Compare commits
No commits in common. "master" and "g_040fa526b4301be17db990f20da4e9ee9b093e3b" have entirely different histories.
master
...
g_040fa526
|
@ -1,6 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
LE_CERT=isrgrootx1.pem,isrg-root-x2.pem,lets-encrypt-r3.pem
|
||||
|
||||
function clone_ipxe_upstream() {
|
||||
local ipxe_src_dir="$1"
|
||||
|
@ -29,27 +28,25 @@ function sed_enabled_ipxe_features() {
|
|||
return 1
|
||||
fi
|
||||
|
||||
for OPTION in DOWNLOAD_PROTO_HTTPS \
|
||||
NSLOOKUP_CMD \
|
||||
TIME_CMD \
|
||||
DIGEST_CMD \
|
||||
REBOOT_CMD \
|
||||
POWEROFF_CMD \
|
||||
IMAGE_TRUST_CMD \
|
||||
NTP_CMD \
|
||||
CERT_CMD
|
||||
do
|
||||
sed -i -r \
|
||||
"s/^\\/+#define[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
|
||||
"${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i -r \
|
||||
"s/^#undef[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
|
||||
"${ipxe_src_dir}/src/config/general.h"
|
||||
done
|
||||
sed -i 's/^\/\/\#define\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\/\/\#define\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
|
||||
echo "Downloading default iPXE CA certificate"
|
||||
cd ipxe/src
|
||||
wget https://letsencrypt.org/certs/{isrgrootx1,isrg-root-x2,lets-encrypt-r3}.pem
|
||||
sed -i 's/^\#undef\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
sed -i 's/^\#undef\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
@ -84,7 +81,7 @@ function make_ipxe_lkrn() {
|
|||
curr="$(pwd)"
|
||||
cd "${ipxe_src_dir}/src/" || return 1
|
||||
|
||||
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
|
@ -120,121 +117,7 @@ function make_ipxe_iso() {
|
|||
curr="$(pwd)"
|
||||
cd "${ipxe_src_dir}/src/" || return 1
|
||||
|
||||
make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
||||
function make_ipxe_dsk() {
|
||||
local ipxe_src_dir="$1"
|
||||
local embed_file="$2"
|
||||
local signing_cert="$3"
|
||||
local ca_cert="$4"
|
||||
|
||||
embed_file="$(realpath "${embed_file}")"
|
||||
signing_cert="$(realpath "${signing_cert}")"
|
||||
ca_cert="$(realpath "${ca_cert}")"
|
||||
|
||||
if [ ! -d "$ipxe_src_dir" ]; then
|
||||
>&2 echo "IPXE supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$embed_file" ]]; then
|
||||
>&2 echo "IPXE embedded file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$signing_cert" ]]; then
|
||||
>&2 echo "IPXE signing cert does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ca_cert}" ]]; then
|
||||
>&2 echo "IPXE CA cert does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "${ipxe_src_dir}/src/" || return 1
|
||||
|
||||
make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
||||
function make_ipxe_pxe() {
|
||||
local ipxe_src_dir="$1"
|
||||
local embed_file="$2"
|
||||
local signing_cert="$3"
|
||||
local ca_cert="$4"
|
||||
|
||||
embed_file="$(realpath "${embed_file}")"
|
||||
signing_cert="$(realpath "${signing_cert}")"
|
||||
ca_cert="$(realpath "${ca_cert}")"
|
||||
|
||||
if [ ! -d "$ipxe_src_dir" ]; then
|
||||
>&2 echo "IPXE supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$embed_file" ]]; then
|
||||
>&2 echo "IPXE embedded file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$signing_cert" ]]; then
|
||||
>&2 echo "IPXE signing cert does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ca_cert}" ]]; then
|
||||
>&2 echo "IPXE CA cert does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "${ipxe_src_dir}/src/" || return 1
|
||||
|
||||
make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
||||
function make_ipxe_efi() {
|
||||
local ipxe_src_dir="$1"
|
||||
local embed_file="$2"
|
||||
local signing_cert="$3"
|
||||
local ca_cert="$4"
|
||||
local efi_key="$5"
|
||||
local efi_cert="$6"
|
||||
|
||||
embed_file="$(realpath "${embed_file}")"
|
||||
signing_cert="$(realpath "${signing_cert}")"
|
||||
ca_cert="$(realpath "${ca_cert}")"
|
||||
efi_key="$(realpath "${efi_key}")"
|
||||
efi_cert="$(realpath "${efi_cert}")"
|
||||
|
||||
if [ ! -d "$ipxe_src_dir" ]; then
|
||||
>&2 echo "IPXE supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$embed_file" ]]; then
|
||||
>&2 echo "IPXE embedded file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$signing_cert" ]]; then
|
||||
>&2 echo "IPXE signing cert does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ca_cert}" ]]; then
|
||||
>&2 echo "IPXE CA cert does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "${ipxe_src_dir}/src/" || return 1
|
||||
|
||||
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||
mv bin-x86_64-efi/ipxe.efi bin/
|
||||
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi
|
||||
make bin/ipxe.iso EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
|
@ -255,24 +138,11 @@ function make_ipxe_bin_shasums() {
|
|||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
|
||||
>&2 echo "IPXE USB build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "${ipxe_src_dir}/src/bin/" || return 1
|
||||
|
||||
sha256sum ipxe.lkrn ipxe.iso ipxe.usb ipxe.pxe ipxe.efi > SHA256SUMS || return 2
|
||||
|
||||
sha256sum ipxe.lkrn ipxe.iso > SHA256SUMS || return 2
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
@ -427,18 +297,6 @@ function upload_release_ipxe_lkrn() {
|
|||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
|
||||
>&2 echo "IPXE USB build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
|
||||
>&2 echo "IPXE sha256sums file does not exist."
