Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / dd8c80e4806660f5a792c731249873406d097165^! / . / cmd
commitdd8c80e4806660f5a792c731249873406d097165[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Mon Oct 07 16:19:49 2019 +0200
committerLorenz Brun <lorenz@nexantic.com>Mon Oct 07 16:19:49 2019 +0200
treea2e9ef14ac051c6a7014f033670a083a7a396ed5
parentf95909d11f20c01129120274076a44a689eabe3d [diff]
Delete old secretstore, cmd/node and config modules

This removes even more code that is no longer necessary or interferes with new concepts. It also refactors the storage stuff into a StorageManager which deals with all the paths and async initialization.

This does intentionally break a few things which will be fixed when the CA code lands.

Test Plan: Manually tested using make launch, CI is in a separate ticket

X-Origin-Diff: phab/D182
GitOrigin-RevId: 282a4bd84b47010d859e03da53b2c2de8183b13b

diff --git a/cmd/init/main.go b/cmd/init/main.go
index ace12f7..e92b7b3 100644
--- a/cmd/init/main.go
+++ b/cmd/init/main.go

@@ -17,14 +17,12 @@
 package main
 
 import (
-	"io/ioutil"
+	"fmt"
 	"os"
-	"os/exec"
 	"os/signal"
 	"runtime/debug"
 	"smalltown/internal/network"
-	node2 "smalltown/internal/node"
-	"smalltown/internal/storage"
+	"smalltown/internal/node"
 	"smalltown/pkg/tpm"
 
 	"go.uber.org/zap"
@@ -38,6 +36,7 @@
 			debug.PrintStack()
 		}
 		unix.Sync()
+		// TODO: Switch this to Reboot when init panics are less likely
 		unix.Reboot(unix.LINUX_REBOOT_CMD_POWER_OFF)
 	}()
 	logger, err := zap.NewDevelopment()
@@ -64,85 +63,22 @@
 	signalChannel := make(chan os.Signal, 2)
 	signal.Notify(signalChannel)
 
-	if err := storage.FindPartitions(); err != nil {
-		logger.Panic("Failed to search for partitions", zap.Error(err))
-	}
-
-	if err := os.Mkdir("/esp", 0755); err != nil {
-		panic(err)
-	}
-
-	if err := unix.Mount(storage.ESPDevicePath, "/esp", "vfat", unix.MS_NOEXEC|unix.MS_NODEV|unix.MS_SYNC, ""); err != nil {
-		logger.Panic("Failed to mount ESP partition", zap.Error(err))
-	}
-
 	if err := tpm.Initialize(logger.With(zap.String("component", "tpm"))); err != nil {
 		logger.Panic("Failed to initialize TPM 2.0", zap.Error(err))
 	}
 
-	// TODO(lorenz): This really doesn't belong here and needs to be asynchronous as well
-	var keyLocation = "/esp/EFI/smalltown/data-key.bin"
-	sealedKeyFile, err := os.Open(keyLocation)
-	if os.IsNotExist(err) {
-		logger.Info("Initializing encrypted storage, this might take a while...")
-		key, err := tpm.GenerateSafeKey(256 / 8)
-		if err != nil {
-			panic(err)
-		}
-		sealedKey, err := tpm.Seal(key, tpm.SecureBootPCRs)
-		if err != nil {
-			panic(err)
-		}
-		if err := storage.InitializeEncryptedBlockDevice("data", storage.SmalltownDataCryptPath, key); err != nil {
-			panic(err)
-		}
-		mkfsCmd := exec.Command("/bin/mkfs.xfs", "-qf", "/dev/data")
-		if _, err := mkfsCmd.Output(); err != nil {
-			panic(err)
-		}
-		// Existence of this file indicates that the encrypted storage has been successfully initialized
-		if err := ioutil.WriteFile(keyLocation, sealedKey, 0600); err != nil {
-			panic(err)
-		}
-		logger.Info("Initialized encrypted storage")
-	} else if err != nil {
-		panic(err)
-	} else {
-		sealedKey, err := ioutil.ReadAll(sealedKeyFile)
-		if err != nil {
-			panic(err)
-		}
-		key, err := tpm.Unseal(sealedKey)
-		if err != nil {
-			panic(err)
-		}
-		if err := storage.MapEncryptedBlockDevice("data", storage.SmalltownDataCryptPath, key); err != nil {
-			panic(err)
-		}
-		logger.Info("Opened encrypted storage")
-	}
-	sealedKeyFile.Close()
-
-	if err := os.Mkdir("/data", 0755); err != nil {
-		panic(err)
-	}
-
-	if err := unix.Mount("/dev/data", "/data", "xfs", unix.MS_NOEXEC|unix.MS_NODEV, ""); err != nil {
-		panic(err)
-	}
-
 	networkSvc, err := network.NewNetworkService(network.Config{}, logger.With(zap.String("component", "network")))
 	if err != nil {
 		panic(err)
 	}
 	networkSvc.Start()
 
-	node, err := node2.NewSmalltownNode(logger, "/esp/EFI/smalltown", "/data", 7833, 7834)
+	nodeInstance, err := node.NewSmalltownNode(logger, 7833, 7834)
 	if err != nil {
 		panic(err)
 	}
 
-	err = node.Start()
+	err = nodeInstance.Start()
 	if err != nil {
 		panic(err)
 	}

diff --git a/cmd/mkimage/main.go b/cmd/mkimage/main.go
index 78eccfb..650cfd1 100644
--- a/cmd/mkimage/main.go
+++ b/cmd/mkimage/main.go

@@ -20,14 +20,11 @@
 	"fmt"
 	"io/ioutil"
 	"os"
-	"smalltown/generated/common"
-	"smalltown/internal/config"
 
 	"github.com/diskfs/go-diskfs"
 	"github.com/diskfs/go-diskfs/disk"
 	"github.com/diskfs/go-diskfs/filesystem"
 	"github.com/diskfs/go-diskfs/partition/gpt"
-	"github.com/naoina/toml"
 )
 
 var SmalltownDataPartition gpt.Type = gpt.Type("9eeec464-6885-414a-b278-4305c51f7966")
@@ -36,13 +33,6 @@
 	return (size * 1024 * 1024) / 512
 }
 
-var cfg = config.Config{
-	NodeName:      "smalltown-testing",
-	DataDirectory: "/data",
-	ExternalHost:  "",
-	TrustBackend:  common.TrustBackend_DUMMY,
-}
-
 func main() {
 	if len(os.Args) < 3 {
 		fmt.Println("Usage: mkimage <UEFI payload> <image path>")
@@ -114,16 +104,6 @@
 		fmt.Printf("Failed to write EFI payload: %v", err)
 		os.Exit(1)
 	}
-	configFile, err := fs.OpenFile("/EFI/smalltown/config.toml", os.O_CREATE|os.O_RDWR)
-	if err != nil {
-		fmt.Printf("Failed to open config for writing: %v", err)
-		os.Exit(1)
-	}
-	configData, _ := toml.Marshal(cfg)
-	if _, err := configFile.Write(configData); err != nil {
-		fmt.Printf("Failed to write config: %v", err)
-		os.Exit(1)
-	}
 	if err := diskImg.File.Close(); err != nil {
 		fmt.Printf("Failed to write image: %v", err)
 		os.Exit(1)