3
# This script will run in the initrd environment at boot and edit
4
# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
5
# when no other keyscript is set, before cryptsetup.
8
# This script should be installed as
9
# "/usr/share/initramfs-tools/scripts/init-premount/mandos" which will
10
# eventually be "/scripts/init-premount/mandos" in the initrd.img
28
for param in `cat /proc/cmdline`; do
30
ip=*) IPOPTS="${param#ip=}" ;;
32
# Split option line on commas
35
for mpar in ${param#mandos=}; do
39
connect) connect="" ;;
40
connect:*) connect="${mpar#connect:}" ;;
41
*) log_warning_msg "$0: Bad option ${mpar}" ;;
54
# Get DEVICE from /conf/initramfs.conf and other files
55
. /conf/initramfs.conf
56
for conf in /conf/conf.d/*; do
57
[ -f "${conf}" ] && . "${conf}"
59
if [ -e /conf/param.conf ]; then
63
# Override DEVICE from sixth field of ip= kernel option, if passed
65
*:*:*:*:*:*) # At least six fields
66
# Remove the first five fields
67
device="${IPOPTS#*:*:*:*:*:}"
68
# Remove all fields except the first one
69
DEVICE="${device%%:*}"
73
# Add device setting (if any) to plugin-runner.conf
74
if [ "${DEVICE+set}" = set ]; then
75
# Did we get the device from an ip= option?
76
if [ "${device+set}" = set ]; then
77
# Let ip= option override local config; append:
78
cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
80
--options-for=mandos-client:--interface=${DEVICE}
83
# Prepend device setting so any later options would override:
85
'1i--options-for=mandos-client:--interface='"${DEVICE}" \
86
/conf/conf.d/mandos/plugin-runner.conf
91
# If we are connecting directly, run "configure_networking" (from
92
# /scripts/functions); it needs IPOPTS and DEVICE
93
if [ "${connect+set}" = set ]; then
94
set +e # Required by library functions
97
if [ -n "$connect" ]; then
98
cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
100
--options-for=mandos-client:--connect=${connect}
105
if [ -r /conf/conf.d/cryptroot ]; then
108
# Do not replace cryptroot file unless we need to.
112
mandos=/lib/mandos/plugin-runner
115
# parse /conf/conf.d/cryptroot. Format:
116
# target=sda2_crypt,source=/dev/sda2,rootdev,key=none,keyscript=/foo/bar/baz
117
# Is the root device specially marked?
119
while read -r options; do
121
rootdev,*|*,rootdev,*|*,rootdev)
122
# If the root device is specially marked, don't change all
123
# lines in crypttab by default.
127
done < /conf/conf.d/cryptroot
129
exec 3>/conf/conf.d/cryptroot.mandos
130
while read -r options; do
133
changethis="$changeall"
134
# Split option line on commas
137
for opt in $options; do
138
# Find the keyscript option, if any
141
keyscript="${opt#keyscript=}"
142
newopts="$newopts,$opt"
145
# Always use Mandos on the root device, if marked
148
newopts="$newopts,$opt"
150
# Don't use Mandos on resume device, if marked
153
newopts="$newopts,$opt"
156
newopts="$newopts,$opt"
162
# If there was no keyscript option, add one.
163
if [ "$changethis" = yes ] && [ -z "$keyscript" ]; then
164
replace_cryptroot=yes
165
newopts="$newopts,keyscript=$mandos"
167
newopts="${newopts#,}"
169
done < /conf/conf.d/cryptroot
172
# If we need to, replace the old cryptroot file with the new file.
173
if [ "$replace_cryptroot" = yes ]; then
174
mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
175
mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
177
rm -f /conf/conf.d/cryptroot.mandos
179
elif [ -x /usr/bin/cryptroot-unlock ]; then
180
setsid /lib/mandos/mandos-to-cryptroot-unlock &
added
removed
initramfs-tools-script
