106
# Do not replace cryptroot file unless we need to.
110
mandos=/lib/mandos/plugin-runner
112
# parse /conf/conf.d/cryptroot. Format:
113
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
114
exec 3>/conf/conf.d/cryptroot.mandos
115
while read options; do
117
# Split option line on commas
120
for opt in $options; do
121
# Find the keyscript option, if any
124
keyscript="${opt#keyscript=}"
125
newopts="$newopts,$opt"
129
newopts="$newopts,$opt"
105
if [ -r /conf/conf.d/cryptroot ]; then
108
# Do not replace cryptroot file unless we need to.
112
mandos=/lib/mandos/plugin-runner
115
# parse /conf/conf.d/cryptroot. Format:
116
# target=sda2_crypt,source=/dev/sda2,rootdev,key=none,keyscript=/foo/bar/baz
117
# Is the root device specially marked?
119
while read -r options; do
121
rootdev,*|*,rootdev,*|*,rootdev)
122
# If the root device is specially marked, don't change all
123
# lines in crypttab by default.
135
# If there was no keyscript option, add one.
136
if [ -z "$keyscript" ]; then
137
replace_cryptroot=yes
138
newopts="$newopts,keyscript=$mandos"
140
newopts="${newopts#,}"
142
done < /conf/conf.d/cryptroot
145
# If we need to, replace the old cryptroot file with the new file.
146
if [ "$replace_cryptroot" = yes ]; then
147
mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
148
mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
150
rm /conf/conf.d/cryptroot.mandos
127
done < /conf/conf.d/cryptroot
129
exec 3>/conf/conf.d/cryptroot.mandos
130
while read -r options; do
133
changethis="$changeall"
134
# Split option line on commas
137
for opt in $options; do
138
# Find the keyscript option, if any
141
keyscript="${opt#keyscript=}"
142
newopts="$newopts,$opt"
145
# Always use Mandos on the root device, if marked
148
newopts="$newopts,$opt"
150
# Don't use Mandos on resume device, if marked
153
newopts="$newopts,$opt"
156
newopts="$newopts,$opt"
162
# If there was no keyscript option, add one.
163
if [ "$changethis" = yes ] && [ -z "$keyscript" ]; then
164
replace_cryptroot=yes
165
newopts="$newopts,keyscript=$mandos"
167
newopts="${newopts#,}"
169
done < /conf/conf.d/cryptroot
172
# If we need to, replace the old cryptroot file with the new file.
173
if [ "$replace_cryptroot" = yes ]; then
174
mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
175
mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
177
rm -f /conf/conf.d/cryptroot.mandos
179
elif [ -x /usr/bin/cryptroot-unlock ]; then
180
# Use setsid if available
181
if command -v setsid >/dev/null 2>&1; then
182
setsid /lib/mandos/mandos-to-cryptroot-unlock &
184
/lib/mandos/mandos-to-cryptroot-unlock &
153
## Work around Debian bug #633582: <http://bugs.debian.org/633582>
154
# First determine the mandos user and group ID
159
TEMP=`getopt --quiet --longoptions userid:,groupid: --options "" -- $line`
163
--userid) mandos_user="$2"; shift 2;;
164
--groupid) mandos_group="$2"; shift 2;;
168
done < /conf/conf.d/mandos/plugin-runner.conf
169
chown "${mandos_user}:${mandos_group}" \
170
/lib/mandos/plugins.d \
171
/conf/conf.d/mandos/pubkey.txt \
172
/conf/conf.d/mandos/seckey.txt