88 lines
2.7 KiB
Bash
Executable File
88 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
||
set -e
|
||
|
||
# Bootstrap installer - Universal kickstart script
|
||
# Decrypts and executes target-specific setup scripts
|
||
|
||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||
|
||
# Default target is nbmain (nbase2)
|
||
TARGET="${1:-nbmain}"
|
||
|
||
ENC_FILE="${SCRIPT_DIR}/${TARGET}.sh.enc"
|
||
NBCRYPT="${SCRIPT_DIR}/nbcrypt"
|
||
|
||
echo "🚀 Bootstrap: Starting ${TARGET}..."
|
||
|
||
# Check if encrypted script exists
|
||
if [ ! -f "$ENC_FILE" ]; then
|
||
echo "❌ Error: Target '${TARGET}' not found."
|
||
echo " Expected file: ${ENC_FILE}"
|
||
exit 1
|
||
fi
|
||
|
||
# Check if nbcrypt exists
|
||
if [ ! -f "$NBCRYPT" ]; then
|
||
echo "❌ Error: nbcrypt not found at ${NBCRYPT}"
|
||
exit 1
|
||
fi
|
||
|
||
# Load SSH Agent environment BEFORE running nbcrypt
|
||
# This ensures nbcrypt can find the Ed25519 key without prompting for BWS token
|
||
AGENT_ENV_FILE="/tmp/.nb_agent_env_${USER:-$(id -un)}"
|
||
if [ -f "$AGENT_ENV_FILE" ]; then
|
||
# Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
|
||
# But also verify it actually works with ssh-add -l
|
||
if [ -n "${SSH_AUTH_SOCK:-}" ] && [ -S "${SSH_AUTH_SOCK}" ]; then
|
||
# Test if the agent actually works
|
||
if ssh-add -l >/dev/null 2>&1; then
|
||
# Agent Forward exists and works, preserve it and skip file loading
|
||
echo "🔑 Using existing SSH Agent Forward (preserved)"
|
||
else
|
||
# Agent Forward exists but doesn't work (stale socket), load from file
|
||
echo "🔑 Existing SSH Agent Forward is stale, loading from file..."
|
||
source "$AGENT_ENV_FILE"
|
||
fi
|
||
else
|
||
# No valid agent, safe to load from file
|
||
echo "🔑 Loading SSH Agent environment..."
|
||
source "$AGENT_ENV_FILE"
|
||
fi
|
||
fi
|
||
|
||
# Ed25519 が無いときは BWS から鍵を取得して ssh-add(--keep でディスクに残す)
|
||
if ! ssh-add -l 2>/dev/null | grep -q ED25519; then
|
||
"$NBCRYPT" keychain --keep
|
||
[ -f "$AGENT_ENV_FILE" ] && source "$AGENT_ENV_FILE"
|
||
fi
|
||
|
||
# Decrypt and execute
|
||
echo "🔐 Decrypting ${TARGET}.sh..."
|
||
TEMP_SCRIPT="/tmp/${TARGET}-$$.sh"
|
||
|
||
if "$NBCRYPT" decfile "$ENC_FILE" "$TEMP_SCRIPT"; then
|
||
chmod +x "$TEMP_SCRIPT"
|
||
|
||
# Reload SSH Agent environment if it was updated by nbcrypt/BWS setup
|
||
# (in case BWS setup created a new agent)
|
||
if [ -f "$AGENT_ENV_FILE" ]; then
|
||
# Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
|
||
if [ -z "${SSH_AUTH_SOCK:-}" ] || [ ! -S "${SSH_AUTH_SOCK}" ]; then
|
||
# No valid agent, safe to load from file
|
||
source "$AGENT_ENV_FILE"
|
||
fi
|
||
fi
|
||
|
||
echo "✅ Executing ${TARGET} setup..."
|
||
exec bash "$TEMP_SCRIPT"
|
||
else
|
||
echo "❌ Decryption failed."
|
||
echo " Please ensure your Ed25519 key is loaded in SSH Agent."
|
||
rm -f "$TEMP_SCRIPT"
|
||
exit 1
|
||
fi
|
||
|
||
|
||
|
||
|