This feels all kinds of insecure, is that the official way to do it?
> Index: src/distrib/utils/embedded/files/ec2_init
> diff -u /dev/null src/distrib/utils/embedded/files/ec2_init:1.1
> --- /dev/null Fri Nov 30 20:53:02 2018
> +++ src/distrib/utils/embedded/files/ec2_init Fri Nov 30 20:53:02 2018
> @@ -0,0 +1,52 @@
> +#!/bin/sh
> +#
> +# $NetBSD: ec2_init,v 1.1 2018/11/30 20:53:02 jmcneill Exp $
> +#
> +# PROVIDE: ec2_init
> +# REQUIRE: NETWORKING
> +# BEFORE: LOGIN
> +
> +$_rc_subr_loaded . /etc/rc.subr
> +
> +name="ec2_init"
> +rcvar=${name}
> +start_cmd="ec2_init"
> +stop_cmd=":"
> +
> +METADATA_URL="http://169.254.169.254/latest/meta-data/";
> +SSH_KEY_URL="public-keys/0/openssh-key"
> +HOSTNAME_URL="hostname"
> +
> +SSH_KEY_FILE="/root/.ssh/authorized_keys"
> +
> +ec2_init()
> +{
> + (
> + umask 022
> + # fetch the key pair from Amazon Web Services
> + EC2_SSH_KEY=$(ftp -o - "${METADATA_URL}${SSH_KEY_URL}")
> +
> + if [ -n "$EC2_SSH_KEY" ]; then
> + # A key pair is associated with this instance, add it
> + # to root 'authorized_keys' file
> + mkdir -p $(dirname "$SSH_KEY_FILE")
> + touch "$SSH_KEY_FILE"
> + cd $(dirname "$SSH_KEY_FILE")
> +
> + grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE"
> + if [ $? -ne 0 ]; then
> + echo "Setting EC2 SSH key pair: ${EC2_SSH_KEY##* }"
> + echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE"
> + fi
> + fi
> +
> + # set hostname
> + HOSTNAME=$(ftp -o - "${METADATA_URL}${HOSTNAME_URL}")
> + echo "Setting EC2 hostname: ${HOSTNAME}"
> + echo "$HOSTNAME" > /etc/myname
> + hostname "$HOSTNAME"
> + )
> +}
> +
> +load_rc_config $name
> +run_rc_command "$1"
>
