mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
82462fab17
- enable serial console access for QEMU / mini Constellation - print motd if serial console access is enabled
38 lines
1.4 KiB
Bash
Executable File
38 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euxo pipefail
|
|
|
|
# This will work in sd-boot 251 to auto-enroll secure boot keys.
|
|
# https://www.freedesktop.org/software/systemd/man/systemd-boot.html
|
|
# > CHANGES WITH 252 in spe:
|
|
# > [...]
|
|
# > * sd-boot can automatically enroll SecureBoot keys from files found on
|
|
# > the ESP. This enrollment can be either automatic ('force' mode) or
|
|
# > controlled by the user ('manual' mode).
|
|
# > [...]
|
|
#
|
|
# echo "secure-boot-enroll force" >> /boot/loader/loader.conf
|
|
|
|
# create mountpoints in /etc
|
|
mkdir -p /etc/{cni,kubernetes}
|
|
|
|
# move issue files away from /etc
|
|
# to allow /run/issue and /run/issue.d to take precedence
|
|
mv /etc/issue.d /usr/lib/issue.d || true
|
|
rm -f /etc/issue
|
|
rm -f /etc/issue.net
|
|
|
|
# add motd for constellation console access
|
|
if [[ "${CONSOLE_MOTD:-false}" == "true" ]]; then
|
|
cat <<EOF > /usr/lib/motd.d/10-constellation-console-access.motd
|
|
~ Welcome to Constellation! ~
|
|
Usually, on release versions of Constellation running in the cloud, you are not able to login through the serial console.
|
|
This shell access is specifically granted for debug images and MiniConstellation to allow users to research the environment Constellation runs in.
|
|
Have fun! Feel free to report any issues to GitHub or security@edgeless.systems (for security vulnerabilities only).
|
|
EOF
|
|
fi
|
|
|
|
|
|
# update /etc/os-release
|
|
echo "IMAGE_ID=\"${IMAGE_ID}\"" >> /etc/os-release
|
|
echo "IMAGE_VERSION=\"${IMAGE_VERSION}\"" >> /etc/os-release
|