From f82ec5221fee3e43a3e38d91c2886d6a66732994 Mon Sep 17 00:00:00 2001
From: "Joshua M. Clulow" <jmc@oxide.computer>
Date: Tue, 26 Apr 2022 16:13:37 -0700
Subject: [PATCH] prevent accidentally destroying shared machines

Some of the scripts in tools/ are increasingly destructive, and can
be deleterious when executed on a shared build machine where the
user has appropriate privileges.  To avoid issues, we will look for
a marker file that should prevent us from doing anything (especially
as root) to mutate the machine.  To marker a build machine as
off-limits:

    # mkdir -p /etc/opt/oxide
    # touch /etc/opt/oxide/NO_INSTALL
---
 tools/create_virtual_hardware.sh  | 6 ++++++
 tools/destroy_virtual_hardware.sh | 6 ++++++
 tools/install_opte.sh             | 6 ++++++
 tools/install_prerequisites.sh    | 6 ++++++
 4 files changed, 24 insertions(+)

diff --git a/tools/create_virtual_hardware.sh b/tools/create_virtual_hardware.sh
index b33c5a991b0..60fb1b519a2 100755
--- a/tools/create_virtual_hardware.sh
+++ b/tools/create_virtual_hardware.sh
@@ -17,6 +17,12 @@ set -x
 SOURCE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 OMICRON_TOP="$SOURCE_DIR/.."
 
+MARKER=/etc/opt/oxide/NO_INSTALL
+if [[ -f "$MARKER" ]]; then
+    echo "This system has the marker file $MARKER, aborting." >&2
+    exit 1
+fi
+
 # Select the physical link over which to simulate the Chelsio links
 if [[ $# -ge 1 ]]; then
     PHYSICAL_LINK="$1"
diff --git a/tools/destroy_virtual_hardware.sh b/tools/destroy_virtual_hardware.sh
index ab8e475a16a..3dd9a154af6 100755
--- a/tools/destroy_virtual_hardware.sh
+++ b/tools/destroy_virtual_hardware.sh
@@ -14,6 +14,12 @@ SOURCE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 cd "${SOURCE_DIR}/.."
 OMICRON_TOP="$PWD"
 
+MARKER=/etc/opt/oxide/NO_INSTALL
+if [[ -f "$MARKER" ]]; then
+    echo "This system has the marker file $MARKER, aborting." >&2
+    exit 1
+fi
+
 if [[ "$(id -u)" -ne 0 ]]; then
     echo "This must be run as root"
     exit 1
diff --git a/tools/install_opte.sh b/tools/install_opte.sh
index 2098a48a927..9852d0303dc 100755
--- a/tools/install_opte.sh
+++ b/tools/install_opte.sh
@@ -6,6 +6,12 @@ set -e
 set -u
 set -x
 
+MARKER=/etc/opt/oxide/NO_INSTALL
+if [[ -f "$MARKER" ]]; then
+    echo "This system has the marker file $MARKER, aborting." >&2
+    exit 1
+fi
+
 if [[ "$(uname)" != "SunOS" ]]; then
     echo "This script is intended for Helios only"
 fi
diff --git a/tools/install_prerequisites.sh b/tools/install_prerequisites.sh
index 939f87103b9..7f3f4aed19d 100755
--- a/tools/install_prerequisites.sh
+++ b/tools/install_prerequisites.sh
@@ -2,6 +2,12 @@
 
 set -eu
 
+MARKER=/etc/opt/oxide/NO_INSTALL
+if [[ -f "$MARKER" ]]; then
+  echo "This system has the marker file $MARKER, aborting." >&2
+  exit 1
+fi
+
 # Set the CWD to Omicron's source.
 SOURCE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 cd "${SOURCE_DIR}/.."