|
||||
return 1
|
||||
|
@ -520,14 +378,6 @@ function upload_release_ipxe_iso() {
|
|||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
|
||||
>&2 echo "IPXE sha256sums file does not exist."
|
||||
return 1
|
||||
|
@ -569,277 +419,6 @@ function upload_release_ipxe_iso() {
|
|||
return 0
|
||||
}
|
||||
|
||||
function upload_release_ipxe_dsk() {
|
||||
local ipxe_src_dir="$1"
|
||||
local git_repo_dir="$2"
|
||||
local branch="$3"
|
||||
local repo_user="$4"
|
||||
local repo_name="$5"
|
||||
local api_token_file="$6"
|
||||
|
||||
if [ ! -d "$git_repo_dir" ]; then
|
||||
>&2 echo "Supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$branch" ]]; then
|
||||
>&2 echo "No branch specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$repo_user" ]]; then
|
||||
>&2 echo "No repo username specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$repo_name" ]]; then
|
||||
>&2 echo "No repo name specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$api_token_file" ]]; then
|
||||
>&2 echo "API token file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [ ! -d "$ipxe_src_dir" ]; then
|
||||
>&2 echo "IPXE supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
|
||||
>&2 echo "IPXE lkrn build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
|
||||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then
|
||||
>&2 echo "IPXE USB build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
|
||||
>&2 echo "IPXE sha256sums file does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "$git_repo_dir"
|
||||
|
||||
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The release info from the curl step cannot be found."
|
||||
return 2
|
||||
fi
|
||||
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The release info from the curl step cannot be found."
|
||||
return 2
|
||||
fi
|
||||
|
||||
releaseid="$(tail -n 1 release_results.txt | jq .id)"
|
||||
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.usb" \
|
||||
-H "accept: application/json" \
|
||||
-H "Authorization: token $(cat $api_token_file)" \
|
||||
-i \
|
||||
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.usb" > release_usb.txt
|
||||
|
||||
cat release_usb.txt | grep ^HTTP/ | grep 201 >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The upload of ipxe.usb as a release attachment failed."
|
||||
return 2
|
||||
fi
|
||||
tail -n 1 release_usb.txt | jq .id | grep -P '^(\d)+$' >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The upload of ipxe.usb as a release attachment failed."
|
||||
return 2
|
||||
fi
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
||||
function upload_release_ipxe_pxe() {
|
||||
local ipxe_src_dir="$1"
|
||||
local git_repo_dir="$2"
|
||||
local branch="$3"
|
||||
local repo_user="$4"
|
||||
local repo_name="$5"
|
||||
local api_token_file="$6"
|
||||
|
||||
if [ ! -d "$git_repo_dir" ]; then
|
||||
>&2 echo "Supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$branch" ]]; then
|
||||
>&2 echo "No branch specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$repo_user" ]]; then
|
||||
>&2 echo "No repo username specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$repo_name" ]]; then
|
||||
>&2 echo "No repo name specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$api_token_file" ]]; then
|
||||
>&2 echo "API token file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [ ! -d "$ipxe_src_dir" ]; then
|
||||
>&2 echo "IPXE supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
|
||||
>&2 echo "IPXE lkrn build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
|
||||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
|
||||
>&2 echo "IPXE sha256sums file does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "$git_repo_dir"
|
||||
|
||||
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The release info from the curl step cannot be found."
