我遇到一个让我疯狂的奇怪问题! 手头的任务是在第一次登录“root”用户期间启动一组文件,在第二次登录同一用户期间启动另一组文件。我决定使用“.profile”和“.bashrc”文件,并在第一次登录时发生的任务结束时重新加载“.bashrc”文件。
在首次登录期间,我创建了一个私钥和证书签名请求,并调用API来获取证书。我将此证书和私钥存储在文件位置,然后修改“.bashrc”以调用第二组文件,这些文件利用此证书和密钥对要运行的应用程序进行身份验证。
问题是证书和密钥被覆盖并在首次启动后随机变为空。我已附上以下代码供您审核。
第一套文件
“。个人资料”脚本
# .bash_profile
umask 022
if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi
“。bashrc”script
/myFolder/backgroundTask1.sh &
/myFolder/certificateGenerator.sh
backgroundTask1.sh脚本
pipe=/myFolder/testpipe
if [[ ! -p $pipe ]]; then
mkfifo $pipe
fi
while true
do
## Do some status LED blinking task here
done &
while true
do
if read line < $pipe; then
if [[ "$line" == 'success' ]]; then
## Kill the background LED blinking task created in the above while loop
kill $!
rm $pipe
exit
elif [[ "$line" == 'failed' ]]; then
kill $!
rm $pipe
exit
fi
fi
done
certificateGenerator.sh脚本
请注意我修改BASHRC SCRIPT的最后几条线
还请注意文件/anotherFolder/myKey.key和/ anotherFolder/myCert.crt
#!/bin/bash
## Named pipe location for communicating to backgroundTask1
pipe=/myFolder/testpipe
openssl req -new -newkey rsa:2048 -nodes -out certificateSigningRequest.csr -keyout /anotherFolder/myKey.key -subj "/C=myCountry/ST=myState/L=myCity/O=myCompany/OU=myOU/CN=myDevice"
cert_req=$(<$certificateSigningRequest.csr)
## Get AD token from Azure for talking to my custom API hosted on Azure
response=$(curl -o - -s -w "%{http_code}\n" -X POST \
https://login.microsoftonline.com/myCompany.onmicrosoft.com/oauth2/token \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&resource=https%3A%2F%2Fmanagement.core.windows.net%2F&client_id=myClientID&client_secret=mySecret')
if [ $?==0 ]; then
status=$(echo $response | tail -c 4)
body=${response::-3}
token=$(echo $body | jq -r '.access_token')
fi
## Send CSR to my custom API to get certificate
response=$(jq -n --arg csr "$cert_req" \
'{
cert: {
csr: $csr
}
}' |
curl -o - -s -w "%{http_code}\n" -X POST \
https://myCustomAPI.azurewebsites.net/api/v1/customEndpoint \
-H "authorization: Bearer $token" \
-H "content-type: application/json" \
-d @-
)
## Parse the response to find out if the request succeeded
if [ $?==0 ]; then
destCertDir=/anotherFolder/myCert.crt
status=$(echo $response | tail -c 4)
body=${response::-3}
cert=$(echo $body | jq -r '.certificate')
if [ "$status" == "$http_success" ]; then
echo "$cert" > "$destCertDir"
## Change .bashrc for next boot
echo '/myFolder/backgroundTask2.sh &' > ~/.bashrc
echo '/myFolder/applicationAuthenticator.sh' >> ~/.bashrc
echo "success" > $pipe
exit
fi
fi
第二套文件
“。个人资料”脚本
# .bash_profile
umask 022
if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi
“。bashrc”script
/myFolder/backgroundTask2.sh &
/myFolder/applicationAuthenticator.sh
backgroundTask2.sh脚本
pipe=/myFolder/testpipe2
if [[ ! -p $pipe ]]; then
mkfifo $pipe
fi
while true
do
## Do some status LED blinking task here
done &
while true
do
if read line < $pipe; then
if [[ "$line" == 'success' ]]; then
## Kill the background LED blinking task created in the above while loop
kill $!
rm $pipe
exit
elif [[ "$line" == 'failed' ]]; then
kill $!
rm $pipe
exit
fi
fi
done
applicationAuthenticator.sh脚本
请注意我如何修改BASHRC从下一次重新开始正常启动到本文的结尾
#!/bin/bash
## Named pipe location for communicating to backgroundTask2
pipe=/myFolder/testpipe2
response=$(curl https://myProduct/myCustomAPI.com \
--cert /anotherFoler/myCert.crt --key /anotherFolder/myKey.key \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-d 'data=xxx')
if [[ $response == 204 ]; then
echo '' > ~/.bashrc
echo "success" > $pipe
exit
else
echo "failed" > $pipe
exit
fi
问题 即使第一组文件创建了密钥和证书,它们也会在第一次重启后被覆盖为NULL。
为了确保它们在重启之前存在,我转到“/ anotherFolder”位置并检查文件。他们在重启之前拥有完整的密钥和证书。当我重新启动并看到脚本失败时,相同的密钥和证书文件(在重新启动之前有实际数据)现在具有NULL值。