/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/cmdline-mandos.sh

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • mto: This revision was merged to the branch mainline in revision 410.
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#!/bin/sh
 
2
#
 
3
# This file should be present in the root file system directory
 
4
# /usr/lib/dracut/modules.d/90mandos.  When dracut creates the
 
5
# initramfs image, dracut will run the "module-setup.sh" file in the
 
6
# same directory, which (when *not* using the "systemd" dracut module)
 
7
# will copy this file ("cmdline-mandos.sh") into the initramfs as
 
8
# "/lib/dracut/hooks/cmdline/20-cmdline-mandos.sh".
 
9
 
10
# Despite the above #!/bin/sh line and the executable flag, this file
 
11
# is not executed; this file is sourced by the /init script in the
 
12
# initramfs image created by dracut.
 
13
 
 
14
if getargbool 1 mandos && [ -e /lib/dracut-crypt-lib.sh ]; then
 
15
    cat >> /lib/dracut-crypt-lib.sh <<- "EOF"
 
16
        ask_for_password(){
 
17
            local cmd; local prompt; local tries=3
 
18
            local ply_cmd; local ply_prompt; local ply_tries=3
 
19
            local tty_cmd; local tty_prompt; local tty_tries=3
 
20
            local ret
 
21
        
 
22
            while [ $# -gt 0 ]; do
 
23
                case "$1" in
 
24
                    --cmd) ply_cmd="$2"; tty_cmd="$2"; shift;;
 
25
                    --ply-cmd) ply_cmd="$2"; shift;;
 
26
                    --tty-cmd) tty_cmd="$2"; shift;;
 
27
                    --prompt) ply_prompt="$2"; tty_prompt="$2"; shift;;
 
28
                    --ply-prompt) ply_prompt="$2"; shift;;
 
29
                    --tty-prompt) tty_prompt="$2"; shift;;
 
30
                    --tries) ply_tries="$2"; tty_tries="$2"; shift;;
 
31
                    --ply-tries) ply_tries="$2"; shift;;
 
32
                    --tty-tries) tty_tries="$2"; shift;;
 
33
                    --tty-echo-off) tty_echo_off=yes;;
 
34
                    -*) :;;
 
35
                esac
 
36
                shift
 
37
            done
 
38
            if [ -z "$ply_cmd" ]; then
 
39
                ply_cmd="$tty_cmd"
 
40
            fi
 
41
            # Extract device and luksname from $ply_cmd
 
42
            set -- $ply_cmd
 
43
            shift
 
44
            for arg in "$@"; do
 
45
                case "$arg" in
 
46
                    -*) :;;
 
47
                    *)
 
48
                        if [ -z "$device" ]; then
 
49
                            device="$arg"
 
50
                        else
 
51
                            luksname="$arg"
 
52
                            break
 
53
                        fi
 
54
                        ;;
 
55
                esac
 
56
            done
 
57
            { flock -s 9;
 
58
              if [ -z "$ply_prompt" ]; then
 
59
                  if [ -z "$tty_prompt" ]; then
 
60
                      CRYPTTAB_SOURCE="$device" cryptsource="$device" CRYPTTAB_NAME="$luksname" crypttarget="$luksname" /lib/mandos/plugin-runner --config-file=/etc/mandos/plugin-runner.conf | $ply_cmd
 
61
                  else
 
62
                      CRYPTTAB_SOURCE="$device" cryptsource="$device" CRYPTTAB_NAME="$luksname" crypttarget="$luksname" /lib/mandos/plugin-runner --options-for=password-prompt:--prompt="${tty_prompt}" --config-file=/etc/mandos/plugin-runner.conf | $ply_cmd
 
63
                  fi
 
64
              else
 
65
                  if [ -z "$tty_prompt" ]; then
 
66
                      CRYPTTAB_SOURCE="$device" cryptsource="$device" CRYPTTAB_NAME="$luksname" crypttarget="$luksname" /lib/mandos/plugin-runner --options-for=plymouth:--prompt="${ply_prompt}" --config-file=/etc/mandos/plugin-runner.conf | $ply_cmd
 
67
                  else
 
68
                      CRYPTTAB_SOURCE="$device" cryptsource="$device" CRYPTTAB_NAME="$luksname" crypttarget="$luksname" /lib/mandos/plugin-runner --options-for=password-prompt:--prompt="${tty_prompt}" --options-for=plymouth:--prompt="${ply_prompt}" --config-file=/etc/mandos/plugin-runner.conf | $ply_cmd
 
69
                  fi
 
70
              fi
 
71
            } 9>/.console_lock
 
72
        }
 
73
        EOF
 
74
fi