/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to initramfs-tools-script

  • Committer: Teddy Hogeborn
  • Date: 2018-02-19 21:32:07 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 366.
  • Revision ID: teddy@recompile.se-20180219213207-0un0ylegx390pftq
Client bug fixes: Fix file descriptor leaks

* plugin-helpers/mandos-client.c (init_gnutls_global, get_flags):
  Always close files and sockets after they are used.

Show diffs side-by-side

added added

removed removed

Lines of Context:
57
57
# Get DEVICE from /conf/initramfs.conf and other files
58
58
. /conf/initramfs.conf
59
59
for conf in /conf/conf.d/*; do
60
 
    [ -f ${conf} ] && . ${conf}
 
60
    [ -f "${conf}" ] && . "${conf}"
61
61
done
62
62
if [ -e /conf/param.conf ]; then
63
63
    . /conf/param.conf
94
94
# If we are connecting directly, run "configure_networking" (from
95
95
# /scripts/functions); it needs IPOPTS and DEVICE
96
96
if [ "${connect+set}" = set ]; then
 
97
    set +e                      # Required by library functions
97
98
    configure_networking
 
99
    set -e
98
100
    if [ -n "$connect" ]; then
99
101
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
100
102
        
108
110
 
109
111
# Our keyscript
110
112
mandos=/lib/mandos/plugin-runner
 
113
test -x "$mandos"
111
114
 
112
115
# parse /conf/conf.d/cryptroot.  Format:
113
 
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
 
116
# target=sda2_crypt,source=/dev/sda2,rootdev,key=none,keyscript=/foo/bar/baz
 
117
# Is the root device specially marked?
 
118
changeall=yes
 
119
while read -r options; do
 
120
    case "$options" in
 
121
        rootdev,*|*,rootdev,*|*,rootdev)
 
122
            # If the root device is specially marked, don't change all
 
123
            # lines in crypttab by default.
 
124
            changeall=no
 
125
            ;;
 
126
    esac
 
127
done < /conf/conf.d/cryptroot
 
128
 
114
129
exec 3>/conf/conf.d/cryptroot.mandos
115
 
while read options; do
 
130
while read -r options; do
116
131
    newopts=""
 
132
    keyscript=""
 
133
    changethis="$changeall"
117
134
    # Split option line on commas
118
135
    old_ifs="$IFS"
119
136
    IFS="$IFS,"
125
142
                newopts="$newopts,$opt"
126
143
                ;;
127
144
            "") : ;;
 
145
            # Always use Mandos on the root device, if marked
 
146
            rootdev)
 
147
                changethis=yes
 
148
                newopts="$newopts,$opt"
 
149
                ;;
 
150
            # Don't use Mandos on resume device, if marked
 
151
            resumedev)
 
152
                changethis=no
 
153
                newopts="$newopts,$opt"
 
154
                ;;
128
155
            *)
129
156
                newopts="$newopts,$opt"
130
157
                ;;
133
160
    IFS="$old_ifs"
134
161
    unset old_ifs
135
162
    # If there was no keyscript option, add one.
136
 
    if [ -z "$keyscript" ]; then
 
163
    if [ "$changethis" = yes ] && [ -z "$keyscript" ]; then
137
164
        replace_cryptroot=yes
138
165
        newopts="$newopts,keyscript=$mandos"
139
166
    fi