3
# This script will be run by 'mkinitramfs' when it creates the image.
4
# Its job is to decide which files to install, then install them into
5
# the staging area, where the initramfs is being created. This
6
# happens when a new 'linux-image' package is installed, or when an
7
# administrator runs 'update-initramfs' by hand to update an initramfs
10
# The environment contains at least:
12
# DESTDIR -- The staging directory where the image is being built.
14
# No initramfs pre-requirements
30
. /usr/share/initramfs-tools/hook-functions
33
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
34
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/local/lib; do
35
if [ -d "$d"/mandos ]; then
40
if [ -z "$libdir" ]; then
45
for d in /etc/keys/mandos /etc/mandos/keys; do
51
if [ -z "$keydir" ]; then
52
# Mandos key directory not found
56
set `{ getent passwd _mandos \
57
|| getent passwd nobody \
58
|| echo ::65534:65534:::; } \
59
| cut --delimiter=: --fields=3,4 --only-delimited \
60
--output-delimiter=" "`
64
# The Mandos network client uses the network
66
# The Mandos network client uses IPv6
69
# These are directories inside the initrd
70
CONFDIR="/conf/conf.d/mandos"
71
MANDOSDIR="/lib/mandos"
72
PLUGINDIR="${MANDOSDIR}/plugins.d"
73
PLUGINHELPERDIR="${MANDOSDIR}/plugin-helpers"
74
HOOKDIR="${MANDOSDIR}/network-hooks.d"
77
install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \
78
"${DESTDIR}${MANDOSDIR}" "${DESTDIR}${HOOKDIR}" \
79
"${DESTDIR}${PLUGINHELPERDIR}"
80
install --owner=${mandos_user} --group=${mandos_group} --directory \
81
--mode=u=rwx "${DESTDIR}${PLUGINDIR}"
83
# Copy the Mandos plugin runner
84
copy_exec "$libdir"/mandos/plugin-runner "${MANDOSDIR}"
88
# Copy the packaged plugins
89
for file in "$libdir"/mandos/plugins.d/*; do
90
base="`basename \"$file\"`"
91
# Is this plugin overridden?
92
if [ -e "/etc/mandos/plugins.d/$base" ]; then
96
*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
98
"*") echo "W: Mandos client plugin directory is empty." >&2 ;;
99
*) copy_exec "$file" "${PLUGINDIR}" ;;
103
# Copy the packaged plugin helpers
104
for file in "$libdir"/mandos/plugin-helpers/*; do
105
base="`basename \"$file\"`"
106
# Is this plugin overridden?
107
if [ -e "/etc/mandos/plugin-helpers/$base" ]; then
111
*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
114
*) copy_exec "$file" "${PLUGINHELPERDIR}" ;;
118
# Copy any user-supplied plugins
119
for file in /etc/mandos/plugins.d/*; do
120
base="`basename \"$file\"`"
122
*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
125
*) copy_exec "$file" "${PLUGINDIR}" ;;
129
# Copy any user-supplied plugin helpers
130
for file in /etc/mandos/plugin-helpers/*; do
131
base="`basename \"$file\"`"
133
*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
136
*) copy_exec "$file" "${PLUGINHELPERDIR}" ;;
140
# Get DEVICE from initramfs.conf and other files
141
. /etc/initramfs-tools/initramfs.conf
142
for conf in /etc/initramfs-tools/conf.d/*; do
143
if [ -n `basename \"$conf\" | grep '^[[:alnum:]][[:alnum:]\._-]*$' \
144
| grep -v '\.dpkg-.*$'` ]; then
145
[ -f ${conf} ] && . ${conf}
151
for hook in /etc/mandos/network-hooks.d/*; do
152
case "`basename \"$hook\"`" in
154
*[!A-Za-z0-9_.-]*) continue ;;
155
*) test -d "$hook" || copy_exec "$hook" "${HOOKDIR}" ;;
157
if [ -x "$hook" ]; then
158
# Copy any files needed by the network hook
159
MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \
160
VERBOSITY=0 "$hook" files | while read file target; do
161
if [ ! -e "${file}" ]; then
162
echo "WARNING: file ${file} not found, requested by Mandos network hook '${hook##*/}'" >&2
164
if [ -z "${target}" ]; then
167
copy_exec "$file" "$target"
170
# Copy and load any modules needed by the network hook
171
MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \
172
VERBOSITY=0 "$hook" modules | while read module; do
173
if [ -z "${target}" ]; then
182
libgpgme11_version="`dpkg-query --showformat='${Version}' --show libgpgme11`"
183
if dpkg --compare-versions "$libgpgme11_version" ge 1.5.0-0.1; then
184
if [ -e /usr/bin/gpgconf ]; then
185
if [ ! -e "${DESTDIR}/usr/bin/gpgconf" ]; then
186
copy_exec /usr/bin/gpgconf
188
gpg="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg:[^:]*://p'`"
190
elif dpkg --compare-versions "$libgpgme11_version" ge 1.4.1-0.1; then
193
if [ ! -e "${DESTDIR}$gpg" ]; then
197
unset libgpgme11_version
200
for file in /etc/mandos/plugin-runner.conf; do
201
if [ -d "$file" ]; then
204
cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"
207
if [ ${mandos_user} != 65534 ]; then
208
sed --in-place --expression="1i--userid=${mandos_user}" \
209
"${DESTDIR}${CONFDIR}/plugin-runner.conf"
212
if [ ${mandos_group} != 65534 ]; then
213
sed --in-place --expression="1i--groupid=${mandos_group}" \
214
"${DESTDIR}${CONFDIR}/plugin-runner.conf"
218
for file in "$keydir"/*; do
219
if [ -d "$file" ]; then
223
*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
227
cp --archive --sparse=always "$file" \
228
"${DESTDIR}${CONFDIR}"
229
chown ${mandos_user}:${mandos_group} \
230
"${DESTDIR}${CONFDIR}/`basename \"$file\"`"
234
# Use Diffie-Hellman parameters file if available
235
if [ -e "${DESTDIR}${CONFDIR}"/client-dhparams.pem ]; then
237
--expression="1i--options-for=mandos-client:--dh-params=${CONFDIR}/client-dhparams.pem" \
238
"${DESTDIR}/${CONFDIR}/plugin-runner.conf"
241
# /lib/mandos/plugin-runner will drop priviliges, but needs access to
242
# its plugin directory and its config file. However, since almost all
243
# files in initrd have been created with umask 027, this opening of
244
# permissions is needed.
246
# (The umask is not really intended to affect the files inside the
247
# initrd; it is intended to affect the initrd.img file itself, since
248
# it now contains secret key files. There is, however, no other way
249
# to set the permission of the initrd.img file without a race
250
# condition. This umask is set by "initramfs-tools-hook-conf",
251
# installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)
253
for full in "${MANDOSDIR}" "${CONFDIR}"; do
254
while [ "$full" != "/" ]; do
255
chmod a+rX "${DESTDIR}$full"
256
full="`dirname \"$full\"`"
260
# Reset some other things to sane permissions which we have
261
# inadvertently affected with our umask setting.
262
for dir in / /bin /etc /keyscripts /sbin /scripts /usr /usr/bin; do
263
if [ -d "${DESTDIR}$dir" ]; then
264
chmod a+rX "${DESTDIR}$dir"
267
for dir in "${DESTDIR}"/lib* "${DESTDIR}"/usr/lib*; do
268
if [ -d "$dir" ]; then
269
find "$dir" \! -perm -u+rw,g+r -prune -or -print0 \
270
| xargs --null --no-run-if-empty chmod a+rX