initrd2
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio || goto try_next_card initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto error_handler
imgverify --signer images.sysdeploy.org initrd.cpio http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
goto efi_and_not_efi kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto error_handler
imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
:not_efi
echo Attempting legacy boot
set initrd1 initrd=boot-initrd
set initrd2 initrd=squashfs
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card # Get accurate time so we can set the clock in kernel boot cmdline
imgverify --signer images.sysdeploy.org squashfs http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler ntp pool.ntp.org || goto error_handler
initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card echo ip-info ${ip-info}
imgverify --signer images.sysdeploy.org boot-initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
:efi_and_not_efi
kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
imgverify --signer images.sysdeploy.org boot-kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
sleep 1 sleep 1
boot boot-kernel ${initrd1} ${initrd2} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler boot boot-kernel initrd=boot-initrd rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/ || goto error_handler
# unixtime variable must be used with int32, because that's the only way it # unixtime variable must be used with int32, because that's the only way it
# will display as decimal digits. unit32 and string both display as hex. # will display as decimal digits. unit32 and string both display as hex.
# Therefore this will stop working in 2038. # Therefore this will stop working in 2038.