/mandos/release : contents of initramfs-tools-script at revision 237.7.471

: (revision 237.7.471)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	1	#!/bin/sh -e
	2	#
	3	# This script will run in the initrd environment at boot and edit
	4	# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
	5	# when no other keyscript is set, before cryptsetup.
	6	#
	7
	8	# This script should be installed as
237.2.65 by Teddy Hogeborn * Makefile (install-client-nokey): Move "initramfs-tools-script" from	9	# "/usr/share/initramfs-tools/scripts/init-premount/mandos" which will
	10	# eventually be "/scripts/init-premount/mandos" in the initrd.img
	11	# file.
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	12
237.2.65 by Teddy Hogeborn * Makefile (install-client-nokey): Move "initramfs-tools-script" from	13	PREREQ="udev"
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	14	prereqs()
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	15	{
237.2.55 by Teddy Hogeborn * Makefile (run-server): Use "--no-dbus" unconditionally.	16	echo "$PREREQ"
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	17	}
	18
	19	case $1 in
	20	prereqs)
237.2.55 by Teddy Hogeborn * Makefile (run-server): Use "--no-dbus" unconditionally.	21	prereqs
	22	exit 0
	23	;;
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	24	esac
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	25
237.2.67 by Teddy Hogeborn Four new interrelated features:	26	. /scripts/functions
237.2.67 by Teddy Hogeborn Four new interrelated features:	27
237.2.32 by Teddy Hogeborn * debian/watch: New file.	28	for param in `cat /proc/cmdline`; do
237.2.32 by Teddy Hogeborn * debian/watch: New file.	29	case "$param" in
237.2.67 by Teddy Hogeborn Four new interrelated features:	30	ip=*) IPOPTS="${param#ip=}" ;;
	31	mandos=*)
	32	# Split option line on commas
	33	old_ifs="$IFS"
	34	IFS="$IFS,"
	35	for mpar in ${param#mandos=}; do
	36	IFS="$old_ifs"
	37	case "$mpar" in
	38	off) exit 0 ;;
	39	connect) connect="" ;;
	40	connect:*) connect="${mpar#connect:}" ;;
	41	*) log_warning_msg "$0: Bad option ${mpar}" ;;
	42	esac
	43	done
	44	unset mpar
	45	IFS="$old_ifs"
	46	unset old_ifs
	47	;;
237.2.32 by Teddy Hogeborn * debian/watch: New file.	48	esac
237.2.32 by Teddy Hogeborn * debian/watch: New file.	49	done
237.2.67 by Teddy Hogeborn Four new interrelated features:	50	unset param
237.2.32 by Teddy Hogeborn * debian/watch: New file.	51
178 by Teddy Hogeborn * initramfs-tools-script: Fix permissions of "/tmp" in initrd.	52	chmod a=rwxt /tmp
	53
237.2.55 by Teddy Hogeborn * Makefile (run-server): Use "--no-dbus" unconditionally.	54	test -r /conf/conf.d/cryptroot
	55	test -w /conf/conf.d
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	56
237.2.67 by Teddy Hogeborn Four new interrelated features:	57	# Get DEVICE from /conf/initramfs.conf and other files
	58	. /conf/initramfs.conf
	59	for conf in /conf/conf.d/*; do
237.7.443 by Teddy Hogeborn Quote file names in initramfs hook scripts	60	[ -f "${conf}" ] && . "${conf}"
237.2.67 by Teddy Hogeborn Four new interrelated features:	61	done
	62	if [ -e /conf/param.conf ]; then
	63	. /conf/param.conf
	64	fi
	65
	66	# Override DEVICE from sixth field of ip= kernel option, if passed
	67	case "$IPOPTS" in
	68	:::::) # At least six fields
	69	# Remove the first five fields
	70	device="${IPOPTS#::::*:}"
	71	# Remove all fields except the first one
	72	DEVICE="${device%%:*}"
	73	;;
	74	esac
	75
	76	# Add device setting (if any) to plugin-runner.conf
	77	if [ "${DEVICE+set}" = set ]; then
	78	# Did we get the device from an ip= option?
