constellation/image/mkosi.postinst

37 lines
1.4 KiB
Plaintext
Raw Normal View History

#!/usr/bin/env bash
2022-10-19 07:10:15 -04:00
set -euxo pipefail
# This will work in sd-boot 251 to auto-enroll secure boot keys.
# https://www.freedesktop.org/software/systemd/man/systemd-boot.html
# > CHANGES WITH 252 in spe:
# > [...]
# > * sd-boot can automatically enroll SecureBoot keys from files found on
# > the ESP. This enrollment can be either automatic ('force' mode) or
# > controlled by the user ('manual' mode).
# > [...]
#
# echo "secure-boot-enroll force" >> /boot/loader/loader.conf
# create mountpoints in /etc
mkdir -p /etc/{cni,kubernetes}
# move issue files away from /etc
# to allow /run/issue and /run/issue.d to take precedence
mv /etc/issue.d /usr/lib/issue.d || true
rm -f /etc/issue
rm -f /etc/issue.net
# add motd for constellation console access
2023-01-16 06:04:35 -05:00
if [[ ${CONSOLE_MOTD:-false} == "true" ]]; then
cat <<EOF > /usr/lib/motd.d/10-constellation-console-access.motd
~ Welcome to Constellation! ~
Usually, on release versions of Constellation running in the cloud, you are not able to login through the serial console.
This shell access is specifically granted for debug images and MiniConstellation to allow users to research the environment Constellation runs in.
Have fun! Feel free to report any issues to GitHub or security@edgeless.systems (for security vulnerabilities only).
EOF
fi
# update /etc/os-release
echo "IMAGE_ID=\"${IMAGE_ID}\"" >> /etc/os-release
echo "IMAGE_VERSION=\"${IMAGE_VERSION}\"" >> /etc/os-release