我遇到了一个奇怪的问题,这让我发疯! 当前的任务是在“root”用户第一次登录时启动一组文件,并在同一用户第二次登录时启动另一组文件。我决定使用“.profile”和“.bashrc”文件,并在第一次登录期间发生的任务结束时重新加载“.bashrc”文件。
在首次登录期间,我创建私钥和证书签名请求,并调用 API 来获取证书。我将此证书和私钥存储在文件位置,然后修改“.bashrc”以调用第二组文件,该文件使用此证书和密钥来验证要运行的应用程序。
问题是证书和密钥在第一次启动后会被覆盖并随机变为空。我已附上以下代码供您审核。
第一组文件
“.profile”脚本
# .bash_profile
umask 022
if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi
“.bashrc”脚本
/myFolder/backgroundTask1.sh &
/myFolder/certificateGenerator.sh
backgroundTask1.sh脚本
pipe=/myFolder/testpipe
if [[ ! -p $pipe ]]; then
mkfifo $pipe
fi
while true
do
## Do some status LED blinking task here
done &
while true
do
if read line < $pipe; then
if [[ "$line" == 'success' ]]; then
## Kill the background LED blinking task created in the above while loop
kill $!
rm $pipe
exit
elif [[ "$line" == 'failed' ]]; then
kill $!
rm $pipe
exit
fi
fi
done
certificateGenerator.sh 脚本
请注意我修改 BASHRC 脚本的最后几行
另请注意文件 /anotherFolder/myKey.key 和 /anotherFolder/myCert.crt
#!/bin/bash
## Named pipe location for communicating to backgroundTask1
pipe=/myFolder/testpipe
openssl req -new -newkey rsa:2048 -nodes -out certificateSigningRequest.csr -keyout /anotherFolder/myKey.key -subj "/C=myCountry/ST=myState/L=myCity/O=myCompany/OU=myOU/CN=myDevice"
cert_req=$(<$certificateSigningRequest.csr)
## Get AD token from Azure for talking to my custom API hosted on Azure
response=$(curl -o - -s -w "%{http_code}\n" -X POST \
https://login.microsoftonline.com/myCompany.onmicrosoft.com/oauth2/token \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&resource=https%3A%2F%2Fmanagement.core.windows.net%2F&client_id=myClientID&client_secret=mySecret')
if [ $?==0 ]; then
status=$(echo $response | tail -c 4)
body=${response::-3}
token=$(echo $body | jq -r '.access_token')
fi
## Send CSR to my custom API to get certificate
response=$(jq -n --arg csr "$cert_req" \
'{
cert: {
csr: $csr
}
}' |
curl -o - -s -w "%{http_code}\n" -X POST \
https://myCustomAPI.azurewebsites.net/api/v1/customEndpoint \
-H "authorization: Bearer $token" \
-H "content-type: application/json" \
-d @-
)
## Parse the response to find out if the request succeeded
if [ $?==0 ]; then
destCertDir=/anotherFolder/myCert.crt
status=$(echo $response | tail -c 4)
body=${response::-3}
cert=$(echo $body | jq -r '.certificate')
if [ "$status" == "$http_success" ]; then
echo "$cert" > "$destCertDir"
## Change .bashrc for next boot
echo '/myFolder/backgroundTask2.sh &' > ~/.bashrc
echo '/myFolder/applicationAuthenticator.sh' >> ~/.bashrc
echo "success" > $pipe
exit
fi
fi
第二组文件
“.profile”脚本
# .bash_profile
umask 022
if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi
“.bashrc”脚本
/myFolder/backgroundTask2.sh &
/myFolder/applicationAuthenticator.sh
backgroundTask2.sh脚本
pipe=/myFolder/testpipe2
if [[ ! -p $pipe ]]; then
mkfifo $pipe
fi
while true
do
## Do some status LED blinking task here
done &
while true
do
if read line < $pipe; then
if [[ "$line" == 'success' ]]; then
## Kill the background LED blinking task created in the above while loop
kill $!
rm $pipe
exit
elif [[ "$line" == 'failed' ]]; then
kill $!
rm $pipe
exit
fi
fi
done
applicationAuthenticator.sh脚本
请注意我如何将 BASHRC 修改为从下次重新启动到本脚本结尾时正常启动
#!/bin/bash
## Named pipe location for communicating to backgroundTask2
pipe=/myFolder/testpipe2
response=$(curl https://myProduct/myCustomAPI.com \
--cert /anotherFoler/myCert.crt --key /anotherFolder/myKey.key \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-d 'data=xxx')
if [[ $response == 204 ]; then
echo '' > ~/.bashrc
echo "success" > $pipe
exit
else
echo "failed" > $pipe
exit
fi
问题 即使第一组文件创建了密钥和证书,它们在第一次重新启动后也会被覆盖为 NULL。
为了确保它们在重新启动之前存在,我转到位置“/anotherFolder”并物理检查文件。他们在重新启动之前拥有完整的密钥和证书。当我重新启动并看到脚本失败时,相同的密钥和证书文件(在重新启动之前具有实际数据)现在具有 NULL 值。
问题解决了吗?我目前也遇到类似的问题。谢谢!