/mandos/trunk : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-hook

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

Show diffs side-by-side

added added

removed removed

initramfs-tools-hook

. /usr/share/initramfs-tools/hook-functions

for d in /usr /usr/local; do

if [ -d "$d"/lib/mandos ]; then

prefix="$d"

break

done

if [ -z "$prefix" ]; then

if [ -d /usr/lib/mandos ]; then

prefix=/usr

elif [ -d /usr/local/lib/mandos ]; then

prefix=/usr/local

else

# Mandos not found

exit 1

for d in /etc/keys/mandos /usr/local/lib/mandos/keys; do

if [ -d "$d" ]; then

keydir="$d"

break

done

if [ -z "$keydir" ]; then

# Mandos key directory not found

exit 1

mandos_user="`{ getent passwd mandos \

|| getent passwd nobody \

|| echo ::65534::::; } | awk -F: '{ print $3 }'`"

mandos_group="`{ getent group mandos \

|| getent group nogroup \

|| echo ::65534:; } | awk -F: '{ print $3 }'`"

# The Mandos network client uses the network

auto_add_modules net

# The Mandos network client uses IPv6

PLUGINDIR="${MANDOSDIR}/plugins.d"

# Make directories

install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \

"${DESTDIR}${MANDOSDIR}"

install --owner=${mandos_user} --group=${mandos_group} --directory \

--mode=u=rwx "${DESTDIR}${PLUGINDIR}"

mkdir --parents "${DESTDIR}${CONFDIR}"

mkdir --parents "${DESTDIR}${PLUGINDIR}"

# Copy the Mandos plugin runner

copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}"

copy_exec "$prefix"/lib/mandos/plugin-runner "${DESTDIR}${MANDOSDIR}"

# Copy the plugins

case "$base" in

*~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;

"*") :;;

*) copy_exec "$file" "${PLUGINDIR}";;

esac

done

for file in /etc/mandos/plugins.d/*; do

base="`basename \"$file\"`"

case "$base" in

100

*~|.*|\#*\#|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;

101

"*") :;;

*~|.*|*.dpkg-old|*.dpkg-new|*.dpkg-divert) : ;;

102

*) copy_exec "$file" "${PLUGINDIR}";;

103

esac

104

done

109

copy_exec /usr/bin/gpg

110

111

112

# Config files

# Key files

113

for file in /etc/mandos/*; do

114

if [ -d "$file" ]; then

115

continue

116

117

cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"

118

done

119

120

# Key files

121

for file in "$keydir"/*; do

122

if [ -d "$file" ]; then

123

continue

124

125

cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"

126

chown ${mandos_user}:${mandos_group} \

127

"${DESTDIR}${CONFDIR}/`basename \"$file\"`"

128

done

# Create key ring files

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

--no-default-keyring --no-options --enable-dsa2 \

--homedir "${DESTDIR}${CONFDIR}" --no-permission-warning \

--trust-model always --import-options import-minimal \

100

--import "${DESTDIR}${CONFDIR}/seckey.txt"

101

chown nobody "${DESTDIR}${CONFDIR}/secring.gpg"

129

102

130

103

# /lib/mandos/plugin-runner will drop priviliges, but needs access to

131

104

# its plugin directory and its config file. However, since almost all

139

112

# condition. This umask is set by "initramfs-tools-hook-conf",

140

113

# installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)

141

114

142

for full in "${MANDOSDIR}" "${CONFDIR}"; do

115

for full in "${PLUGINDIR}" "${CONFDIR}"; do

143

116

while [ "$full" != "/" ]; do

144

117

chmod a+rX "${DESTDIR}$full"

145

118

full="`dirname \"$full\"`"

149

122

# Reset some other things to sane permissions which we have

150

123

# inadvertently affected with our umask setting.

151

124

for dir in / /bin /etc /keyscripts /sbin /scripts /usr /usr/bin; do

152

if [ -d "${DESTDIR}$dir" ]; then

153

chmod a+rX "${DESTDIR}$dir"

154

125

chmod a+rX "${DESTDIR}$dir"

155

126

done

156

127

for dir in /lib /usr/lib; do

157

find "${DESTDIR}$dir" \! -perm -u+rw,g+r -prune -o -print0 \

158

| xargs --null --no-run-if-empty chmod a+rX

128

chmod --recursive a+rX "${DESTDIR}$dir"

159

129

done

Older »