/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-script

  • Committer: Teddy Hogeborn
  • Date: 2008-07-29 03:35:39 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080729033539-08zecoj3jwlkpjhw
* server.conf: New file.

* mandos-clients.conf: Renamed to clients.conf.

* Makefile (FORTIFY): New.
  (CFLAGS): Include $(FORTIFY).

* plugins.d/mandosclient.c (main): New "if_index" variable.  Bug fix:
                                   check if interface exists.  New
                                   "--connect" option.

* server.py (serviceInterface): Removed; replaced by
                                "AvahiService.interface".  All users
                                changed.
  (AvahiError, AvahiServiceError, AvahiGroupError): New exception
                                                    classes.
  (AvahiService): New class.
  (serviceName): Removed; replaced by "AvahiService.name".  All users
                 changed.
  (serviceType): Removed; replaced by "AvahiService.type".  All users
                 changed.
  (servicePort): Removed; replaced by "AvahiService.port".  All users
                 changed.
  (serviceTXT): Removed; replaced by "AvahiService.TXT".  All users
                changed.
  (domain): Removed; replaced by "AvahiService.domain".  All users
            changed.
  (host): Removed; replaced by "AvahiService.host".  All users
          changed.
  (rename_count): Removed; replaced by "AvahiService.rename_count" and
                 "AvahiService.max_renames".  All users changed.
  (Client.__init__): If no secret or secfile, raise TypeError instead
                     of RuntimeError.
  (Client.last_seen): Renamed to "Client.last_checked_ok".  All users
                      changed.
  (Client.stop, Client.stop_checker): Use "getattr" with default value
                                      instead of "hasattr".
  (Client.still_valid): Removed "now" argument.
  (Client.handle): Separate the "no client found" and "client invalid"
                   cases for clearer code.
  (IPv6_TCPServer.__init__): "options" argument replaced by
                             "settings".  All callers changed.
  (IPv6_TCPServer.options): Replaced by "IPv6_TCPServer.settings".
                            All users changed.
  (IPv6_TCPServer.server_bind): Use getattr instead of hasattr.
  (add_service): Removed; replaced by "AvahiService.add".  All callers
                 changed.
  (remove_service): Removed; replaced by "AvahiService.remove".  All
                    callers changed.
  (entry_group_state_changed): On entry group collision, call the new
                               AvahiService.rename method.  Raise
                               AvahiGroupError on group error.
  (if_nametoindex): Use ctypes.utils.find_library to locate the C
                    library.  Cache the result.  Loop on EINTR.
  (daemon): Use os.path.devnull to locate "/dev/null".
  (killme): Removed.  All callers changed to do "sys.exit()" instead,
            except where stated otherwise.
  (main): Removed "exitstatus".  Removed all default values from all
          non-bool options.  New option "--configdir".  New variables
          "server_defaults" and "server_settings", read from
          "%(configdir)s/server.conf".  Let any supplied command line
          options override server settings.   Variable "defaults"
          renamed to "client_defaults", which is read from
          "clients.conf" instead of "mandos-clients.conf".  New global
          AvahiService object "service" replaces old global variables.
          Catch AvahiError and exit with error if caught.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/bin/sh -e
2
 
3
 
# This script will run in the initrd environment at boot and edit
4
 
# /conf/conf.d/cryptroot to set /lib/mandos/plugin-runner as keyscript
5
 
# when no other keyscript is set, before cryptsetup.
6
 
7
 
 
8
 
# This script should be installed as
9
 
# "/usr/share/initramfs-tools/scripts/local-top/mandos" which will
10
 
# eventually be "/scripts/local-top/mandos" in the initrd.img file.
11
 
 
12
 
# No initramfs pre-requirements; we must instead run BEFORE cryptroot.
13
 
# This is not a problem, since cryptroot forces itself to run LAST.
14
 
PREREQ=""
15
 
prereqs()
16
 
{
17
 
     echo "$PREREQ"
18
 
}
19
 
 
20
 
case $1 in
21
 
prereqs)
22
 
     prereqs
23
 
     exit 0
24
 
     ;;
25
 
esac
26
 
 
27
 
for param in `cat /proc/cmdline`; do
28
 
    case "$param" in
29
 
        mandos=off) exit 0;;
30
 
    esac
31
 
done
32
 
 
33
 
chmod a=rwxt /tmp
34
 
 
35
 
test -w /conf/conf.d/cryptroot
36
 
 
37
 
# Do not replace cryptroot file unless we need to.
38
 
replace_cryptroot=no
39
 
 
40
 
# Our keyscript
41
 
mandos=/lib/mandos/plugin-runner
42
 
 
43
 
# parse /conf/conf.d/cryptroot.  Format:
44
 
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
45
 
exec 3>/conf/conf.d/cryptroot.mandos
46
 
while read options; do
47
 
    newopts=""
48
 
    # Split option line on commas
49
 
    old_ifs="$IFS"
50
 
    IFS="$IFS,"
51
 
    for opt in $options; do
52
 
        # Find the keyscript option, if any
53
 
        case "$opt" in
54
 
            keyscript=*)
55
 
                keyscript="${opt#keyscript=}"
56
 
                newopts="$newopts,$opt"
57
 
                ;;
58
 
            "") : ;;
59
 
            *)
60
 
                newopts="$newopts,$opt"
61
 
                ;;
62
 
        esac
63
 
    done
64
 
    IFS="$old_ifs"
65
 
    unset old_ifs
66
 
    # If there was no keyscript option, add one.
67
 
    if [ -z "$keyscript" ]; then
68
 
        replace_cryptroot=yes
69
 
        newopts="$newopts,keyscript=$mandos"
70
 
    fi
71
 
    newopts="${newopts#,}"
72
 
    echo "$newopts" >&3
73
 
done < /conf/conf.d/cryptroot
74
 
exec 3>&-
75
 
 
76
 
# If we need to, replace the old cryptroot file with the new file.
77
 
if [ "$replace_cryptroot" = yes ]; then
78
 
    mv /conf/conf.d/cryptroot /conf/conf.d/cryptroot.mandos-old
79
 
    mv /conf/conf.d/cryptroot.mandos /conf/conf.d/cryptroot
80
 
else
81
 
    rm /conf/conf.d/cryptroot.mandos
82
 
fi