|
||||
return 2
|
||||
fi
|
||||
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The release info from the curl step cannot be found."
|
||||
return 2
|
||||
fi
|
||||
|
||||
releaseid="$(tail -n 1 release_results.txt | jq .id)"
|
||||
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.pxe" \
|
||||
-H "accept: application/json" \
|
||||
-H "Authorization: token $(cat $api_token_file)" \
|
||||
-i \
|
||||
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.pxe" > release_pxe.txt
|
||||
|
||||
cat release_pxe.txt | grep ^HTTP/ | grep 201 >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The upload of ipxe.pxe as a release attachment failed."
|
||||
return 2
|
||||
fi
|
||||
tail -n 1 release_pxe.txt | jq .id | grep -P '^(\d)+$' >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The upload of ipxe.pxe as a release attachment failed."
|
||||
return 2
|
||||
fi
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
||||
function upload_release_ipxe_efi() {
|
||||
local ipxe_src_dir="$1"
|
||||
local git_repo_dir="$2"
|
||||
local branch="$3"
|
||||
local repo_user="$4"
|
||||
local repo_name="$5"
|
||||
local api_token_file="$6"
|
||||
|
||||
if [ ! -d "$git_repo_dir" ]; then
|
||||
>&2 echo "Supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$branch" ]]; then
|
||||
>&2 echo "No branch specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$repo_user" ]]; then
|
||||
>&2 echo "No repo username specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ -z "$repo_name" ]]; then
|
||||
>&2 echo "No repo name specified."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "$api_token_file" ]]; then
|
||||
>&2 echo "API token file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [ ! -d "$ipxe_src_dir" ]; then
|
||||
>&2 echo "IPXE supplied directory does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.lkrn" ]]; then
|
||||
>&2 echo "IPXE lkrn build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.iso" ]]; then
|
||||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
|
||||
>&2 echo "IPXE sha256sums file does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
curr="$(pwd)"
|
||||
cd "$git_repo_dir"
|
||||
|
||||
cat release_results.txt | grep ^HTTP/ | grep 201 >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The release info from the curl step cannot be found."
|
||||
return 2
|
||||
fi
|
||||
tail -n 1 release_results.txt | jq .id | grep -P '^(\d)+$' >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The release info from the curl step cannot be found."
|
||||
return 2
|
||||
fi
|
||||
|
||||
releaseid="$(tail -n 1 release_results.txt | jq .id)"
|
||||
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.efi" \
|
||||
-H "accept: application/json" \
|
||||
-H "Authorization: token $(cat $api_token_file)" \
|
||||
-i \
|
||||
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.efi" > release_efi.txt
|
||||
|
||||
cat release_efi.txt | grep ^HTTP/ | grep 201 >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The upload of ipxe.efi as a release attachment failed."
|
||||
return 2
|
||||
fi
|
||||
tail -n 1 release_efi.txt | jq .id | grep -P '^(\d)+$' >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "The upload of ipxe.efi as a release attachment failed."
|
||||
return 2
|
||||
fi
|
||||
|
||||
cd "$curr"
|
||||
return 0
|
||||
}
|
||||
|
||||
function upload_release_ipxe_shasums() {
|
||||
local ipxe_src_dir="$1"
|
||||
local git_repo_dir="$2"
|
||||
|
@ -880,14 +459,6 @@ function upload_release_ipxe_shasums() {
|
|||
>&2 echo "IPXE iso build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
|
||||
>&2 echo "IPXE pxe build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.efi" ]]; then
|
||||
>&2 echo "IPXE efi build file does not exist."
|
||||
return 1
|
||||
fi
|
||||
if [[ ! -f "${ipxe_src_dir}/src/bin/SHA256SUMS" ]]; then
|
||||
>&2 echo "IPXE sha256sums file does not exist."
