diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-06-05 19:04:54 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-05 19:04:54 +0200 |
| commit | e4d239a5d3adb75358e81cc6938f5756e301865a (patch) | |
| tree | 3627992400c0bffdbddab37aba17c38984245eb3 | |
| parent | ff6dca45aaf60a58ec68fcaee078ab57f0611312 (diff) | |
| parent | a31b092a4f6297cf13261023cb17e8c8e1e6b315 (diff) | |
| download | vyatta-cfg-system-e4d239a5d3adb75358e81cc6938f5756e301865a.tar.gz vyatta-cfg-system-e4d239a5d3adb75358e81cc6938f5756e301865a.zip | |
Merge pull request #146 from erkin/current
T3356: Switch install-image from curl to remote.py
| -rwxr-xr-x | scripts/install/install-image | 78 |
1 files changed, 23 insertions, 55 deletions
diff --git a/scripts/install/install-image b/scripts/install/install-image index 08e9fff4..451ae285 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -98,74 +98,43 @@ PART_FILE='' # Temp directory for downloaded ISO TEMP_DIR="/var/tmp/install-image.$$" +download_file () +{ + (REMOTE_USERNAME=$USERNAME \ + REMOTE_PASSWORD=$PASSWORD \ + ip vrf exec $VRF python3 -c "import vyos.remote; vyos.remote.friendly_download('$1', '$2')") +} + # Try to fetch the ISO file using a URL provided by the user. # If successful, we leave $NEW_ISO pointing to the ISO file that # was downloaded. fetch_iso_by_url () { mkdir $TEMP_DIR - echo "Trying to fetch ISO file from $NEW_ISO" - - if [ -n "$USERNAME" ]; then - AUTH="-u $USERNAME:$PASSWORD" - else - AUTH="" - fi - - # This is for statistics collection - vyos_version=`cat /opt/vyatta/etc/version | awk '{print $2}'` - filename="${TEMP_DIR}/${NEW_ISO##*/}" - ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o $filename $NEW_ISO - curlerror=$? - if [ $curlerror -eq 51 ]; then - host=${NEW_ISO##scp://} - host=${host%%/*} - rsa_key=$(ssh-keyscan -t rsa $host 2>/dev/null) - if [[ $VYATTA_PROCESS_CLIENT == "gui2_rest" ]]; then - response="yes" - else - echo "The authenticity of host '$host' can't be established." - echo "RSA key fingerprint is $(ssh-keygen -lf /dev/stdin <<<$rsa_key \ - | awk {' print $2 '} ) ." - echo "Are you sure you want to continue connecting (yes/no) [yes]?" - response=$(get_response "Yes" "Yes No Y N") - fi - if [[ "$response" == "yes" || "$response" == "y" ]]; then - mkdir -p ~/.ssh/ - echo $rsa_key >> ~/.ssh/known_hosts - ip vrf exec $VRF curl $AUTH -f -o $filename $NEW_ISO - curlerror=$? - fi - fi - if [ $curlerror -ne 0 ]; then - echo "Unable to fetch ISO from $NEW_ISO" - rm -f $filename - exit 1 - fi - if [ ! -e $filename ]; then - echo "Download of $NEW_ISO failed" - exit 1 + + echo "Trying to fetch ISO file from $NEW_ISO..." + download_file "$filename" "$NEW_ISO" + if [ $? -ne 0 ]; then + fail_exit 'Failed to download the ISO file.' fi - echo "ISO download succeeded." + echo "Done." echo "Checking for digital signature file..." - ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o ${filename}.asc ${NEW_ISO}.asc + download_file "${filename}.asc" "${NEW_ISO}.asc" if [ $? -ne 0 ]; then echo "Unable to fetch digital signature file." echo -n "Do you want to continue without signature check? (yes/no) [yes] " - response=$(get_response "Yes" "Yes No Y N") - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - rm -f $filename - fail_exit 'OK. Installation will not be performed.' - fi # In case signature file was partially downloaded... rm -f ${filename}.asc - fi - if [ -e ${filename}.asc ]; then - echo "Found it. Checking digital signature..." + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + else + echo "Checking digital signature..." gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc if [ $? -ne 0 ]; then echo "Signature check FAILED." @@ -174,7 +143,6 @@ fetch_iso_by_url () if [ "$response" == "no" ] || [ "$response" == "n" ]; then fail_exit 'OK. Installation will not be performed.' fi - echo "OK. Proceeding with installation anyway." else echo "Digital signature is valid." @@ -192,7 +160,7 @@ set_up_new_iso () if [ "$url_scheme" != "$NEW_ISO" ]; then if [ "$url_scheme" = "http" -o "$url_scheme" = "https" -o \ "$url_scheme" = "ftp" -o "$url_scheme" = "tftp" -o \ - "$url_scheme" = "scp" ]; then + "$url_scheme" = "scp" -o "$url_scheme" = "sftp" ]; then fetch_iso_by_url fi fi @@ -287,10 +255,10 @@ install_existing () } if [ -z "$USERNAME" ] && [ -n "$PASSWORD" ]; then - fail_exit "Password can not be specified without username" + fail_exit "Password cannot be specified without username." fi if [ -n "$USERNAME" ] && [ -z "$PASSWORD" ]; then - fail_exit "Username can not be specified without password" + fail_exit "Username cannot be specified without password." fi if [ $(id -u) != 0 ]; then fail_exit "Image installation requires root privileges!" |