niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/asl-auth-host.md

141 lines
3.7 KiB
Markdown
Raw Normal View History

Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00
Perfect. Lets make this concrete. Since were still in the “planning/spec” phase, we can outline **placeholders and minimal skeleton scripts/binaries** so the ISO is bootable and ready for you to drop in real compiled binaries later.
Well treat `asl-auth-host` and `asl-rescue` as minimal executables (could be compiled C programs or shell wrappers for now), plus helper scripts.
---
### 1. `asl-auth-host` (skeleton)
```bash
#!/bin/bash
# /tools/asl-auth-host
# Minimal executable placeholder for domain authority host
echo "[ASL-AUTH-HOST] Starting offline domain authority host..."
echo "[*] Current timestamp: $(date)"
echo "[*] Domains available:"
ls -1 /domains || echo " No domains found."
# Placeholder for DAM signing
echo "[*] Use ./sign_dam.sh <domain_id> to sign Domain Admission Manifest"
# Keep running for interactive session
exec /bin/bash
```
> **Permissions:** `chmod +x /tools/asl-auth-host`
---
### 2. `asl-rescue` (skeleton)
```bash
#!/bin/bash
# /tools/asl-rescue
# Minimal placeholder for rescue operations
echo "[ASL-RESCUE] Starting rescue mode..."
echo "[*] Scanning local filesystem..."
ls -l /mnt || echo " No mount points found."
# Placeholder: add artifacts to local store
echo "[*] You can add files/artifacts using ./add_artifact.sh <path>"
# Interactive shell for manual rescue
exec /bin/bash
```
> **Permissions:** `chmod +x /tools/asl-rescue`
---
### 3. `sign_dam.sh` (helper)
```bash
#!/bin/bash
# /tools/sign_dam.sh
# Signs a Domain Admission Manifest (DAM) offline
DAM_FILE="$1"
if [ -z "$DAM_FILE" ]; then
echo "Usage: $0 <DAM file>"
exit 1
fi
KEY_FILE="/keys/private_authority.key"
OUT_FILE="${DAM_FILE}.signed"
echo "[*] Signing DAM $DAM_FILE using offline key $KEY_FILE..."
# placeholder signature
echo "Signed-DAM: $(sha256sum "$DAM_FILE")" > "$OUT_FILE"
echo "[*] Signed DAM stored at $OUT_FILE"
```
> **Permissions:** `chmod +x /tools/sign_dam.sh`
> **Note:** The `KEY_FILE` should be preloaded via the SOPS bundle or offline disk.
---
### 4. `add_artifact.sh` (helper)
```bash
#!/bin/bash
# /tools/add_artifact.sh
# Add a file to the local ASL store (skeleton)
FILE="$1"
if [ -z "$FILE" ] || [ ! -f "$FILE" ]; then
echo "Usage: $0 <file>"
exit 1
fi
STORE_DIR="/domains/personal/artifacts"
mkdir -p "$STORE_DIR"
cp "$FILE" "$STORE_DIR/"
echo "[*] Added artifact $(basename "$FILE") to $STORE_DIR"
# Optionally record in log (simplified placeholder)
echo "$(date) ADD $(basename "$FILE")" >> "$STORE_DIR/store.log"
```
> **Permissions:** `chmod +x /tools/add_artifact.sh`
---
### 5. Directory structure on ISO
```
/
├─ boot/
│ └─ boot_overlay.sh
├─ tools/
│ ├─ asl-auth-host
│ ├─ asl-rescue
│ ├─ sign_dam.sh
│ └─ add_artifact.sh
├─ domains/
│ └─ personal/ # pre-seeded or empty personal domain
├─ sops-bundles/
├─ env-claims/
└─ upper/ # overlay writable
```
---
### ✅ Notes for Next Steps
1. **Compilation**: Replace placeholders with actual compiled binaries later.
2. **Keys**: Include offline private keys in `/keys` (SOPS encrypted or temporarily unencrypted during ISO build).
3. **Overlay**: Use `boot_overlay.sh` to mount `/upper` over `/` for writable session.
4. **Persistence**: ZFS pool (`/domains`) can store all domain artifacts, DAMs, and logs.
5. **Interactivity**: Users can run `asl-rescue` for file rescue, `asl-auth-host` for offline DAM signing.
---
If you want, I can **update your build script** to **copy these skeleton scripts automatically** into `/tools`, set permissions, and integrate them with the overlay and ZFS setup. This would make the ISO **bootable and immediately usable** for offline testing.
Do you want me to do that next?
Reference in a new issue Copy permalink