2022-11-17 05:44:20 -05:00
|
|
|
#!/usr/bin/env bash
|
2022-10-19 07:10:15 -04:00
|
|
|
set -euxo pipefail
|
|
|
|
|
|
|
|
# This will work in sd-boot 251 to auto-enroll secure boot keys.
|
|
|
|
# https://www.freedesktop.org/software/systemd/man/systemd-boot.html
|
|
|
|
# > CHANGES WITH 252 in spe:
|
|
|
|
# > [...]
|
|
|
|
# > * sd-boot can automatically enroll SecureBoot keys from files found on
|
|
|
|
# > the ESP. This enrollment can be either automatic ('force' mode) or
|
|
|
|
# > controlled by the user ('manual' mode).
|
|
|
|
# > [...]
|
|
|
|
#
|
|
|
|
# echo "secure-boot-enroll force" >> /boot/loader/loader.conf
|
|
|
|
|
|
|
|
# create mountpoints in /etc
|
|
|
|
mkdir -p /etc/{cni,kubernetes}
|
|
|
|
|
|
|
|
# move issue files away from /etc
|
|
|
|
# to allow /run/issue and /run/issue.d to take precedence
|
|
|
|
mv /etc/issue.d /usr/lib/issue.d || true
|
|
|
|
rm -f /etc/issue
|
|
|
|
rm -f /etc/issue.net
|
2022-11-16 09:45:10 -05:00
|
|
|
|
2023-01-13 10:01:45 -05:00
|
|
|
# add motd for constellation console access
|
2023-01-16 06:04:35 -05:00
|
|
|
if [[ ${CONSOLE_MOTD:-false} == "true" ]]; then
|
|
|
|
cat <<EOF > /usr/lib/motd.d/10-constellation-console-access.motd
|
2023-01-13 10:01:45 -05:00
|
|
|
~ Welcome to Constellation! ~
|
|
|
|
Usually, on release versions of Constellation running in the cloud, you are not able to login through the serial console.
|
|
|
|
This shell access is specifically granted for debug images and MiniConstellation to allow users to research the environment Constellation runs in.
|
|
|
|
Have fun! Feel free to report any issues to GitHub or security@edgeless.systems (for security vulnerabilities only).
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
2022-11-16 09:45:10 -05:00
|
|
|
# update /etc/os-release
|
|
|
|
echo "IMAGE_ID=\"${IMAGE_ID}\"" >> /etc/os-release
|
|
|
|
echo "IMAGE_VERSION=\"${IMAGE_VERSION}\"" >> /etc/os-release
|