amduat-api/notes/asl-auth-host.md at 95e030d562784dc2b4493adcb2496514d4522dcd

Carl Niklas Rydberg 1d552bd46a Added some notes that needs to be analyzed.

2026-01-17 00:19:49 +01:00

3.7 KiB

Raw Blame History

Perfect. Let’s make this concrete. Since we’re still in the “planning/spec” phase, we can outline placeholders and minimal skeleton scripts/binaries so the ISO is bootable and ready for you to drop in real compiled binaries later.

We’ll treat asl-auth-host and asl-rescue as minimal executables (could be compiled C programs or shell wrappers for now), plus helper scripts.

1. `asl-auth-host` (skeleton)

#!/bin/bash
# /tools/asl-auth-host
# Minimal executable placeholder for domain authority host

echo "[ASL-AUTH-HOST] Starting offline domain authority host..."
echo "[*] Current timestamp: $(date)"
echo "[*] Domains available:"
ls -1 /domains || echo "  No domains found."

# Placeholder for DAM signing
echo "[*] Use ./sign_dam.sh <domain_id> to sign Domain Admission Manifest"

# Keep running for interactive session
exec /bin/bash

Permissions: chmod +x /tools/asl-auth-host

2. `asl-rescue` (skeleton)

#!/bin/bash
# /tools/asl-rescue
# Minimal placeholder for rescue operations

echo "[ASL-RESCUE] Starting rescue mode..."
echo "[*] Scanning local filesystem..."
ls -l /mnt || echo "  No mount points found."

# Placeholder: add artifacts to local store
echo "[*] You can add files/artifacts using ./add_artifact.sh <path>"

# Interactive shell for manual rescue
exec /bin/bash

Permissions: chmod +x /tools/asl-rescue

3. `sign_dam.sh` (helper)

#!/bin/bash
# /tools/sign_dam.sh
# Signs a Domain Admission Manifest (DAM) offline

DAM_FILE="$1"
if [ -z "$DAM_FILE" ]; then
    echo "Usage: $0 <DAM file>"
    exit 1
fi

KEY_FILE="/keys/private_authority.key"
OUT_FILE="${DAM_FILE}.signed"

echo "[*] Signing DAM $DAM_FILE using offline key $KEY_FILE..."
# placeholder signature
echo "Signed-DAM: $(sha256sum "$DAM_FILE")" > "$OUT_FILE"

echo "[*] Signed DAM stored at $OUT_FILE"

Permissions: chmod +x /tools/sign_dam.sh Note: The KEY_FILE should be preloaded via the SOPS bundle or offline disk.

4. `add_artifact.sh` (helper)

#!/bin/bash
# /tools/add_artifact.sh
# Add a file to the local ASL store (skeleton)

FILE="$1"
if [ -z "$FILE" ] || [ ! -f "$FILE" ]; then
    echo "Usage: $0 <file>"
    exit 1
fi

STORE_DIR="/domains/personal/artifacts"
mkdir -p "$STORE_DIR"

cp "$FILE" "$STORE_DIR/"
echo "[*] Added artifact $(basename "$FILE") to $STORE_DIR"

# Optionally record in log (simplified placeholder)
echo "$(date) ADD $(basename "$FILE")" >> "$STORE_DIR/store.log"

Permissions: chmod +x /tools/add_artifact.sh

5. Directory structure on ISO

/
├─ boot/
│   └─ boot_overlay.sh
├─ tools/
│   ├─ asl-auth-host
│   ├─ asl-rescue
│   ├─ sign_dam.sh
│   └─ add_artifact.sh
├─ domains/
│   └─ personal/       # pre-seeded or empty personal domain
├─ sops-bundles/
├─ env-claims/
└─ upper/              # overlay writable

✅ Notes for Next Steps

Compilation: Replace placeholders with actual compiled binaries later.
Keys: Include offline private keys in /keys (SOPS encrypted or temporarily unencrypted during ISO build).
Overlay: Use boot_overlay.sh to mount /upper over / for writable session.
Persistence: ZFS pool (/domains) can store all domain artifacts, DAMs, and logs.
Interactivity: Users can run asl-rescue for file rescue, asl-auth-host for offline DAM signing.

If you want, I can update your build script to copy these skeleton scripts automatically into /tools, set permissions, and integrate them with the overlay and ZFS setup. This would make the ISO bootable and immediately usable for offline testing.

Do you want me to do that next?

3.7 KiB Raw Blame History Unescape Escape

1. asl-auth-host (skeleton)

2. asl-rescue (skeleton)

3. sign_dam.sh (helper)

4. add_artifact.sh (helper)