Compare commits

..

No commits in common. "master" and "g_688d87fcd4cd9f3a979a68522ecd4830fd63bb16" have entirely different histories.

2 changed files with 59 additions and 104 deletions

View File

@ -1,6 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
LE_CERT=isrgrootx1.pem,isrg-root-x2.pem,lets-encrypt-r3.pem
function clone_ipxe_upstream() { function clone_ipxe_upstream() {
local ipxe_src_dir="$1" local ipxe_src_dir="$1"
@ -29,27 +28,25 @@ function sed_enabled_ipxe_features() {
return 1 return 1
fi fi
for OPTION in DOWNLOAD_PROTO_HTTPS \ sed -i 's/^\/\/\#define\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
NSLOOKUP_CMD \ sed -i 's/^\/\/\#define\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
TIME_CMD \ sed -i 's/^\/\/\#define\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
DIGEST_CMD \ sed -i 's/^\/\/\#define\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
REBOOT_CMD \ sed -i 's/^\/\/\#define\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
POWEROFF_CMD \ sed -i 's/^\/\/\#define\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
IMAGE_TRUST_CMD \ sed -i 's/^\/\/\#define\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
NTP_CMD \ sed -i 's/^\/\/\#define\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
CERT_CMD sed -i 's/^\/\/\#define\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
do
sed -i -r \
"s/^\\/+#define[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
"${ipxe_src_dir}/src/config/general.h"
sed -i -r \
"s/^#undef[[:space:]]+$OPTION[[:space:]]/#define $OPTION /g" \
"${ipxe_src_dir}/src/config/general.h"
done
echo "Downloading default iPXE CA certificate" sed -i 's/^\#undef\ DOWNLOAD_PROTO_HTTPS/\#define\ DOWNLOAD_PROTO_HTTPS/g' "${ipxe_src_dir}/src/config/general.h"
cd ipxe/src sed -i 's/^\#undef\ NSLOOKUP_CMD/\#define\ NSLOOKUP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
wget https://letsencrypt.org/certs/{isrgrootx1,isrg-root-x2,lets-encrypt-r3}.pem sed -i 's/^\#undef\ TIME_CMD/\#define\ TIME_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ DIGEST_CMD/\#define\ DIGEST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ REBOOT_CMD/\#define\ REBOOT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ POWEROFF_CMD/\#define\ POWEROFF_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ IMAGE_TRUST_CMD/\#define\ IMAGE_TRUST_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ NTP_CMD/\#define\ NTP_CMD/g' "${ipxe_src_dir}/src/config/general.h"
sed -i 's/^\#undef\ CERT_CMD/\#define\ CERT_CMD/g' "${ipxe_src_dir}/src/config/general.h"
return 0 return 0
} }
@ -84,7 +81,7 @@ function make_ipxe_lkrn() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin/ipxe.lkrn EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -120,7 +117,7 @@ function make_ipxe_iso() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin/ipxe.iso EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -156,7 +153,7 @@ function make_ipxe_dsk() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin/ipxe.dsk EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -192,7 +189,7 @@ function make_ipxe_pxe() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin/ipxe.pxe EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -232,7 +229,7 @@ function make_ipxe_efi() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2 make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2
mv bin-x86_64-efi/ipxe.efi bin/ mv bin-x86_64-efi/ipxe.efi bin/
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi
@ -255,8 +252,8 @@ function make_ipxe_bin_shasums() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.dsk" ]]; then
>&2 echo "IPXE USB build file does not exist." >&2 echo "IPXE floppy build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
@ -271,7 +268,7 @@ function make_ipxe_bin_shasums() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/bin/" || return 1 cd "${ipxe_src_dir}/src/bin/" || return 1
sha256sum ipxe.lkrn ipxe.iso ipxe.usb ipxe.pxe ipxe.efi > SHA256SUMS || return 2 sha256sum ipxe.lkrn ipxe.iso ipxe.dsk ipxe.pxe ipxe.efi > SHA256SUMS || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -427,8 +424,8 @@ function upload_release_ipxe_lkrn() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.dsk" ]]; then
>&2 echo "IPXE USB build file does not exist." >&2 echo "IPXE floppy build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
@ -609,8 +606,8 @@ function upload_release_ipxe_dsk() {
>&2 echo "IPXE iso build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.usb" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.dsk" ]]; then
>&2 echo "IPXE USB build file does not exist." >&2 echo "IPXE iso build file does not exist."
return 1 return 1
fi fi
if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then if [[ ! -f "${ipxe_src_dir}/src/bin/ipxe.pxe" ]]; then
@ -641,20 +638,20 @@ function upload_release_ipxe_dsk() {
fi fi
releaseid="$(tail -n 1 release_results.txt | jq .id)" releaseid="$(tail -n 1 release_results.txt | jq .id)"
curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.usb" \ curl -X POST "https://git.bitmessage.org/api/v1/repos/${repo_user}/${repo_name}/releases/${releaseid}/assets?name=ipxe.dsk" \
-H "accept: application/json" \ -H "accept: application/json" \
-H "Authorization: token $(cat $api_token_file)" \ -H "Authorization: token $(cat $api_token_file)" \
-i \ -i \
-F "attachment=@${ipxe_src_dir}/src/bin/ipxe.usb" > release_usb.txt -F "attachment=@${ipxe_src_dir}/src/bin/ipxe.dsk" > release_dsk.txt
cat release_usb.txt | grep ^HTTP/ | grep 201 >/dev/null cat release_dsk.txt | grep ^HTTP/ | grep 201 >/dev/null
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.usb as a release attachment failed." >&2 echo "The upload of ipxe.dsk as a release attachment failed."
return 2 return 2
fi fi
tail -n 1 release_usb.txt | jq .id | grep -P '^(\d)+$' >/dev/null tail -n 1 release_dsk.txt | jq .id | grep -P '^(\d)+$' >/dev/null
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
>&2 echo "The upload of ipxe.usb as a release attachment failed." >&2 echo "The upload of ipxe.dsk as a release attachment failed."
return 2 return 2
fi fi

