From 747eb90df16d6f4784df7367b40493f6b49af367 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Sat, 21 Jan 2017 12:38:13 +0100 Subject: [PATCH] Added step menu + can mount (ok) + dd progress + ssh working --- clone/authorized_keys | 1 + clone/clone | 311 +++++++++++++++++++++++++----------------- 2 files changed, 190 insertions(+), 122 deletions(-) create mode 100644 clone/authorized_keys diff --git a/clone/authorized_keys b/clone/authorized_keys new file mode 100644 index 0000000..6e2fe29 --- /dev/null +++ b/clone/authorized_keys @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF91ZI1TROEV5nYmqPv0qW6b4U7BrSD6fK91XxPE2r+Okf756gGJQfg3iRKtyI5noWVU4e7ib3vsOTMSvMDafSDCgFULLasr5OApCrv6/cI/SV5MIerPkZO9eMMD/cZxTuT9aTpsSOtCiv0ewkLkbWHFHvIM0q6uaPQpAYVmpV6wUzoZg== [ECDSA:521] SATS diff --git a/clone/clone b/clone/clone index a5092aa..cba23cc 100755 --- a/clone/clone +++ b/clone/clone @@ -1,9 +1,9 @@ #!/bin/sh -# [1] Check parameter : device file +# [!] Check parameter : device file #========================================================# -echo ">>> [1] Checking parameter : device"; +echo ">>> [!] Checking parameter : device"; # (1) Check parameter existence # test $# -lt 1 && echo "Missing parameter : device" && exit; @@ -15,140 +15,207 @@ test $device_type != "usb" && echo ">>> ERROR: device type is $device_type, \"us echo "<<< done"; -# [2] Init device layout (gpt table) +DEV="$1"; + + + +# [1] Init device layout (gpt table) #========================================================# +step1(){ + echo "\n>>> [1] Checking for mounted partitions ($DEV)"; -echo "\n>>> [2] Checking for mounted partitions"; -# (1) List partitions of this device # -mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$1" ); + # (1) List partitions of this device # + mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$DEV" ); -for mounted in $mounted_partitions; do + # if nothing found -> next step + test -z "$mounted_partitions" && echo "<<< done" && step2; + + for mounted in $mounted_partitions; do + + read -p " (!) umount $mounted (y/n) [n]" unmount; + + test -n "$unmount" && test $unmount = "y" && sudo umount $mounted && echo "> unmounted"; + done; + echo "<<< done"; + + step2; +} + + + + +# [2] Initialize GTP Table +#========================================================# +step2(){ + echo "\n>>> [2] Formatting disk ($DEV)"; + + # (1) Confirmation # + read -p" (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format; + test -z "$confirm_format" && echo "<<< aborting" && exit; + test $confirm_format != "y" && echo "<<< aborting" && exit; + + # (2) Init gpt entry # + # echo " ))) replace by real code ((("; + + echo -e "g\nw" | sudo fdisk $DEV; + + step3; +} + + + + + +# [3] Burn image to device +#========================================================# +step3(){ + echo "\n>>> [3] Burning image into disk ($DEV)"; + + # (1) Confirmation # + read -p" (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn; + test -z "$confirm_burn" && echo "<<< aborting" && exit; + test $confirm_burn != "y" && echo "<<< aborting" && exit; + + # (2) Burning image into disk # + sudo dd if=./original.img of=$DEV bs=4M \ + || echo "<<< ERROR: dd command failed" && exit; + + echo "<<< done"; + + step4; +} + + + + + + +# [4] Mount partition +#========================================================# +step4(){ + echo "\n>>> [4] Mounting partition ${DEV}2"; + + # [1] Mount device partition + sudo mount ${DEV}2 /mnt || echo "<<< error: can't mount" && exit; + + echo "<<< done"; + + step5; +} + + + +# [5] Updating users +#========================================================# +step5(){ + echo "\n>>> [5] Updating users"; + + echo " (.) Adding user satsuser"; + # shadow + echo " /etc/shadow"; + ## TODO: Manage default password ## + echo "satsuser:*:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/null; + echo "satsuser:*:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null; + + # passwd + echo " /etc/passwd"; + echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null; + echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null; + + echo " (.) Removing pi's login password"; + # create temp file without pi's password + sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null; + # write original files + sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null; + sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null; + # remove temporary file + sudo rm /mnt/etc/shadow.tmp; + + step6; +} + + +# [6] Updating groups +#========================================================# +step6(){ + echo "\n>>> [6] Updating groups"; + + echo " (.) Adding group ssh-key"; + # group + echo " /etc/group"; + echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null; + echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null; + + echo " (.) Adding group sats-user"; + # group + echo " /etc/group"; + echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null; + echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null; + + step7; +} + + + + +# [7] Manage SSH keys # +#========================================================# +step7(){ + echo "\n>>> [7] Create ssh keys"; + + # (1) Create ssh key pair # + echo " (.) Create ssh key [ecdsa:521]"; + ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./id_ecdsa; + + # (2) Add public key to server's `authorized_keys` file # + echo " (.) Add public key to server's list"; + cat ./id_ecdsa.pub >> ./authorized_keys; + + # (3) Create ssh file system # + echo " (.) init ssh folder (/home/sats-user/.ssh)"; + sudo mkdir /mnt/home/sats-user/.ssh; - read -p " (!) umount $mounted (y/n) [n]" unmount; - test -n "$unmount" && test $unmount = "y" && sudo umount $mounted && echo "> unmounted"; -done; -echo "<<< done"; + # (4) Add both keys to sats-user files # + echo " (.) add keys to ssh folder"; + sudo mv ./id_ecdsa /mnt/home/sats-user/.ssh/id_ecdsa; + sudo mv ./id_ecdsa.pub /mnt/home/sats-user/.ssh/id_ecdsa.pub; + # (5) Set up permissions # + echo " (.) Set up permissions"; + sudo chown -R 666:666 /mnt/home/sats-user/.ssh/; + sudo chmod 400 /mnt/home/sats-user/.ssh/id_ecdsa*; -# [3] Initialize GTP Table -#========================================================# -echo "\n>>> [3] Formatting disk"; - -# (1) Confirmation # -read -p" (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format; -test -z "$confirm_format" && echo "<<< aborting" && exit; -test $confirm_format != "y" && echo "<<< aborting" && exit; - -# (2) Init gpt entry # -# echo " ))) replace by real code ((("; - -echo -e "g\nw" | sudo fdisk $1; + step8; +} -# [4] Burn image to device -#========================================================# -echo "\n>>> [4] Burning image into disk"; -# (1) Confirmation # -read -p" (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn; -test -z "$confirm_burn" && echo "<<< aborting" && exit; -test $confirm_burn != "y" && echo "<<< aborting" && exit; - -# (2) Burning image into disk # -sudo dd if=./original.img of=$1 bs=4M \ - || ( echo "<<< ERROR: dd command failed" && exit ); - -echo "<<< done"; - - -exit; - - -# [5] Mount partition +# [8] Manage Network config #========================================================# -echo "\n>>> [5] Mounting partition ${1}2"; - -# [1] Mount device partition -sudo mount ${1}2 /mnt -o uid=$UID,gid=$GID,umask=022; - -echo "<<< done"; -# [6] Updating users & groups +# [0] Step choice #========================================================# +echo "\nSTEPS"; +echo "(1) Init device layout (gpt table)"; +echo "(2) Format disk"; +echo "(3) Burn image into disk"; +echo "(4) Mount / partition"; +echo "(5) Update users"; +echo "(6) Update groups"; +echo "(7) Manage ssh keys"; +read -p "step: " step; -echo "\n>>> [6] Updating users & groups"; - -echo " (.) Adding user satsuser"; -# shadow -echo " /etc/shadow"; -echo "satsuser:{somedigestedpass}:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow > /dev/mull; -echo "satsuser:{somedigestedpass}:17185:0:999999:7::" | sudo tee -a /mnt/etc/shadow- > /dev/null; - -# passwd -echo " /etc/passwd"; -echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd > /dev/null; -echo "satsuser:x:666:666:sats-user,,,:/home/sats-user:/bin/sh" | sudo tee -a /mnt/etc/passwd- > /dev/null; - -echo " (.) Removing pi's login password"; -# create temp file without pi's password -sudo cat /mnt/etc/shadow | sed 's/pi:[^:]\+:/pi:*:/' | sudo tee /mnt/etc/shadow.tmp > /dev/null; -# write original files -sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow > /dev/null; -sudo cat /mnt/etc/shadow.tmp | sudo tee /mnt/etc/shadow- > /dev/null; -# remove temporary file -sudo rm /mnt/etc/shadow.tmp; - - -echo " (.) Adding group ssh-key"; -# group -echo " /etc/group"; -echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group > /dev/null; -echo "ssh-key:x:555:pi,sats-user" | sudo tee -a /mnt/etc/group- > /dev/null; - -echo " (.) Adding group sats-user"; -# group -echo " /etc/group"; -echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group > /dev/null; -echo "sats-user:x:666:sats-user" | sudo tee -a /mnt/etc/group- > /dev/null; - - - - - -# [4] Manage SSH keys # -######################################## - -# [1] Create ssh key pair -ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./id_ecdsa; - -# [2] Add public key to server's `authorized_keys` file -cat ./id_ecdsa.pub >> ./authorized_keys; - -# [3] Add both keys to SATS file system -mv ./id_ecdsa /mnt/home/SATS/.ssh/id_ecdsa; -mv ./id_ecdsa.pub /mnt/home/SATS/.ssh/id_ecdsa.pub; - -# [4] Adjust permissions -chown SATS:SATS /mnt/home/SATS/.ssh/id_ecdsa; -chmod 600 /mnt/home/SATS/.ssh/id_ecdsa; - - -# [5] Manage Wifi Credentials -######################################## - -# [1] generate wpa digest -psk=$( echo "$3" | wpa_passphrase "$2" | grep -E "^\spsk" | sed 's/^\spsk=//' ); - -# [2] Append SSID to `interfaces` config -echo "\twpa-ssid\t$2" >> /mnt/etc/network/interfaces; - -# [3] Append WPA digest to `interfaces` config -echo "\twpa-psk\t$psk" >> /mnt/etc/network/interfaces; - - - -# [6] ..... +case $step in + "1") step1;; + "2") step2;; + "3") step3;; + "4") step4;; + "5") step5;; + "6") step6;; + "7") step7;; + *) echo "wrong step"; exit;; +esac;