From: Christian Heller <c.heller@plomlompom.de>
Date: Mon, 3 Mar 2025 03:55:18 +0000 (+0100)
Subject: Add secrets setup.
X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/%22https:/validator.w3.org/%7B%7Bdb.prefix%7D%7D/condition?a=commitdiff_plain;p=config

Add secrets setup.
---

diff --git a/testing/scripts/setup_secrets.sh b/testing/scripts/setup_secrets.sh
new file mode 100755
index 0000000..0368ad9
--- /dev/null
+++ b/testing/scripts/setup_secrets.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+set -e
+set -x
+
+SECRETS_DEV=sdb
+PATH_SECRETS_DEV=/dev/${SECRETS_DEV}
+PATH_REL_SECRETS=to_usbbb
+PATH_SOURCE=/media/${SECRETS_DEV}/${PATH_REL_SECRETS}
+PATH_HOME=/home/plom
+PATH_TARGET=${PATH_HOME}/${PATH_REL_SECRETS}
+PATH_REL_SSH=.ssh
+PATH_SSH=${PATH_HOME}/${PATH_REL_SSH}
+NAME_KEY=id_rsa
+
+# Ensure we're running as root.
+if [ `whoami` != "root" ]; then
+    echo "Must be run as root."
+    exit 1 
+fi
+
+# Mount secrets device and copy over its content.
+echo "Put secrets drive into slot for ${PATH_SECRETS_DEV}."
+while [ ! -e "${PATH_SECRETS_DEV}" ]; do
+    sleep 0.1
+done
+while [ true ]; do
+    stty -echo
+    printf "Secrets passphrase: "
+    read SECRETS_PASS 
+    stty echo
+    echo "" # newline so user knows their input return was accepted
+    set +e
+    echo "${SECRETS_PASS}" | pmount "${PATH_SECRETS_DEV}"
+    result=$?
+    set -e
+    if [ "${result}" = "0" ]; then
+        break
+    elif [ "${result}" != "100" ]; then
+        echo "Aborting due to pmount error."
+	exit 1
+    fi
+done
+cp -a "${PATH_SOURCE}" "${PATH_TARGET}"
+chown -R plom:plom "${PATH_TARGET}"
+pumount "${SECRETS_DEV}"
+echo "You can remove ${PATH_SECRETS_DEV} now."
+
+# Set up SSH authentication.
+echo "Setting up .ssh"
+su -lc "mkdir -p ${PATH_SSH} && cp ${PATH_TARGET}/${NAME_KEY} ${PATH_SSH}/"
+su -lc "ssh-keygen -y -f ${PATH_SSH}/${NAME_KEY} > ${PATH_SSH}/${NAME_KEY}.pub" plom