#!/bin/bash #Get domain-name and gigi-ip from the puppet config to know how to communicate with gigi hostname=$(sed -n "/\$systemDomain/ { s/\$systemDomain = '\([^']*\)'/\1/; p }" environments/production/manifests/ip.pp) ip=$(grep -A10 -F '$ips' environments/production/manifests/ip.pp | grep -F 'gigi =>' | head -n 1 | sed "s/.*'\([^']*\)'.*/\1/") folder=.bootstrap-user-data mkdir -p $folder # Curl gigi using correct host-header, faking https-access and using the cookies in "cookie-jar" function mcurl { local url="$1" shift curl -s --header "X-Real-Proto: https" --header "Host: www.$hostname" -b $folder/cookie-jar "http://$ip/$url" "$@" } # get the csrf out of a webpage (arguments 1 and 2 can be used to select the correct csrf-token) function csrf { grep csrf | ${1:-cat} | ${2:-cat} | sed "s/.*value='\([^']*\)'.*/\\1/" } # update the cookie-jar so that cookies received with https-only property are also sent over our fake-https-connection function open-jar { sed -i 's/TRUE/FALSE/g' "$1" # also use the cookie over insecure connection } function silent_read { prompt="$1" shift read -rsp "$prompt" "$@" printf '\n' } #execute a registration in gigi. If "$1" == "nopass" a password is not asked for but chosen at random. function register { csrf=$(mcurl register -c $folder/cookie-jar | csrf) if ! [[ -f $folder/cookie-jar ]]; then echo "error, could not start gigi" exit 1 fi open-jar $folder/cookie-jar silent_read "First Name: " fname silent_read "Last Name: " lname silent_read "Year of birth: " year silent_read "Month of birth: " month silent_read "Day of birth: " day silent_read "Email address: " email while [[ "$email" == *"'"* || "$email" == *"\\"* ]]; do silent_read "Email address was not valid, try again: " email done if [[ "$1" == "nopass" ]]; then pw1="$(head -c 15 /dev/urandom | base64)" pw2="$pw1" else silent_read "Password: " pw1 silent_read "Password (repeat): " pw2 while [[ "$pw1" != "$pw2" ]]; do silent_read "Password: " pw1 silent_read "Password (repeat): " pw2 done fi mcurl register --data-urlencode "name-type=western" \ --data-urlencode "fname=$fname" \ --data-urlencode "lname=$lname" \ --data-urlencode "suffix" \ --data-urlencode "name" \ --data-urlencode "year=$year" \ --data-urlencode "month=$month" \ --data-urlencode "day=$day" \ --data-urlencode "residenceCountry=invalid" \ --data-urlencode "email=$email" \ --data-urlencode "pword1=$pw1" \ --data-urlencode "pword2=$pw2" \ --data-urlencode "general=1" \ --data-urlencode "country=1" \ --data-urlencode "regional=1" \ --data-urlencode "radius=1" \ --data-urlencode "tos_agree=1" \ --data-urlencode "process=Weiter" \ --data-urlencode "csrf=$csrf" > /dev/null } function check_error { cat > $folder/page_output if grep -q "error-msgs" $folder/page_output; then cat $folder/page_output exit 1 fi } if ! type curl > /dev/null; then echo "requires curl" >&2 exit 1 fi if ! [[ "$(sudo lxc-attach -n postgres-primary -- su -c "psql -At gigi" postgres <<< "\dt")" == "No relations found." ]]; then echo "gigi already has a database" >&2 exit 1 fi # Manually managing gigi + nginx for now sudo lxc-attach -n front-nginx systemctl stop puppet.service sudo lxc-attach -n gigi systemctl stop puppet.service #Stopping nginx so no-one external can interfere with our init procedure sudo lxc-attach -n front-nginx systemctl stop nginx.service sudo lxc-attach -n gigi systemctl stop gigi-proxy.{socket,service} sudo lxc-attach -n gigi systemctl stop cassiopeia-client.service sudo lxc-attach -n gigi gigi reset-database sudo lxc-attach -n gigi systemctl start cassiopeia-client.service sudo lxc-attach -n gigi systemctl start gigi-proxy.socket rm -f $folder/cookie-jar echo "So... preliminary things done. Let's start with the setup" echo "We need a first administrative user, this user will be one of the bootstrappers for the WoT and seed for support." register adminEmail=$email adminPw=$pw1 echo "Ok, let's define the second bootstrapper" register nopass secondaryEmail=$email echo "You should now have been sent an activation link to the email you entered previously" read -rp "The activation link: " link params=${link##*\?} csrf=$(mcurl "verify?$params" -c $folder/cookie-jar | csrf) open-jar $folder/cookie-jar echo "doing verification with $params" if ! mcurl verify -d "$params&csrf=$csrf" | grep -qF "