/mandos/release : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to initramfs-tools-hook

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

initramfs-tools-hook

. /usr/share/initramfs-tools/hook-functions

for d in /usr /usr/local; do

if [ -d "$d"/lib/mandos ]; then

prefix="$d"

break

done

if [ -z "$prefix" ]; then

if [ -d /usr/lib/mandos ]; then

prefix=/usr

elif [ -d /usr/local/lib/mandos ]; then

prefix=/usr/local

else

# Mandos not found

exit 1

for d in /etc/keys/mandos /etc/mandos/keys; do

if [ -d "$d" ]; then

keydir="$d"

break

done

if [ -z "$keydir" ]; then

# Mandos key directory not found

exit 1

set `{ getent passwd _mandos \

|| getent passwd nobody \

|| echo ::65534:65534:::; } \

| cut --delimiter=: --fields=3,4 --only-delimited \

--output-delimiter=" "`

mandos_user="$1"

mandos_group="$2"

# The Mandos network client uses the network

auto_add_modules net

# The Mandos network client uses IPv6

CONFDIR="/conf/conf.d/mandos"

MANDOSDIR="/lib/mandos"

PLUGINDIR="${MANDOSDIR}/plugins.d"

HOOKDIR="${MANDOSDIR}/network-hooks.d"

# Make directories

install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \

"${DESTDIR}${MANDOSDIR}" "${DESTDIR}${HOOKDIR}"

install --owner=${mandos_user} --group=${mandos_group} --directory \

--mode=u=rwx "${DESTDIR}${PLUGINDIR}"

mkdir --parents "${DESTDIR}${CONFDIR}"

mkdir --parents "${DESTDIR}${PLUGINDIR}"

# Copy the Mandos plugin runner

copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}"

copy_exec "$prefix"/lib/mandos/plugin-runner "${DESTDIR}${MANDOSDIR}"

# Copy the plugins

continue

case "$base" in

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

: ;;

"*") echo "W: Mandos client plugin directory is empty." >&2 ;;

*) copy_exec "$file" "${PLUGINDIR}" ;;

*~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;

*) copy_exec "$file" "${PLUGINDIR}";;

esac

done

100

for file in /etc/mandos/plugins.d/*; do

101

base="`basename \"$file\"`"

102

case "$base" in

103

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

104

: ;;

105

"*") : ;;

106

*) copy_exec "$file" "${PLUGINDIR}" ;;

107

esac

108

done

109

110

# Copy network hooks

111

for hook in /etc/mandos/network-hooks.d/*; do

112

case "`basename \"$hook\"`" in

113

"*") continue ;;

114

*[!A-Za-z0-9_.-]*) continue ;;

115

*) test -d "$hook" || copy_exec "$hook" "${HOOKDIR}" ;;

116

esac

117

if [ -x "$hook" ]; then

118

# Copy any files needed by the network hook

119

MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \

120

VERBOSITY=0 "$hook" files | while read file target; do

121

if [ ! -e "${file}" ]; then

122

echo "WARNING: file ${file} not found, requested by Mandos network hook '${hook##*/}'" >&2

123

124

if [ -z "${target}" ]; then

125

copy_exec "$file"

126

else

127

copy_exec "$file" "$target"

128

129

done

130

# Copy and load any modules needed by the network hook

131

MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \

132

VERBOSITY=0 "$hook" modules | while read module; do

133

if [ -z "${target}" ]; then

134

force_load "$module"

135

136

done

137

*~|.*|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;

*) copy_exec "$file" "${PLUGINDIR}";;

esac

138

done

139

140

# GPGME needs /usr/bin/gpg

141

if [ ! -e "${DESTDIR}/usr/bin/gpg" \

142

-a -n "`ls \"${DESTDIR}\"/usr/lib/libgpgme.so* \

143

2>/dev/null`" ]; then

if ! [ -e "${DESTDIR}/usr/bin/gpg" ] \

&& [ -n "`ls \"${DESTDIR}\"/usr/lib/libgpgme.so* 2>/dev/null`" ]; then

144

copy_exec /usr/bin/gpg

145

146

147

# Config files

148

for file in /etc/mandos/plugin-runner.conf; do

149

if [ -d "$file" ]; then

150

continue

151

152

cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"

153

done

154

155

if [ ${mandos_user} != 65534 ]; then

156

sed --in-place --expression="1i--userid=${mandos_user}" \

157

"${DESTDIR}${CONFDIR}/plugin-runner.conf"

158

159

160

if [ ${mandos_group} != 65534 ]; then

161

sed --in-place --expression="1i--groupid=${mandos_group}" \

162

"${DESTDIR}${CONFDIR}/plugin-runner.conf"

163

164

165

# Key files

166

for file in "$keydir"/*; do

for file in /etc/mandos/*; do

167

if [ -d "$file" ]; then

168

continue

169

170

cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"

171

chown ${mandos_user}:${mandos_group} \

172

"${DESTDIR}${CONFDIR}/`basename \"$file\"`"

173

done

# Create key ring files

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

--no-default-keyring --no-options --enable-dsa2 \

--homedir "${DESTDIR}${CONFDIR}" --no-permission-warning \

--trust-model always --import-options import-minimal \

100

--import "${DESTDIR}${CONFDIR}/seckey.txt"

101

chown nobody "${DESTDIR}${CONFDIR}/secring.gpg"

174

102

175

103

# /lib/mandos/plugin-runner will drop priviliges, but needs access to

176

104

# its plugin directory and its config file. However, since almost all

184

112

# condition. This umask is set by "initramfs-tools-hook-conf",

185

113

# installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)

186

114

187

for full in "${MANDOSDIR}" "${CONFDIR}"; do

115

for full in "${PLUGINDIR}" "${CONFDIR}"; do

188

116

while [ "$full" != "/" ]; do

189

117

chmod a+rX "${DESTDIR}$full"

190

118

full="`dirname \"$full\"`"

194

122

# Reset some other things to sane permissions which we have

195

123

# inadvertently affected with our umask setting.

196

124

for dir in / /bin /etc /keyscripts /sbin /scripts /usr /usr/bin; do

197

if [ -d "${DESTDIR}$dir" ]; then

198

chmod a+rX "${DESTDIR}$dir"

199

125

chmod a+rX "${DESTDIR}$dir"

200

126

done

201

for dir in "${DESTDIR}"/lib* "${DESTDIR}"/usr/lib*; do

202

if [ -d "$dir" ]; then

203

find "$dir" \! -perm -u+rw,g+r -prune -or -print0 \

204

| xargs --null --no-run-if-empty chmod a+rX

205

127

for dir in /lib /usr/lib; do

128

chmod --recursive a+rX "${DESTDIR}$dir"

206

129

done

Older »