bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
|
74
by Teddy Hogeborn
* Makefile (PREFIX, CONFDIR): New. |
1 |
#!/bin/sh -e
|
2 |
#
|
|
3 |
# This script will run in the initrd environment at boot and edit
|
|
4 |
# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
|
|
5 |
# when no other keyscript is set, before cryptsetup.
|
|
6 |
#
|
|
7 |
||
8 |
# This script should be installed as
|
|
9 |
# "/usr/share/initramfs-tools/scripts/local-top/mandos" which will
|
|
10 |
# eventually be "/scripts/local-top/mandos" in the initrd.img file.
|
|
11 |
||
12 |
# No initramfs pre-requirements; we must instead run BEFORE cryptroot.
|
|
13 |
# This is not a problem, since cryptroot forces itself to run LAST.
|
|
14 |
PREREQ="" |
|
15 |
prereqs()
|
|
16 |
{
|
|
|
292
by Teddy Hogeborn
* Makefile (run-server): Use "--no-dbus" unconditionally. |
17 |
echo "$PREREQ" |
|
74
by Teddy Hogeborn
* Makefile (PREFIX, CONFDIR): New. |
18 |
}
|
19 |
||
20 |
case $1 in |
|
21 |
prereqs)
|
|
|
292
by Teddy Hogeborn
* Makefile (run-server): Use "--no-dbus" unconditionally. |
22 |
prereqs
|
23 |
exit 0 |
|
24 |
;; |
|
|
74
by Teddy Hogeborn
* Makefile (PREFIX, CONFDIR): New. |
25 |
esac
|
26 |
||
|
269
by Teddy Hogeborn
* debian/watch: New file. |
27 |
for param in `cat /proc/cmdline`; do |
28 |
case "$param" in |
|
29 |
mandos=off) exit 0;; |
|
30 |
esac |
|
31 |
done
|
|
32 |
||
|
178
by Teddy Hogeborn
* initramfs-tools-script: Fix permissions of "/tmp" in initrd. |
33 |
chmod a=rwxt /tmp |
34 |
||
|
292
by Teddy Hogeborn
* Makefile (run-server): Use "--no-dbus" unconditionally. |
35 |
test -r /conf/conf.d/cryptroot |
36 |
test -w /conf/conf.d |
|
|
74
by Teddy Hogeborn
* Makefile (PREFIX, CONFDIR): New. |
37 |
|
38 |
# Do not replace cryptroot file unless we need to.
|
|
39 |
replace_cryptroot=no |
|
40 |
||
41 |
# Our keyscript
|
|
42 |
mandos=/lib/mandos/plugin-runner |
|
43 |
||
44 |
# parse /conf/conf.d/cryptroot. Format:
|
|
45 |
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
|
|
46 |
exec 3>/conf/conf.d/cryptroot.mandos |
|
47 |
while read options; do |
|
48 |
newopts="" |
|
49 |
# Split option line on commas |
|
50 |
old_ifs="$IFS" |
|
51 |
IFS="$IFS," |
|
52 |
for opt in $options; do |
|
53 |
# Find the keyscript option, if any |
|
54 |
case "$opt" in |
|
55 |
keyscript=*) |
|
56 |
keyscript="${opt#keyscript=}" |
|
57 |
newopts="$newopts,$opt" |
|
58 |
;; |
|
59 |
"") : ;; |
|
60 |
*) |
|
61 |
newopts="$newopts,$opt" |
|
62 |
;; |
|
63 |
esac |
|
64 |
done |
|
65 |
IFS="$old_ifs" |
|
66 |
unset old_ifs |
|
67 |
# If there was no keyscript option, add one. |
|
68 |
if [ -z "$keyscript" ]; then |
|
69 |
replace_cryptroot=yes |
|
70 |
newopts="$newopts,keyscript=$mandos" |
|
71 |
fi |
|
72 |
newopts="${newopts#,}" |
|
73 |
echo "$newopts" >&3 |
|
74 |
done < /conf/conf.d/cryptroot |
|
75 |
exec 3>&- |
|
76 |
||
77 |
# If we need to, replace the old cryptroot file with the new file.
|
|
78 |
if [ "$replace_cryptroot" = yes ]; then |
|
79 |
mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old |
|
80 |
mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot |
|
81 |
else
|
|
82 |
rm /conf/conf.d/cryptroot.mandos |
|
83 |
fi
|