View File

@ -9,8 +9,8 @@
imgtrust --permanent imgtrust --permanent
# For the "jammy" part of the URL string, in case that changes in the future. # For the "focal" part of the URL string, in case that changes in the future.
set ubuntu-variant jammy set ubuntu-variant focal
goto get_arch goto get_arch
@ -35,46 +35,24 @@ isset ${net${idx}/mac} || goto loop_done
######################## SET STATIC IP INFO HERE ############################# ######################## SET STATIC IP INFO HERE #############################
# Just copy/paste an entire line to add more # Just copy/paste an entire line to add more
# #
echo Checking net${idx} for a static IP config echo Checking net${idx}
# node1.bitmessage.at # node1.bitmessage.at
iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 40:a8:f0:31:cc:58 && set ip-dev-name eno1 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 40:a8:f0:31:cc:59 && set ip-dev-name eno2 && set ip-addr 93.189.28.82 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node2.bitmessage.at # node2.bitmessage.at
iseq ${net${idx}/mac} 28:80:23:a7:52:d0 && set ip-dev-name eno1 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 28:80:23:a7:52:d0 && set ip-dev-name eno1 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 28:80:23:a7:52:d1 && set ip-dev-name eno2 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 28:80:23:a7:52:d1 && set ip-dev-name eno2 && set ip-addr 93.189.25.250 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node1.surda.cloud # node1.surda.cloud
iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} d0:50:99:df:1d:49 && set ip-dev-name enp39s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.85 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} d0:50:99:df:1d:4a && set ip-dev-name enp38s0 && set ip-addr 93.189.28.83 && set ip-gateway 93.189.28.81 && set ip-netmask 255.255.255.240 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node2.surda.cloud
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d6 && set ip-dev-name eno1 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d7 && set ip-dev-name eno2 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d8 && set ip-dev-name eno3 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} c8:1f:66:b9:0b:d9 && set ip-dev-name eno4 && set ip-addr 110.4.42.77 && set ip-gateway 110.4.42.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node3.surda.cloud
iseq ${net${idx}/mac} b8:2a:72:d5:05:36 && set ip-dev-name eno1 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:37 && set ip-dev-name eno2 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:38 && set ip-dev-name eno3 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} b8:2a:72:d5:05:39 && set ip-dev-name eno4 && set ip-addr 101.99.86.54 && set ip-gateway 101.99.86.49 && set ip-netmask 255.255.255.240 && set ip-dns 8.8.8.8 && set successful t && goto loop_done ||
# node3.sysdeploy.org # node3.sysdeploy.org
iseq ${net${idx}/mac} 00:25:90:a2:9f:e9 && set ip-dev-name eno2 && set ip-addr 104.251.122.45 && set ip-gateway 104.251.122.44 && set ip-netmask 255.255.255.254 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 00:25:90:a2:9f:e9 && set ip-dev-name eno2 && set ip-addr 104.251.122.45 && set ip-gateway 104.251.122.44 && set ip-netmask 255.255.255.254 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node4.sysdeploy.org # node4.sysdeploy.org
iseq ${net${idx}/mac} 0c:c4:7a:04:ca:60 && set ip-dev-name eno1 && set ip-addr 50.2.185.50 && set ip-gateway 50.2.185.49 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 0c:c4:7a:04:ca:60 && set ip-dev-name eno1 && set ip-addr 50.2.185.50 && set ip-gateway 50.2.185.49 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node5.sysdeploy.org
