From c533026ed73fae296d3688b45c070b021f8280b0 Mon Sep 17 00:00:00 2001
From: Ben Swartzlander <ben@swartzlander.org>
Date: Fri, 27 Jan 2017 14:03:51 -0500
Subject: [PATCH] Support SSH keys from config drive

Add kernel support for IDE CDROM drives, add a package for JSON
parsing, and updating the metadata script to look for SSH keys
on the config drive in addition to the metadata server.

Change-Id: Ic8f065bfd77dd4c533590a023bab8b1d32da1f53
---
 common-files/etc/init.d/S99metadata | 45 ++++++++++++++++++++++-------
 conf/linux.config                   | 12 +++++++-
 run-buildroot.sh                    | 14 ++++++++-
 3 files changed, 58 insertions(+), 13 deletions(-)

diff --git a/common-files/etc/init.d/S99metadata b/common-files/etc/init.d/S99metadata
index 3796132..6954fa6 100755
--- a/common-files/etc/init.d/S99metadata
+++ b/common-files/etc/init.d/S99metadata
@@ -1,19 +1,42 @@
 #!/bin/sh
 
+check_net() {
+	url="http://169.254.169.254/2009-04-04/meta-data"
+	(
+		wget -q -O - -T 10 $url/public-keys 2> /dev/null || exit 1
+		echo
+	) | (
+		while read line
+		do
+		key=$(echo $line | sed 's/\([0-9]\+\)=.*/\1/')
+		key_url=$url/public-keys/$key/openssh-key
+		wget -q -O - -T 10 $key_url 2> /dev/null || exit 1
+		done
+	) >> authorized_keys
+}
+
+json_metadata() {
+	F=$1/ec2/2009-04-04/meta-data.json
+	[ -f $F ] || return
+	JSON.sh < $F | sed -n 's/^\["public-keys","[0-9]\+","openssh-key"\]\t"\(.*\)\\n"$/\1/p'
+}
+
+check_cd() {
+	[ -b /dev/sr0 ] || return
+	mkdir /tmp/cd
+	if mount /dev/sr0 /tmp/cd
+	then
+		json_metadata /tmp/cd >> authorized_keys
+		umount /tmp/cd
+	fi
+	rmdir /tmp/cd
+}
+
 mkdir -p /root/.ssh
 cd /root/.ssh
 chmod 700 .
 [ -f authorized_keys ] || touch authorized_keys
 chmod 600 authorized_keys
 
-url="http://169.254.169.254/2009-04-04/meta-data"
-(
-	wget -q -O - -T 10 $url/public-keys 2> /dev/null || exit 1
-	echo
-) | (
-	while read line
-	do
-	key=$(echo $line | sed 's/\([0-9]\+\)=.*/\1/')
-	wget -q -O - -T 10 $url/public-keys/$key/openssh-key 2> /dev/null || exit 1
-	done
-) >> /root/.ssh/authorized_keys
+check_net
+check_cd
diff --git a/conf/linux.config b/conf/linux.config
index 6640675..95b0b7b 100644
--- a/conf/linux.config
+++ b/conf/linux.config
@@ -17,10 +17,18 @@ CONFIG_SYN_COOKIES=y
 CONFIG_DEVTMPFS=y
 CONFIG_DEVTMPFS_MOUNT=y
 CONFIG_VIRTIO_BLK=y
-CONFIG_SCSI=y
 CONFIG_BLK_DEV_SD=y
+CONFIG_BLK_DEV_SR=y
 CONFIG_CHR_DEV_SG=y
 CONFIG_SCSI_VIRTIO=y
+CONFIG_ATA=y
+CONFIG_ATA_PIIX=y
+CONFIG_PATA_OLDPIIX=y
+CONFIG_PATA_SCH=y
+CONFIG_PATA_VIA=y
+CONFIG_PATA_MPIIX=y
+CONFIG_ATA_GENERIC=y
+CONFIG_PATA_LEGACY=y
 CONFIG_NETDEVICES=y
 CONFIG_VIRTIO_NET=y
 # CONFIG_ETHERNET is not set
@@ -45,6 +53,8 @@ CONFIG_EXT2_FS=y
 CONFIG_EXT2_FS_XATTR=y
 CONFIG_EXT2_FS_POSIX_ACL=y
 CONFIG_EXT2_FS_SECURITY=y
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
 CONFIG_TMPFS=y
 # CONFIG_MISC_FILESYSTEMS is not set
 CONFIG_NFS_FS=y
diff --git a/run-buildroot.sh b/run-buildroot.sh
index d9bc619..b213bf9 100755
--- a/run-buildroot.sh
+++ b/run-buildroot.sh
@@ -9,17 +9,30 @@
 
 ./init-buildroot.sh
 
+# Grab JSON.sh for json parsing
+JSON_VERS=e05e69a0debdba68125a33ac786726cb860b2e7b
+JSON_SH=https://raw.githubusercontent.com/dominictarr/JSON.sh/$JSON_VERS/JSON.sh
+if [ ! -x download/JSON.sh ]
+then
+	curl -s $JSON_SH > download/JSON.sh
+	chmod +x download/JSON.sh
+fi
+
 # Create the filesystem overlays
 if [ ! -d overlay-client ]
 then
 	mkdir overlay-client
 	cp -a common-files/* overlay-client
+	mkdir -p overlay-client/usr/bin
+	cp download/JSON.sh overlay-server/usr/bin
 fi
 if [ ! -d overlay-server ]
 then
 	mkdir overlay-server
 	cp -a common-files/* overlay-server
 	cp -a server-files/* overlay-server
+	mkdir -p overlay-server/usr/bin
+	cp download/JSON.sh overlay-server/usr/bin
 fi
 
 # Copy the config files where they need to go (temporarily)
@@ -45,4 +58,3 @@ do
 	make O=../output-${IMAGE} all
 	( cd .. ; ./make-bootable-disk.sh $IMAGE )
 done
-