Amazon EC2 setup

[maya%netbsd.org@localhost]

This feels all kinds of insecure, is that the official way to do it?

> Index: src/distrib/utils/embedded/files/ec2_init
> diff -u /dev/null src/distrib/utils/embedded/files/ec2_init:1.1
> --- /dev/null	Fri Nov 30 20:53:02 2018
> +++ src/distrib/utils/embedded/files/ec2_init	Fri Nov 30 20:53:02 2018
> @@ -0,0 +1,52 @@
> +#!/bin/sh
> +#
> +# $NetBSD: ec2_init,v 1.1 2018/11/30 20:53:02 jmcneill Exp $
> +#
> +# PROVIDE: ec2_init
> +# REQUIRE: NETWORKING
> +# BEFORE:  LOGIN
> +
> +$_rc_subr_loaded . /etc/rc.subr
> +
> +name="ec2_init"
> +rcvar=${name}
> +start_cmd="ec2_init"
> +stop_cmd=":"
> +
> +METADATA_URL="http://169.254.169.254/latest/meta-data/";
> +SSH_KEY_URL="public-keys/0/openssh-key"
> +HOSTNAME_URL="hostname"
> +
> +SSH_KEY_FILE="/root/.ssh/authorized_keys"
> +
> +ec2_init()
> +{
> +	(
> +	umask 022
> +	# fetch the key pair from Amazon Web Services
> +	EC2_SSH_KEY=$(ftp -o - "${METADATA_URL}${SSH_KEY_URL}")
> +
> +	if [ -n "$EC2_SSH_KEY" ]; then
> +		# A key pair is associated with this instance, add it
> +		# to root 'authorized_keys' file
> +		mkdir -p $(dirname "$SSH_KEY_FILE")
> +		touch "$SSH_KEY_FILE"
> +		cd $(dirname "$SSH_KEY_FILE")
> +
> +		grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE"
> +		if [ $? -ne 0 ]; then
> +			echo "Setting EC2 SSH key pair: ${EC2_SSH_KEY##* }"
> +			echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE"
> +		fi
> +	fi
> +
> +	# set hostname
> +	HOSTNAME=$(ftp -o - "${METADATA_URL}${HOSTNAME_URL}")
> +	echo "Setting EC2 hostname: ${HOSTNAME}"
> +	echo "$HOSTNAME" > /etc/myname
> +	hostname "$HOSTNAME"
> +	)
> +}
> +
> +load_rc_config $name
> +run_rc_command "$1"
>