3
# This script will be run by 'mkinitramfs' when it creates the image.
4
# Its job is to decide which files to install, then install them into
5
# the staging area, where the initramfs is being created. This
6
# happens when a new 'linux-image' package is installed, or when the
7
# administrator runs 'update-initramfs' by hand to update an initramfs
10
# The environment contains at least:
12
# DESTDIR -- The staging directory where the image is being built.
14
# No initramfs pre-requirements
30
. /usr/share/initramfs-tools/hook-functions
32
for d in /usr /usr/local; do
33
if [ -d "$d"/lib/mandos ]; then
38
if [ -z "$prefix" ]; then
43
for d in /etc/keys/mandos /usr/local/lib/mandos/keys; do
49
if [ -z "$keydir" ]; then
50
# Mandos key directory not found
54
mandos_user="`{ getent passwd mandos \
55
|| getent passwd nobody \
56
|| echo ::65534::::; } | awk -F: '{ print $3 }'`"
57
mandos_group="`{ getent group mandos \
58
|| getent group nogroup \
59
|| echo ::65534:; } | awk -F: '{ print $3 }'`"
61
# The Mandos network client uses the network
63
# The Mandos network client uses IPv6
66
# These are directories inside the initrd
67
CONFDIR="/conf/conf.d/mandos"
68
MANDOSDIR="/lib/mandos"
69
PLUGINDIR="${MANDOSDIR}/plugins.d"
72
install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \
73
"${DESTDIR}${MANDOSDIR}"
74
install --owner=${mandos_user} --group=${mandos_group} --directory \
75
--mode=u=rwx "${DESTDIR}${PLUGINDIR}"
77
# Copy the Mandos plugin runner
78
copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}"
82
# Copy the packaged plugins
83
for file in "$prefix"/lib/mandos/plugins.d/*; do
84
base="`basename \"$file\"`"
85
# Is this plugin overridden?
86
if [ -e "/etc/mandos/plugins.d/$base" ]; then
90
*~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;
92
*) copy_exec "$file" "${PLUGINDIR}";;
96
# Copy any user-supplied plugins
97
for file in /etc/mandos/plugins.d/*; do
98
base="`basename \"$file\"`"
100
*~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;
102
*) copy_exec "$file" "${PLUGINDIR}";;
106
# GPGME needs /usr/bin/gpg
107
if ! [ -e "${DESTDIR}/usr/bin/gpg" ] \
108
&& [ -n "`ls \"${DESTDIR}\"/usr/lib/libgpgme.so* 2>/dev/null`" ]; then
109
copy_exec /usr/bin/gpg
113
for file in /etc/mandos/*; do
114
if [ -d "$file" ]; then
117
cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
121
for file in "$keydir"/*; do
122
if [ -d "$file" ]; then
125
cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
126
chown ${mandos_user}:${mandos_group} \
127
"${DESTDIR}${CONFDIR}/`basename \"$file\"`"
130
# /lib/mandos/plugin-runner will drop priviliges, but needs access to
131
# its plugin directory and its config file. However, since almost all
132
# files in initrd have been created with umask 027, this opening of
133
# permissions is needed.
135
# (The umask is not really intended to affect the files inside the
136
# initrd; it is intended to affect the initrd.img file itself, since
137
# it now contains secret key files. There is, however, no other way
138
# to set the permission of the initrd.img file without a race
139
# condition. This umask is set by "initramfs-tools-hook-conf",
140
# installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)
142
for full in "${MANDOSDIR}" "${CONFDIR}"; do
143
while [ "$full" != "/" ]; do
144
chmod a+rX "${DESTDIR}$full"
145
full="`dirname \"$full\"`"
149
# Reset some other things to sane permissions which we have
150
# inadvertently affected with our umask setting.
151
for dir in / /bin /etc /keyscripts /sbin /scripts /usr /usr/bin; do
152
if [ -d "${DESTDIR}$dir" ]; then
153
chmod a+rX "${DESTDIR}$dir"
156
for dir in /lib /usr/lib; do
157
find "${DESTDIR}$dir" \! -perm -u+rw,g+r -prune -o -print0 \
158
| xargs --null --no-run-if-empty chmod a+rX
added
removed
initramfs-tools-hook
