jvtrudel/harmony
1
0
Fork 0
forked from NationTech/harmony
Code Pull Requests Activity

enhance hvee environment variables

Browse Source
This commit is contained in:
Jérémy Viau-Trudel
2025-11-10 13:22:25 -05:00
parent 06c9d78049
commit 28476fbac4
13 changed files with 435 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
examples/opnsense/scripts/harmony-ve-opnsense-img-src
View File

@@ -10,13 +10,8 @@ harmony-ve-opnsense-img-src()(
SCRIPTS_DIR=$(readlink -f "$(dirname "${BASH_SOURCE}")")
. "${SCRIPTS_DIR}/common"
. "${SCRIPTS_DIR}/default-env-var"
OPNSENSE_SRC_BASE_URL=https://pkg.opnsense.org/releases
ALT1_SRC_BASE_URL=https://mirror.vraphim.com/opnsense/releases
ALT2_SRC_BASE_URL=https://mirror.winsub.kr/opnsense/releases
DEFAULT_KVM_IMG_DIR=$HOME/.harmony-ve/img-src
KVM_IMG_DIR=${KVM_IMG_DIR:-$DEFAULT_KVM_IMG_DIR}
[ -d "$KVM_IMG_DIR" ] || mkdir -p "${KVM_IMG_DIR}"
_short_help(){
@@ -75,12 +70,12 @@ EOM
_list_local_images(){
ls "${KVM_IMG_DIR}" | grep "OPNsense-" | grep "\-nano\-amd64\.img" | cut -d'-' -f 2 | sort -u -r
ls "${_HVE_OPNSENSE_SRC_IMG}" | grep "OPNsense-" | grep "\-nano\-amd64\.img" | cut -d'-' -f 2 | sort -u -r
}
_list_remote_images(){
curl -L -s "${OPNSENSE_SRC_BASE_URL}" | sed 's/</\n</g' | grep href | grep 2 | cut -d'>' -f 2 | cut -d '/' -f 1 | sort -r
curl -L -s "${_HVE_OPNSENSE_URL}" | sed 's/</\n</g' | grep href | grep 2 | cut -d'>' -f 2 | cut -d '/' -f 1 | sort -r
}
_latest_version(){
@@ -89,7 +84,7 @@ EOM
_is_downloaded(){
version=$1
name="${KVM_IMG_DIR}/OPNsense-${version}-nano-amd64.img"
name="${_HVE_OPNSENSE_SRC_IMG}/OPNsense-${version}-nano-amd64.img"
[ -f "$name" ] && return 0 || return 1
}
@@ -104,7 +99,6 @@ EOM
_download_crypto_files $version
pushd "${KVM_IMG_DIR}"
name="OPNsense-${version}-nano-amd64.img"
compressed_name=$name.bz2
@@ -112,7 +106,7 @@ EOM
_is_downloaded $version && {
_warn "Image '$name' is already downloaded"
} || {
url=$OPNSENSE_SRC_BASE_URL/$version/$compressed_name
url=$_HVE_OPNSENSE_URL/$version/$compressed_name
>&2 echo DOWNLOAD $url
wget -q -c "${url}"
@@ -121,8 +115,6 @@ EOM
>&2 echo DECOMPRESS $url
bzip2 -d $compressed_name
}
popd
}
@@ -142,14 +134,13 @@ EOM
# see: https://docs.opnsense.org/manual/install.html#download-and-verification
version=$1
pushd "${KVM_IMG_DIR}"
# download multiple pubkeys from different server
pubkey="OPNsense-${version}.pub"
rm -f $pubkey $pubkey.sig $pubkey.alt1 $pubkey.alt2
url=$OPNSENSE_SRC_BASE_URL/$version/$pubkey
url=$_HVE_OPNSENSE_URL/$version/$pubkey
wget -q -c "${url}"
# failing:
@@ -158,17 +149,15 @@ EOM
openssl base64 -d -in $pubkey.sig -out /tmp/file.sig
