/mandos/trunk : contents of initramfs-tools-script at revision 115

: (revision 115)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

#!/bin/sh -e
# 
# This script will run in the initrd environment at boot and edit
# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
# when no other keyscript is set, before cryptsetup.
# 

# This script should be installed as
# "/usr/share/initramfs-tools/scripts/local-top/mandos" which will
# eventually be "/scripts/local-top/mandos" in the initrd.img file.

# No initramfs pre-requirements; we must instead run BEFORE cryptroot.
# This is not a problem, since cryptroot forces itself to run LAST.
PREREQ=""
prereqs()
{
     echo "$PREREQ"
}

case $1 in
prereqs)
     prereqs
     exit 0
     ;;
esac

test -w /conf/conf.d/cryptroot

# Do not replace cryptroot file unless we need to.
replace_cryptroot=no

# Our keyscript
mandos=/lib/mandos/plugin-runner

# parse /conf/conf.d/cryptroot.  Format:
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
exec 3>/conf/conf.d/cryptroot.mandos
while read options; do
    newopts=""
    # Split option line on commas
    old_ifs="$IFS"
    IFS="$IFS,"
    for opt in $options; do
	# Find the keyscript option, if any
	case "$opt" in
	    keyscript=*)
		keyscript="${opt#keyscript=}"
		newopts="$newopts,$opt"
		;;
	    "") : ;;
	    *)
		newopts="$newopts,$opt"
		;;
	esac
    done
    IFS="$old_ifs"
    unset old_ifs
    # If there was no keyscript option, add one.
    if [ -z "$keyscript" ]; then
	replace_cryptroot=yes
	newopts="$newopts,keyscript=$mandos"
    fi
    newopts="${newopts#,}"
    echo "$newopts" >&3
done < /conf/conf.d/cryptroot
exec 3>&-

# If we need to, replace the old cryptroot file with the new file.
if [ "$replace_cryptroot" = yes ]; then
    mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
    mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
else
    rm /conf/conf.d/cryptroot.mandos
fi

74 by Teddy Hogeborn * Makefile (PREFIX, CONFDIR): New.	1	#!/bin/sh -e
	2	#
	3	# This script will run in the initrd environment at boot and edit
	4	# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
	5	# when no other keyscript is set, before cryptsetup.
	6	#
	7
	8	# This script should be installed as
	9	# "/usr/share/initramfs-tools/scripts/local-top/mandos" which will
	10	# eventually be "/scripts/local-top/mandos" in the initrd.img file.
	11
	12	# No initramfs pre-requirements; we must instead run BEFORE cryptroot.
	13	# This is not a problem, since cryptroot forces itself to run LAST.
	14	PREREQ=""
	15	prereqs()
	16	{
	17	echo "$PREREQ"
	18	}
	19
	20	case $1 in
	21	prereqs)
	22	prereqs
	23	exit 0
	24	;;
	25	esac
	26
	27	test -w /conf/conf.d/cryptroot
	28
	29	# Do not replace cryptroot file unless we need to.
	30	replace_cryptroot=no
	31
	32	# Our keyscript
	33	mandos=/lib/mandos/plugin-runner
	34
	35	# parse /conf/conf.d/cryptroot. Format:
	36	# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
	37	exec 3>/conf/conf.d/cryptroot.mandos
	38	while read options; do
	39	newopts=""
	40	# Split option line on commas
	41	old_ifs="$IFS"
	42	IFS="$IFS,"
	43	for opt in $options; do
	44	# Find the keyscript option, if any
	45	case "$opt" in
	46	keyscript=*)
	47	keyscript="${opt#keyscript=}"
	48	newopts="$newopts,$opt"
	49	;;
	50	"") : ;;
	51	*)
	52	newopts="$newopts,$opt"
	53	;;
	54	esac
	55	done
	56	IFS="$old_ifs"
	57	unset old_ifs
	58	# If there was no keyscript option, add one.
	59	if [ -z "$keyscript" ]; then
	60	replace_cryptroot=yes
	61	newopts="$newopts,keyscript=$mandos"
	62	fi
	63	newopts="${newopts#,}"
	64	echo "$newopts" >&3
65	done < /conf/conf.d/cryptroot
66	exec 3>&-
67
68	# If we need to, replace the old cryptroot file with the new file.
69	if [ "$replace_cryptroot" = yes ]; then
70	mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
71	mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
72	else
73	rm /conf/conf.d/cryptroot.mandos
74	fi