On Wed, Sep 12, 2007 at 11:10:56AM +0200, Michael Tautschnig wrote: > [...] > > The only question is where should I add the code that views the cgi script? > > Should I add in the rcS file? And where? I guess some things have to be > > configure first before I start the download. > > > I think a hook for the task confdir should do; just note that you can't put > that > into the config space :-), but it must go in the NFSROOT instead.
well, the nfsroot is usually exported to a bunch of machines, with no_root_squash enabled... i.e. unless you have a separate "install-net" any attacker kidnapping an IP address of a legitimate machine has full access to the nfsroot ;) I took a different approach, based on the assumption that the ssh private key should never leave a client: - in a hook partition.DEFAULT, the pre-existing installation is searched for ssh host keys and this is copied to the tmpfs if the hostname matches (this catches the case of a host-rename or swapped hard disk) - in scripts/DEFAULT/40restore_hostkeys.sh, the keys from tmpfs are copied to the freshly installed target. - in DEFAULT/45log_public_hostkeys.sh, the pubkeys are copied to the logdir, so they are uploaded to the logserver in task_savelog -- c u henning