iseq ${net${idx}/mac} d8:9d:67:72:09:50 && set ip-dev-name eno1 && set ip-addr 82.118.227.210 && set ip-gateway 82.118.227.209 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node7.sysdeploy.org # node7.sysdeploy.org
iseq ${net${idx}/mac} 34:17:eb:ea:78:b0 && set ip-dev-name eno1 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 34:17:eb:ea:78:b0 && set ip-dev-name eno1 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} 34:17:eb:ea:78:b1 && set ip-dev-name eno2 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done || iseq ${net${idx}/mac} 34:17:eb:ea:78:b1 && set ip-dev-name eno2 && set ip-addr 162.248.7.209 && set ip-gateway 162.248.7.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node8.sysdeploy.org
iseq ${net${idx}/mac} bc:30:5b:de:3a:9e && set ip-dev-name eno1 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} bc:30:5b:de:3a:9f && set ip-dev-name eno2 && set ip-addr 109.73.65.100 && set ip-gateway 109.73.65.1 && set ip-netmask 255.255.255.0 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# node9.sysdeploy.org
iseq ${net${idx}/mac} 00:25:90:a9:73:76 && set ip-dev-name eno1 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
#iseq ${net${idx}/mac} 00:25:90:a9:73:77 && set ip-dev-name enp0s25 && set ip-addr 23.94.164.18 && set ip-gateway 23.94.164.17 && set ip-netmask 255.255.255.252 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# backup.bitmessage.at
iseq ${net${idx}/mac} a8:a1:59:c7:21:8f && set ip-dev-name enp39s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
iseq ${net${idx}/mac} a8:a1:59:c7:21:90 && set ip-dev-name enp38s0 && set ip-addr 93.189.25.253 && set ip-gateway 93.189.25.249 && set ip-netmask 255.255.255.248 && set ip-dns 1.1.1.1 && set successful t && goto loop_done ||
# if you don't know the linux interface name, use "clear ip-dev-name", then # if you don't know the linux interface name, use "clear ip-dev-name", then
@ -89,9 +67,7 @@ inc idx && goto loop
iseq ${successful} f && goto error_handler || iseq ${successful} f && goto error_handler ||
# If on the other hand we're successful, then we construct the kernel ip= line # If on the other hand we're successful, then we construct the kernel ip= line
set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns} && echo Static IP found set ip-info ${ip-addr}::${ip-gateway}:${ip-netmask}::${ip-dev-name}:off:${ip-dns}
echo ip-info ${ip-info}
# And setup IPXE networking. # And setup IPXE networking.
@ -152,10 +128,10 @@ goto loop
# In case we want to... log?? Or do something else. # In case we want to... log?? Or do something else.
:error_handler :error_handler
echo ########################################################### echo "###########################################################"
echo An unspecified error has occurred. echo "An unspecified error has occurred."
echo The system will sleep for two minutes and then reboot. echo "The system will sleep for two minutes and then reboot."
echo ########################################################### echo "###########################################################"
sleep 60 sleep 60
sleep 60 sleep 60
reboot reboot
@ -172,6 +148,7 @@ iseq ${buildarch} i386 && goto start_i386 ||
iseq ${buildarch} x86_64 && goto start_amd64 || iseq ${buildarch} x86_64 && goto start_amd64 ||
goto error_handler goto error_handler
# Builds may be done on 32-bit, but machines will always be 64-bit. # Builds may be done on 32-bit, but machines will always be 64-bit.
# Keep this section just in case we want to use 32-bit machines in the future. # Keep this section just in case we want to use 32-bit machines in the future.
:start_arm32 :start_arm32
@ -210,13 +187,6 @@ goto static_ip_boot_setup
:boot_all :boot_all
# Get accurate time so we can set the clock in kernel boot cmdline
echo Syncing time over NTP
ntp pool.ntp.org || goto error_handler
# check for EFI
iseq ${platform} efi && goto is_efi || goto not_efi
