Add firstboot onboarding and prep/check tooling

2026-01-02 22:28:57 -05:00
parent ccc97f7912
commit 40b1b43449
20 changed files with 1487 additions and 220 deletions
--- a/pikit-web/onboarding/index.html
+++ b/pikit-web/onboarding/index.html
@@ -48,7 +48,7 @@
            Download Pi-Kit CA
          </a>
        </div>
-        <p class="checksum">SHA256: <code class="inline">6bc217c340e502ef20117bd4dc35e05f9f16c562cc3a236d3831a9947caddb97</code></p>
+        <p class="checksum">SHA256: <code id="caHash" class="inline">Loading...</code></p>
        <details>
          <summary id="win">Windows</summary>
          <p>Run <strong>mmc</strong> → Add/Remove Snap-in → Certificates (Computer) → Trusted Root CAs → Import <em>pikit-ca.crt</em>.</p>
@@ -85,10 +85,39 @@

    <script>
      (function () {
-        const target = `https://${location.hostname}`;
+        const host = location.hostname || "pikit.local";
+        const target = `https://${host}`;
        const hasCookie = document.cookie.includes("pikit_https_ok=1");
        const statusChip = document.getElementById("statusChip");
        const copyStatus = document.getElementById("copyStatus");
+        const downloadCa = document.getElementById("downloadCa");
+        const caHash = document.getElementById("caHash");
+        const caUrl = `http://${host}/assets/pikit-ca.crt`;
+
+        if (downloadCa) downloadCa.href = caUrl;
+
+        const cmdTemplates = {
+          archCmd: `curl -s ${caUrl} -o /tmp/pikit-ca.crt && sudo install -m644 /tmp/pikit-ca.crt /etc/ca-certificates/trust-source/anchors/ && sudo trust extract-compat`,
+          debCmd: `curl -s ${caUrl} -o /tmp/pikit-ca.crt && sudo cp /tmp/pikit-ca.crt /usr/local/share/ca-certificates/pikit-ca.crt && sudo update-ca-certificates`,
+          fedoraCmd: `curl -s ${caUrl} -o /tmp/pikit-ca.crt && sudo cp /tmp/pikit-ca.crt /etc/pki/ca-trust/source/anchors/pikit-ca.crt && sudo update-ca-trust`,
+          bsdCmd: `fetch -o /tmp/pikit-ca.crt ${caUrl} && sudo install -m644 /tmp/pikit-ca.crt /usr/local/share/certs/pikit-ca.crt && sudo certctl rehash`,
+        };
+
+        Object.entries(cmdTemplates).forEach(([id, cmd]) => {
+          const el = document.getElementById(id);
+          if (el) el.textContent = cmd;
+        });
+
+        async function loadCaHash() {
+          if (!caHash) return;
+          try {
+            const res = await fetch("/api/firstboot");
+            const data = await res.json();
+            caHash.textContent = data?.ca_hash || "Unavailable";
+          } catch (err) {
+            caHash.textContent = "Unavailable";
+          }
+        }

        document.getElementById("continueBtn").addEventListener("click", () => {
          window.location = target;
@@ -147,6 +176,8 @@
        } else {
          statusChip.textContent = "You’re on HTTP — trust the CA or click Go to secure dashboard.";
        }
+
+        loadCaHash();
      })();
    </script>
  </body>