|
||||
return 1
|
||||
|
|
130
embed.ipxe
130
embed.ipxe
|
@ -9,8 +9,8 @@
|
|||
imgtrust --permanent
|
||||
|
||||
|
||||
# For the "jammy" part of the URL string, in case that changes in the future.
|
||||
set ubuntu-variant jammy
|
||||
# For the "focal" part of the URL string, in case that changes in the future.
|
||||
set ubuntu-variant focal
|
||||
|
||||
goto get_arch
|
||||
|
||||
|
@ -35,47 +35,14 @@ isset ${net${idx}/mac} || goto loop_done
|
|||
######################## SET STATIC IP INFO HERE #############################
|
||||
# Just copy/paste an entire line to add more
|
||||
#
|
||||
echo Checking net${idx} for a static IP config
|
||||
echo Checking net${idx}
|
||||
|
||||
# node1.bitmessage.at
|
||||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node2.bitmessage.at
|
||||
iseq ${net${idx}/mac} 28:80:23:a7:52:d0 && set ip-dev-name eno1 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} 28:80:23:a7:52:d1 && set ip-dev-name eno2 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node1.surda.cloud
|
||||
iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node2.surda.cloud
|
||||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d6 && set ip-dev-name eno1 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d7 && set ip-dev-name eno2 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d8 && set ip-dev-name eno3 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d9 && set ip-dev-name eno4 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node3.surda.cloud
|
||||
iseq ${net${idx}/mac} b8:2a:72:d5:05:36 && set ip-dev-name eno1 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} b8:2a:72:d5:05:37 && set ip-dev-name eno2 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} b8:2a:72:d5:05:38 && set ip-dev-name eno3 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} b8:2a:72:d5:05:39 && set ip-dev-name eno4 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
|
||||
# node3.sysdeploy.org
|
||||
iseq ${net${idx}/mac} 00:25:90:a2:9f:e9 && set ip-dev-name eno2 && set ip-addr 104.251.122.45 && set ip-gateway 104.251.122.44 && set ip-netmask 255.255.255.254 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node4.sysdeploy.org
|
||||
iseq ${net${idx}/mac} 0c:c4:7a:04:ca:60 && set ip-dev-name eno1 && set ip-addr 50.2.185.50 && set ip-gateway 50.2.185.49 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node5.sysdeploy.org
|
||||
iseq ${net${idx}/mac} d8:9d:67:72:09:50 && set ip-dev-name eno1 && set ip-addr 82.118.227.210 && set ip-gateway 82.118.227.209 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node7.sysdeploy.org
|
||||
iseq ${net${idx}/mac} 34:17:eb:ea:78:b0 && set ip-dev-name eno1 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} 34:17:eb:ea:78:b1 && set ip-dev-name eno2 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node8.sysdeploy.org
|
||||
iseq ${net${idx}/mac} bc:30:5b:de:3a:9e && set ip-dev-name eno1 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} bc:30:5b:de:3a:9f && set ip-dev-name eno2 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# node9.sysdeploy.org
|
||||
iseq ${net${idx}/mac} 00:25:90:a9:73:76 && set ip-dev-name eno1 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
#iseq ${net${idx}/mac} 00:25:90:a9:73:77 && set ip-dev-name enp0s25 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
# backup.bitmessage.at
|
||||
iseq ${net${idx}/mac} a8:a1:59:c7:21:8f && set ip-dev-name enp39s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} a8:a1:59:c7:21:90 && set ip-dev-name enp38s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
|
||||
|
||||
iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
|
||||
|
||||
# if you don't know the linux interface name, use "clear ip-dev-name", then
|
||||
# it will use ALL interfaces
|
||||
|
@ -89,9 +56,7 @@ inc idx && goto loop
|
|||
iseq ${successful} f && goto error_handler ||
|
||||
|
||||
# If on the other hand we're successful, then we construct the kernel ip= line
|
||||
set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns} && echo Static IP found
|
||||
|
||||
echo ip-info ${ip-info}
|
||||
set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns}
|
||||
|
||||
# And setup IPXE networking.
|
||||
|
||||
|
@ -124,38 +89,12 @@ goto boot_all
|
|||
#################
|
||||
|
||||
|
||||
:try_next_card
|
||||
imgfree
|
||||
ifclose
|
||||
sleep 1
|
||||
# If dhcp, it will go to the static boot, which already has ifopen
|
||||
iseq ip-info dhcp || ifopen
|
||||
iseq ip-info dhcp || sleep 1
|
||||
iseq ip-info dhcp && clear ip-info && goto try_static_from_dhcp_fail || goto try_next_static_card
|
||||
|
||||
:try_static_from_dhcp_fail
|
||||
iseq arch-info arm64 && goto static_ip_boot_arm64 ||
|
||||
iseq arch-info amd64 && goto static_ip_boot_amd64 ||
|
||||
goto error_handler
|
||||
|
||||
:try_next_static_card
|
||||
isset ip-dev-name && clear ip-dev-name
|
||||
isset ip-addr && clear ip-addr
|
||||
isset ip-gateway && clear ip-gateway
|
||||
isset ip-netmask && clear ip-netmask
|
||||
isset ip-dns && clear ip-dns
|
||||
isset successful && clear successful
|
||||
set successful f
|
||||
isset idx && inc idx || goto error_handler
|
||||
goto loop
|
||||
|
||||
|
||||
# In case we want to... log?? Or do something else.
|
||||
:error_handler
|
||||
echo ###########################################################
|
||||
echo An unspecified error has occurred.