	79	if [ "${device+set}" = set ]; then
	80	# Let ip= option override local config; append:
	81	cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
	82
	83	--options-for=mandos-client:--interface=${DEVICE}
	84	EOF
	85	else
	86	# Prepend device setting so any later options would override:
	87	sed -i -e \
	88	'1i--options-for=mandos-client:--interface='"${DEVICE}" \
	89	/conf/conf.d/mandos/plugin-runner.conf
	90	fi
	91	fi
	92	unset device
	93
	94	# If we are connecting directly, run "configure_networking" (from
	95	# /scripts/functions); it needs IPOPTS and DEVICE
	96	if [ "${connect+set}" = set ]; then
237.7.363 by Teddy Hogeborn Ignore any error from initramfs-tools' "configure_networking".	97	set +e # Required by library functions
237.2.67 by Teddy Hogeborn Four new interrelated features:	98	configure_networking
237.7.363 by Teddy Hogeborn Ignore any error from initramfs-tools' "configure_networking".	99	set -e
237.2.67 by Teddy Hogeborn Four new interrelated features:	100	if [ -n "$connect" ]; then
	101	cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
	102
	103	--options-for=mandos-client:--connect=${connect}
	104	EOF
	105	fi
	106	fi
	107
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	108	# Do not replace cryptroot file unless we need to.
	109	replace_cryptroot=no
	110
	111	# Our keyscript
	112	mandos=/lib/mandos/plugin-runner
237.7.35 by Teddy Hogeborn * initramfs-tools-script: Abort if plugin-runner is missing. Removed	113	test -x "$mandos"
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	114
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	115	# parse /conf/conf.d/cryptroot. Format:
237.7.454 by Teddy Hogeborn Handle multiple lines better in cryptroot file.	116	# target=sda2_crypt,source=/dev/sda2,rootdev,key=none,keyscript=/foo/bar/baz
	117	# Is the root device specially marked?
	118	changeall=yes
	119	while read -r options; do
	120	case "$options" in
	121	rootdev,\|,rootdev,\|,rootdev)
	122	# If the root device is specially marked, don't change all
	123	# lines in crypttab by default.
	124	changeall=no
	125	;;
	126	esac
	127	done < /conf/conf.d/cryptroot
	128
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	129	exec 3>/conf/conf.d/cryptroot.mandos
237.7.444 by Teddy Hogeborn Use "read -r" in shell scripts to avoid backslash escapes	130	while read -r options; do
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	131	newopts=""
237.7.454 by Teddy Hogeborn Handle multiple lines better in cryptroot file.	132	keyscript=""
	133	changethis="$changeall"
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	134	# Split option line on commas
	135	old_ifs="$IFS"
	136	IFS="$IFS,"
	137	for opt in $options; do
	138	# Find the keyscript option, if any
	139	case "$opt" in
	140	keyscript=*)
	141	keyscript="${opt#keyscript=}"
	142	newopts="$newopts,$opt"
	143	;;
	144	"") : ;;
237.7.454 by Teddy Hogeborn Handle multiple lines better in cryptroot file.	145	# Always use Mandos on the root device, if marked
	146	rootdev)
	147	changethis=yes
	148	newopts="$newopts,$opt"
	149	;;
	150	# Don't use Mandos on resume device, if marked
	151	resumedev)
	152	changethis=no
	153	newopts="$newopts,$opt"
	154	;;
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	155	*)
	156	newopts="$newopts,$opt"
	157	;;
	158	esac
	159	done
	160	IFS="$old_ifs"
	161	unset old_ifs
	162	# If there was no keyscript option, add one.
237.7.454 by Teddy Hogeborn Handle multiple lines better in cryptroot file.	163	if [ "$changethis" = yes ] && [ -z "$keyscript" ]; then
74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	164	replace_cryptroot=yes
	165	newopts="$newopts,keyscript=$mandos"
	166	fi
	167	newopts="${newopts#,}"
	168	echo "$newopts" >&3
	169	done < /conf/conf.d/cryptroot
	170	exec 3>&-
	171
	172	# If we need to, replace the old cryptroot file with the new file.
	173	if [ "$replace_cryptroot" = yes ]; then
	174	mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
	175	mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
	176	else
	177	rm /conf/conf.d/cryptroot.mandos
	178	fi