[automated-distro-installer] / fai / config / hooks / instsoft.DEFAULT

#!/bin/bash

# These are things we can do before package_config packages get installed.

# exit for any vm except demohost, or if we are doing a dirinstall
if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then
  exit 0
fi

if ifclass FSF; then
  exit 0
fi

keyfile=/var/lib/fai/config/distro-install-common/luks/host-$HOSTNAME
f=$target/root/keyscript
cat > $f <<EOFOUTER
#!/bin/sh
cat <<'EOF'
$(cat $keyfile)
EOF
EOFOUTER
chmod 700 $f


# for hosts which don't have these data volumes, copy the specific
# files we need.
if ifclass demohost; then
  files=(/var/lib/fai/config/distro-install-common/luks/host-demohost)
elif ifclass tp; then
  files=(/var/lib/fai/config/distro-install-common/luks/host-tp)
fi
if [[ ${files[0]}  ]]; then
  d=$target/q/root/luks
  mkdir -p $d
  chmod 700 $d
  cp -p ${files[@]} $d
fi


#### This bit is duplicated in rootsshsync, except we skip
#### update-initramfs and add $target
####
# We generally shouldn't need this, because we don't ssh in on the 1st
# reboot since we initially embed the luks key, and with distro-begin,
# we run rootsshsync around the same time as we remove it. However, it
# could be helpful in case of problems.

auth_dir=$target/etc/dropbear/initramfs/
candidate=$(apt-cache policy dropbear-initramfs | awk '$1 == "Candidate:" { print $2 }' | head -n1 ||:)
if [[ $candidate ]] && dpkg --compare-versions "$candidate" lt 2020.81-4; then
  auth_dir=$target/etc/dropbear-initramfs
fi
auth_file=$auth_dir/authorized_keys
mkdir -p $auth_dir
if [[ ! -e $auth_file ]] || ! diff -q /root/.ssh/authorized_keys $auth_file; then
  cp -p /root/.ssh/authorized_keys $auth_file
fi