|
||||
echo The system will sleep for two minutes and then reboot.
|
||||
echo ###########################################################
|
||||
echo "###########################################################"
|
||||
echo "An unspecified error has occurred."
|
||||
echo "The system will sleep for two minutes and then reboot."
|
||||
echo "###########################################################"
|
||||
sleep 60
|
||||
sleep 60
|
||||
reboot
|
||||
|
@ -164,6 +103,7 @@ sleep 5
|
|||
exit
|
||||
|
||||
|
||||
|
||||
# Get relevant CPU arch.
|
||||
:get_arch
|
||||
iseq ${buildarch} arm32 && goto start_arm32 ||
|
||||
|
@ -172,6 +112,7 @@ iseq ${buildarch} i386 && goto start_i386 ||
|
|||
iseq ${buildarch} x86_64 && goto start_amd64 ||
|
||||
goto error_handler
|
||||
|
||||
|
||||
# Builds may be done on 32-bit, but machines will always be 64-bit.
|
||||
# Keep this section just in case we want to use 32-bit machines in the future.
|
||||
:start_arm32
|
||||
|
@ -210,20 +151,18 @@ goto static_ip_boot_setup
|
|||
|
||||
:boot_all
|
||||
|
||||
# Get accurate time so we can set the clock in kernel boot cmdline
|
||||
echo Syncing time over NTP
|
||||
ntp pool.ntp.org || goto error_handler
|
||||
|
||||
# check for EFI
|
||||
iseq ${platform} efi && goto is_efi || goto not_efi
|
||||
|
||||
# We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
|
||||
# integrity and validation to imgverify.
|
||||
|
||||
|
||||
# Naming the squashfs download "/squashfs" is required, otherwise the boot
|
||||
# kernel fails to load it in the "root=" part of the kernel cmdline.
|
||||
# However, note that imgverify will fail if you refer to it as "/squashfs"
|
||||
# instead of "squashfs".
|
||||
|
||||
imgfetch http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto error_handler
|
||||
imgverify --signer images.sysdeploy.org squashfs http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
|
||||
|
||||
# "--signer" validates against the subject common name field of the signing
|
||||
# certificate. That signing cert must have both the digital signature key
|
||||
# usage set and the code-signing key usage extension set.
|
||||
|
@ -232,36 +171,25 @@ iseq ${platform} efi && goto is_efi || goto not_efi
|
|||
# make sure you pick a common name with a FQDN you control, even if you're
|
||||
# using a custom CA that you import during build.
|
||||
|
||||
:is_efi
|
||||
echo Attempting EFI boot
|
||||
set initrd1 initrd=initrd.cpio
|
||||
isset initrd2 && clear initrd2
|
||||
|
||||
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio || goto try_next_card
|
||||
imgverify --signer images.sysdeploy.org initrd.cpio http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler
|
||||
initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd || goto error_handler
|
||||
imgverify --signer images.sysdeploy.org boot-initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
|
||||
|
||||
goto efi_and_not_efi
|
||||
kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto error_handler
|
||||
imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
|
||||
|
||||
:not_efi
|
||||
echo Attempting legacy boot
|
||||
set initrd1 initrd=boot-initrd
|
||||
set initrd2 initrd=squashfs
|
||||
|
||||
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card
|
||||
imgverify --signer images.sysdeploy.org squashfs http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
|
||||
# Get accurate time so we can set the clock in kernel boot cmdline
|
||||
ntp pool.ntp.org || goto error_handler
|
||||
|
||||
initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card
|
||||
imgverify --signer images.sysdeploy.org boot-initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
|
||||
|
||||
:efi_and_not_efi
|
||||
|
||||
kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
|
||||
imgverify --signer images.sysdeploy.org boot-kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
|
||||
echo ip-info ${ip-info}
|
||||
|
||||
sleep 1
|
||||
|
||||
boot boot-kernel ${initrd1} ${initrd2} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler
|
||||
boot boot-kernel initrd=boot-initrd rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/ || goto error_handler
|
||||
|
||||
# unixtime variable must be used with int32, because that's the only way it
|
||||
# will display as decimal digits. unit32 and string both display as hex.
|
||||
# Therefore this will stop working in 2038.
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user