From 557a2ac5de589b7d111eeeeea992cff60473d6f4 Mon Sep 17 00:00:00 2001 From: Sfikas Date: Tue, 19 Nov 2024 02:11:04 -0800 Subject: [PATCH] NIT: provisioning fetching scripts use either tsh or ssh (#286) --- scripts/fetch-certs.sh | 104 +++++++++++++++++++++++++++++++++++++++++ scripts/tsh-certs.sh | 60 ------------------------ 2 files changed, 104 insertions(+), 60 deletions(-) create mode 100755 scripts/fetch-certs.sh delete mode 100755 scripts/tsh-certs.sh diff --git a/scripts/fetch-certs.sh b/scripts/fetch-certs.sh new file mode 100755 index 00000000..f36ceff7 --- /dev/null +++ b/scripts/fetch-certs.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bash + +set -o errexit # abort on nonzero exit status +set -o errtrace # pass ERR trap down to functions, substitutions, etc +set -o nounset # abort on unbound variable +set -o pipefail # don’t hide errors within pipes + +# Function to display usage information +usage() { + echo "Usage: $0 [OPTIONS] + + Arguments: + Specify the teleport tunnel or IPv4 address + Specify the destination folder for fetching + + Options: + -s, --short Skip the attestation certificate + -p, --passphrase Expected to be used with IPv4 address + + Description: + Copy the certificates from the device to the host machine. + Notes: + For development images, both the teleport tunnel and IPv4 address can be used. + For production images, the ssh client is disabled, only teleport can by used." +} + +main() { + local arg + local remote + local short=false + local passphrase="" + local scp_prefix="tsh" + local positional_args=() + while [[ $# -gt 0 ]]; do + arg="${1}"; shift + case ${arg} in + -h | --help) + usage; exit 0 ;; + -s | --short) + short=true ;; + -p | --passphrase) + passphrase=${1}; shift ;; + -*) + echo "invalid argument: ${arg}" + usage; exit 1 ;; + *) + positional_args+=( "${arg}" ) ;; + esac + done + set -- "${positional_args[@]}" + + if [[ "$#" -ne 2 ]]; then + echo "Error: Arguments are missing" + usage; exit 1 + fi + + remote="${1}" + if [[ "${remote}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + if [[ -z "${passphrase}" ]]; then + echo "Error: Passphrase is missing" + usage; exit 1 + fi + scp_prefix="sshpass -p "${passphrase}"" + fi + + local destination_folder="${2}" + mkdir -p "${destination_folder}" + + local -a certificates=( + "70000001.extra.raw" + "70000001.signature.raw" + "70000001.pubkey.raw" + "70000002.extra.raw" + "70000002.signature.raw" + "70000002.pubkey.raw" + "7fff0206.chip_id.raw" + "7fff0206.extra.raw" + "7fff0206.signature.raw" + "sss_70000001_0002_0040.bin" + "sss_70000002_0002_0040.bin" + "sss_F0000012_0002_0040.bin" + "sss_fat.bin" + ) + local -r attestation_cert="f0000013.cert" + if [[ "${short}" == false ]]; then + certificates+=( "${attestation_cert}" ) + fi + + local file + for file in "${certificates[@]}"; do + if [[ "$short" == true && "$file" == "f0000013.cert" ]]; then + continue + fi + echo "Copying ${file} from ${remote}..." + if ! ${scp_prefix} scp "worldcoin@${remote}:/usr/persistent/se/keystore/${file}" "${destination_folder}/"; then + echo "Error: Failed to copy ${file}" + fi + done +} + +# Ensure that main only runs when called as a script +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main "$@" +fi diff --git a/scripts/tsh-certs.sh b/scripts/tsh-certs.sh deleted file mode 100755 index 680f22f4..00000000 --- a/scripts/tsh-certs.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit # abort on nonzero exit status -set -o errtrace # pass ERR trap down to functions, substitutions, etc -set -o nounset # abort on unbound variable -set -o pipefail # don’t hide errors within pipes - -# Function to display usage information -usage() { - echo "Usage: $0 - - Arguments: - Specify the teleport tunnel to use - Specify the destination folder to copy files to - " -} - -main() { - if [[ "$#" -ne 2 ]]; then - usage - exit 1 - fi - - local teleport_tunnel="${1}" - local destination_folder="${2}" - - local -r files=( - "70000001.extra.raw" - "70000001.signature.raw" - "70000001.pubkey.raw" - "70000002.extra.raw" - "70000002.signature.raw" - "70000002.pubkey.raw" - "7fff0206.chip_id.raw" - "7fff0206.extra.raw" - "7fff0206.signature.raw" - "f0000013.cert" - "sss_70000001_0002_0040.bin" - "sss_70000002_0002_0040.bin" - "sss_F0000012_0002_0040.bin" - "sss_fat.bin" - ) - - # Create destination folder if it doesn't exist - mkdir -p "${destination_folder}" - - # Loop through the files and use tsh scp to copy each one - local file - for file in "${files[@]}"; do - echo "Copying ${file} from ${teleport_tunnel}..." - if ! tsh scp "worldcoin@${teleport_tunnel}:/usr/persistent/se/keystore/${file}" "${destination_folder}/"; then - echo "Error: Failed to copy ${file}" - fi - done -} - -# Ensure that main only runs when called as a script -if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then - main "$@" -fi