niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/asl-auth-host.md
Carl Niklas Rydberg 1d552bd46a Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00

141 lines
3.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Perfect. Lets make this concrete. Since were still in the “planning/spec” phase, we can outline **placeholders and minimal skeleton scripts/binaries** so the ISO is bootable and ready for you to drop in real compiled binaries later.
Well treat `asl-auth-host` and `asl-rescue` as minimal executables (could be compiled C programs or shell wrappers for now), plus helper scripts.
---
### 1. `asl-auth-host` (skeleton)
```bash
#!/bin/bash
# /tools/asl-auth-host
# Minimal executable placeholder for domain authority host
echo "[ASL-AUTH-HOST] Starting offline domain authority host..."
echo "[*] Current timestamp: $(date)"
echo "[*] Domains available:"
ls -1 /domains || echo " No domains found."
# Placeholder for DAM signing
echo "[*] Use ./sign_dam.sh <domain_id> to sign Domain Admission Manifest"
# Keep running for interactive session
exec /bin/bash
```
> **Permissions:** `chmod +x /tools/asl-auth-host`
---
### 2. `asl-rescue` (skeleton)
```bash
#!/bin/bash
# /tools/asl-rescue
# Minimal placeholder for rescue operations
echo "[ASL-RESCUE] Starting rescue mode..."
echo "[*] Scanning local filesystem..."
ls -l /mnt || echo " No mount points found."
# Placeholder: add artifacts to local store
echo "[*] You can add files/artifacts using ./add_artifact.sh <path>"
# Interactive shell for manual rescue
exec /bin/bash
```
> **Permissions:** `chmod +x /tools/asl-rescue`
---
### 3. `sign_dam.sh` (helper)
```bash
#!/bin/bash
# /tools/sign_dam.sh
# Signs a Domain Admission Manifest (DAM) offline
DAM_FILE="$1"
if [ -z "$DAM_FILE" ]; then
echo "Usage: $0 <DAM file>"
exit 1
fi
KEY_FILE="/keys/private_authority.key"
OUT_FILE="${DAM_FILE}.signed"
echo "[*] Signing DAM $DAM_FILE using offline key $KEY_FILE..."
# placeholder signature
echo "Signed-DAM: $(sha256sum "$DAM_FILE")" > "$OUT_FILE"
echo "[*] Signed DAM stored at $OUT_FILE"
```
> **Permissions:** `chmod +x /tools/sign_dam.sh`
> **Note:** The `KEY_FILE` should be preloaded via the SOPS bundle or offline disk.
---
### 4. `add_artifact.sh` (helper)
```bash
#!/bin/bash
# /tools/add_artifact.sh
# Add a file to the local ASL store (skeleton)
FILE="$1"
if [ -z "$FILE" ] || [ ! -f "$FILE" ]; then
echo "Usage: $0 <file>"
exit 1
fi
STORE_DIR="/domains/personal/artifacts"
mkdir -p "$STORE_DIR"
cp "$FILE" "$STORE_DIR/"
echo "[*] Added artifact $(basename "$FILE") to $STORE_DIR"
# Optionally record in log (simplified placeholder)
echo "$(date) ADD $(basename "$FILE")" >> "$STORE_DIR/store.log"
```
> **Permissions:** `chmod +x /tools/add_artifact.sh`
---
### 5. Directory structure on ISO
```
/
├─ boot/
│ └─ boot_overlay.sh
├─ tools/
│ ├─ asl-auth-host
│ ├─ asl-rescue
│ ├─ sign_dam.sh
│ └─ add_artifact.sh
├─ domains/
│ └─ personal/ # pre-seeded or empty personal domain
├─ sops-bundles/
├─ env-claims/
└─ upper/ # overlay writable
```
---
### ✅ Notes for Next Steps
1. **Compilation**: Replace placeholders with actual compiled binaries later.
2. **Keys**: Include offline private keys in `/keys` (SOPS encrypted or temporarily unencrypted during ISO build).
3. **Overlay**: Use `boot_overlay.sh` to mount `/upper` over `/` for writable session.
4. **Persistence**: ZFS pool (`/domains`) can store all domain artifacts, DAMs, and logs.
5. **Interactivity**: Users can run `asl-rescue` for file rescue, `asl-auth-host` for offline DAM signing.
---
If you want, I can **update your build script** to **copy these skeleton scripts automatically** into `/tools`, set permissions, and integrate them with the overlay and ZFS setup. This would make the ISO **bootable and immediately usable** for offline testing.
Do you want me to do that next?
Reference in a new issue View git blame Copy permalink