openssl dgst -sha256 -verify $pubkey -signature /tmp/file.sig $pubkey || _fatal "Can't verify the signature of the public key"
url_alt1=$ALT1_SRC_BASE_URL/$version/$pubkey
url_alt1=$_HVE_OPNSENSE_URL_ALT1/$version/$pubkey
wget -q -c -O "$pubkey.alt1" "${url_alt1}"
url_alt2=$ALT2_SRC_BASE_URL/$version/$pubkey
url_alt2=$_HVE_OPNSENSE_URL_ALT2/$version/$pubkey
wget -q -c -O "$pubkey.alt2" "${url_alt2}"
_compare_files_checksum $pubkey $pubkey.alt1 || { popd && _fatal "Fail to compare pubkeys" ; }
_compare_files_checksum $pubkey $pubkey.alt1 || _fatal "Fail to compare pubkeys" ;
_compare_files_checksum $pubkey $pubkey.alt2 || { popd && _fatal "Fail to compare pubkeys" ; }
_compare_files_checksum $pubkey $pubkey.alt2 || _fatal "Fail to compare pubkeys" ;
@@ -184,7 +173,7 @@ EOM
for file in $img_sig $sha256_name $sha256_sig;
do
url=$OPNSENSE_SRC_BASE_URL/$version/$file
url=$_HVE_OPNSENSE_URL/$version/$file
wget -q -c "${url}"
done
@@ -193,8 +182,6 @@ EOM
openssl base64 -d -in $sha256_sig -out /tmp/file.sig
openssl dgst -sha256 -verify $pubkey -signature /tmp/file.sig $sha256_name || _fatal "Can't verify the signature of the checksum file"
popd
}
_download(){
@@ -211,27 +198,18 @@ EOM
_verify_image_checksum(){
failed=1
version=$1
name="OPNsense-${version}-nano-amd64.img.bz2"
sha256_file="OPNsense-${version}-checksums-amd64.sha256"
pushd "${KVM_IMG_DIR}"
sha256=$(cat $sha256_file | grep "$name" | cut -d'=' -f 2 | tr -s [:space:])
echo "$sha256 $name" | sha256sum -c || failed=0
popd
[ "$failed" = "1" ] || _fatal "Checksum failed for '$name'"
echo "$sha256 $name" | sha256sum -c || _fatal "Checksum failed for '$name'"
}
_verify_image_signature(){
version=$1
pushd "${KVM_IMG_DIR}"
# download multiple pubkeys from different server
pubkey="OPNsense-${version}.pub"
@@ -265,25 +243,16 @@ EOM
version=${1:-}
if [ -z "${version:-1}" ]; then
_clear
pushd "${KVM_IMG_DIR}"
rm -f *.img
popd
else
pushd "${KVM_IMG_DIR}"
rm -f *$version*.img
popd
fi
}
_clear(){
pushd "${KVM_IMG_DIR}"
rm -f *.pub *.sig *.bz2 *.alt1 *.alt2 *.sha256
popd
}
case "${1:-}" in
@@ -306,19 +275,27 @@ case "${1:-}" in
fi
;;
download)
pushd "${_HVE_OPNSENSE_SRC_IMG}"
_download "${2:-"$(_latest_version)"}"
popd
;;
delete)
pushd "${_HVE_OPNSENSE_SRC_IMG}"
_delete "${@:2}"
popd
;;
check)
pushd "${_HVE_OPNSENSE_SRC_IMG}"
_check "${@:2}"
popd
;;
show)
ls $KVM_IMG_DIR | cat
ls $_HVE_OPNSENSE_SRC_IMG | cat
;;
clear)
pushd "${_HVE_OPNSENSE_SRC_IMG}"
_clear "${@:2}"
popd
;;
*)
_warn "Unknown COMMAND '$1'"
@@ -331,6 +308,3 @@ esac
[ "$0" != "${BASH_SOURCE}" ] || harmony-ve-opnsense-img-src "${@}"
# todo: refactor
# todo: enhance output management