/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-script

  • Committer: Teddy Hogeborn
  • Date: 2008-09-05 07:11:24 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080905071124-9dq11jq5rfd6zfxf
* Makefile: Changed to use symbolic instead of octal modes throughout.
  (KEYDIR): New variable for the key directory.
  (install-server): Bug fix: remove "--parents" from install args.
  (install-client): Bug fix: - '' -  Also create key directory.  Do
                    not chmod plugin dir.  Create custom plugin directory
                    if not the same as normal plugin directory.  Add
                    "--dir" option to "mandos-keygen".  Add note about
                    running "mandos-keygen --password".
  (uninstall-server): Do not depend on the installed server binary,
                      since this made it impossible to do a purge
                      after an uninstall.
  (purge-client): Shred seckey.txt.  Use $(KEYDIR).

* README: Improved wording.

* initramfs-tools-hook: Use a loop to find prefix.  Also find keydir.
                        Remove "${DESTDIR}" from "copy_exec".  Do not
                        try to copy literal "*" if no custom plugins
                        are found.  Copy key files from keydir, not
                        config dir.  Only repair mode on directories
                        that actually exist.  Do not run chmod if
                        nothing needs repairing.

* plugin-runner.conf: New file.

Show diffs side-by-side

added added

removed removed

Lines of Context:
6
6
7
7
 
8
8
# This script should be installed as
9
 
# "/usr/share/initramfs-tools/scripts/init-premount/mandos" which will
10
 
# eventually be "/scripts/init-premount/mandos" in the initrd.img
11
 
# file.
 
9
# "/usr/share/initramfs-tools/scripts/local-top/mandos" which will
 
10
# eventually be "/scripts/local-top/mandos" in the initrd.img file.
12
11
 
13
 
# No initramfs pre-requirements.
14
 
PREREQ="udev"
 
12
# No initramfs pre-requirements; we must instead run BEFORE cryptroot.
 
13
# This is not a problem, since cryptroot forces itself to run LAST.
 
14
PREREQ=""
15
15
prereqs()
16
16
{
17
 
    echo "$PREREQ"
 
17
     echo "$PREREQ"
18
18
}
19
19
 
20
20
case $1 in
21
21
prereqs)
22
 
        prereqs
23
 
        exit 0
24
 
        ;;
25
 
esac
26
 
 
27
 
. /scripts/functions
28
 
 
29
 
for param in `cat /proc/cmdline`; do
30
 
    case "$param" in
31
 
        ip=*) IPOPTS="${param#ip=}" ;;
32
 
        mandos=*)
33
 
            # Split option line on commas
34
 
            old_ifs="$IFS"
35
 
            IFS="$IFS,"
36
 
            for mpar in ${param#mandos=}; do
37
 
                IFS="$old_ifs"
38
 
                case "$mpar" in
39
 
                    off) exit 0 ;;
40
 
                    connect) connect="" ;;
41
 
                    connect:*) connect="${mpar#connect:}" ;;
42
 
                    *) log_warning_msg "$0: Bad option ${mpar}" ;;
43
 
                esac
44
 
            done
45
 
            unset mpar
46
 
            IFS="$old_ifs"
47
 
            unset old_ifs
48
 
            ;;
49
 
    esac
50
 
done
51
 
unset param
52
 
 
53
 
chmod a=rwxt /tmp
54
 
 
55
 
test -r /conf/conf.d/cryptroot
56
 
test -w /conf/conf.d
57
 
 
58
 
# Get DEVICE from /conf/initramfs.conf and other files
59
 
. /conf/initramfs.conf
60
 
for conf in /conf/conf.d/*; do
61
 
    [ -f ${conf} ] && . ${conf}
62
 
done
63
 
if [ -e /conf/param.conf ]; then
64
 
    . /conf/param.conf
65
 
fi
66
 
 
67
 
# Override DEVICE from sixth field of ip= kernel option, if passed
68
 
case "$IPOPTS" in
69
 
    *:*:*:*:*:*)                # At least six fields
70
 
        # Remove the first five fields
71
 
        device="${IPOPTS#*:*:*:*:*:}"
72
 
        # Remove all fields except the first one
73
 
        DEVICE="${device%%:*}"
74
 
        ;;
75
 
esac
76
 
 
77
 
# Add device setting (if any) to plugin-runner.conf
78
 
if [ "${DEVICE+set}" = set ]; then
79
 
    # Did we get the device from an ip= option?
80
 
    if [ "${device+set}" = set ]; then
81
 
        # Let ip= option override local config; append:
82
 
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
83
 
        
84
 
        --options-for=mandos-client:--interface=${DEVICE}
85
 
EOF
86
 
    else
87
 
        # Prepend device setting so any later options would override:
88
 
        sed -i -e \
89
 
            '1i--options-for=mandos-client:--interface='"${DEVICE}" \
90
 
            /conf/conf.d/mandos/plugin-runner.conf
91
 
    fi
92
 
fi
93
 
unset device
94
 
 
95
 
# If we are connecting directly, run "configure_networking" (from
96
 
# /scripts/functions); it needs IPOPTS and DEVICE
97
 
if [ "${connect+set}" = set ]; then
98
 
    configure_networking
99
 
    if [ -n "$connect" ]; then
100
 
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
101
 
        
102
 
        --options-for=mandos-client:--connect=${connect}
103
 
EOF
104
 
    fi
105
 
fi
 
22
     prereqs
 
23
     exit 0
 
24
     ;;
 
25
esac
 
26
 
 
27
test -w /conf/conf.d/cryptroot
106
28
 
107
29
# Do not replace cryptroot file unless we need to.
108
30
replace_cryptroot=no