# We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate # We use HTTP because IPXE's HTTPS implementation is lacking. So we delegate
# integrity and validation to imgverify. # integrity and validation to imgverify.
@ -224,6 +194,7 @@ iseq ${platform} efi && goto is_efi || goto not_efi
# kernel fails to load it in the "root=" part of the kernel cmdline. # kernel fails to load it in the "root=" part of the kernel cmdline.
# However, note that imgverify will fail if you refer to it as "/squashfs" # However, note that imgverify will fail if you refer to it as "/squashfs"
# instead of "squashfs". # instead of "squashfs".
# "--signer" validates against the subject common name field of the signing # "--signer" validates against the subject common name field of the signing
# certificate. That signing cert must have both the digital signature key # certificate. That signing cert must have both the digital signature key
# usage set and the code-signing key usage extension set. # usage set and the code-signing key usage extension set.
@ -232,36 +203,23 @@ iseq ${platform} efi && goto is_efi || goto not_efi
# make sure you pick a common name with a FQDN you control, even if you're # make sure you pick a common name with a FQDN you control, even if you're
# using a custom CA that you import during build. # using a custom CA that you import during build.
:is_efi initrd http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/initrd.cpio || goto try_next_card
echo Attempting EFI boot imgverify --signer images.sysdeploy.org initrd.cpio http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler
set initrd1 initrd=initrd.cpio
isset initrd2 && clear initrd2
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio || goto try_next_card kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
imgverify --signer images.sysdeploy.org initrd.cpio http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/initrd.cpio.sig || goto error_handler imgverify --signer images.sysdeploy.org boot-kernel http://images.sysdeploy.org/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
goto efi_and_not_efi
:not_efi # Get accurate time so we can set the clock in kernel boot cmdline
echo Attempting legacy boot ntp pool.ntp.org || goto error_handler
set initrd1 initrd=boot-initrd
set initrd2 initrd=squashfs
imgfetch http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs /squashfs || goto try_next_card echo ip-info ${ip-info}
imgverify --signer images.sysdeploy.org squashfs http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/squashfs.sig || goto error_handler
initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd || goto try_next_card
imgverify --signer images.sysdeploy.org boot-initrd http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-initrd.sig || goto error_handler
:efi_and_not_efi
kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel || goto try_next_card
imgverify --signer images.sysdeploy.org boot-kernel http://images-sysdeploy.b-cdn.net/${ubuntu-variant}/${arch-info}/boot-kernel.sig || goto error_handler
sleep 1 sleep 1
boot boot-kernel ${initrd1} ${initrd2} rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler boot boot-kernel initrd=initrd.cpio rootfstype=squashfs root=/squashfs ip=${ip-info} overlayroot=tmpfs:recurse=0 systemd.clock-usec=${unixtime:int32}000000 ds=nocloud-net;s=https://cloud-init.sysdeploy.org/apiv2?uuid=${uuid}&filetype= || goto error_handler
# unixtime variable must be used with int32, because that's the only way it # unixtime variable must be used with int32, because that's the only way it
# will display as decimal digits. unit32 and string both display as hex. # will display as decimal digits. unit32 and string both display as hex.
# Therefore this will stop working in 2038. # Therefore this will stop working in 2038.