/mandos/trunk : revision 541

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-hook

Committer: Teddy Hogeborn
Date: 2011-12-31 20:07:11 UTC
mfrom: (535.1.9 wireless-network-hook)
Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r

Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

mandos-to-cryptroot-unlock

mandos.service

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

initramfs-tools-hook

# This script will be run by 'mkinitramfs' when it creates the image.

# Its job is to decide which files to install, then install them into

# the staging area, where the initramfs is being created. This

# happens when a new 'linux-image' package is installed, or when an

# happens when a new 'linux-image' package is installed, or when the

# administrator runs 'update-initramfs' by hand to update an initramfs

# image.

. /usr/share/initramfs-tools/hook-functions

for d in /usr/lib \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/local/lib; do

if [ -d "$d"/mandos ]; then

libdir="$d"

for d in /usr /usr/local; do

if [ -d "$d"/lib/mandos ]; then

prefix="$d"

break

done

if [ -z "$libdir" ]; then

if [ -z "$prefix" ]; then

# Mandos not found

exit 1

CONFDIR="/conf/conf.d/mandos"

MANDOSDIR="/lib/mandos"

PLUGINDIR="${MANDOSDIR}/plugins.d"

PLUGINHELPERDIR="${MANDOSDIR}/plugin-helpers"

HOOKDIR="${MANDOSDIR}/network-hooks.d"

# Make directories

install --directory --mode=u=rwx,go=rx "${DESTDIR}${CONFDIR}" \

"${DESTDIR}${MANDOSDIR}" "${DESTDIR}${HOOKDIR}"

install --owner=${mandos_user} --group=${mandos_group} --directory \

--mode=u=rwx "${DESTDIR}${PLUGINDIR}" \

"${DESTDIR}${PLUGINHELPERDIR}"

copy_exec "$libdir"/mandos/mandos-to-cryptroot-unlock "${MANDOSDIR}"

--mode=u=rwx "${DESTDIR}${PLUGINDIR}"

# Copy the Mandos plugin runner

copy_exec "$libdir"/mandos/plugin-runner "${MANDOSDIR}"

copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}"

# Copy the plugins

# Copy the packaged plugins

for file in "$libdir"/mandos/plugins.d/*; do

for file in "$prefix"/lib/mandos/plugins.d/*; do

base="`basename \"$file\"`"

# Is this plugin overridden?

if [ -e "/etc/mandos/plugins.d/$base" ]; then

102

esac

103

done

104

105

# Copy the packaged plugin helpers

106

for file in "$libdir"/mandos/plugin-helpers/*; do

107

base="`basename \"$file\"`"

108

# Is this plugin overridden?

109

if [ -e "/etc/mandos/plugin-helpers/$base" ]; then

110

continue

111

112

case "$base" in

113

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

114

: ;;

115

"*") : ;;

116

*) copy_exec "$file" "${PLUGINHELPERDIR}" ;;

117

esac

118

done

119

120

# Copy any user-supplied plugins

121

100

for file in /etc/mandos/plugins.d/*; do

122

101

base="`basename \"$file\"`"

128

107

esac

129

108

done

130

109

131

# Copy any user-supplied plugin helpers

132

for file in /etc/mandos/plugin-helpers/*; do

133

base="`basename \"$file\"`"

134

case "$base" in

135

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

136

: ;;

137

"*") : ;;

138

*) copy_exec "$file" "${PLUGINHELPERDIR}" ;;

139

esac

140

done

141

142

110

# Get DEVICE from initramfs.conf and other files

143

111

. /etc/initramfs-tools/initramfs.conf

144

112

for conf in /etc/initramfs-tools/conf.d/*; do

145

113

if [ -n `basename \"$conf\" | grep '^[[:alnum:]][[:alnum:]\._-]*$' \

146

114

| grep -v '\.dpkg-.*$'` ]; then

147

[ -f "${conf}" ] && . "${conf}"

115

[ -f ${conf} ] && . ${conf}

148

116

149

117

done

150

118

export DEVICE

159

127

if [ -x "$hook" ]; then

160

128

# Copy any files needed by the network hook

161

129

MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \

162

VERBOSITY=0 "$hook" files | while read -r file target; do

130

VERBOSITY=0 "$hook" files | while read file target; do

163

131

if [ ! -e "${file}" ]; then

164

132

echo "WARNING: file ${file} not found, requested by Mandos network hook '${hook##*/}'" >&2

165

133

171

139

done

172

140

# Copy and load any modules needed by the network hook

173

141

MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \

174

VERBOSITY=0 "$hook" modules | while read -r module; do

175

force_load "$module"

142

VERBOSITY=0 "$hook" modules | while read module; do

143

if [ -z "${target}" ]; then

144

force_load "$module"

145

176

146

done

177

147

178

148

done

179

149

180

# GPGME needs GnuPG

181

gpg=/usr/bin/gpg

182

libgpgme11_version="`dpkg-query --showformat='${Version}' --show libgpgme11`"

183

if dpkg --compare-versions "$libgpgme11_version" ge 1.5.0-0.1; then

184

if [ -e /usr/bin/gpgconf ]; then

185

if [ ! -e "${DESTDIR}/usr/bin/gpgconf" ]; then

186

copy_exec /usr/bin/gpgconf

187

188

gpg="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg:[^:]*://p'`"

189

gpgagent="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg-agent:[^:]*://p'`"

190

# Newer versions of GnuPG 2 requires the gpg-agent binary

191

if [ -e "$gpgagent" ] && [ ! -e "${DESTDIR}$gpgagent" ]; then

192

copy_exec "$gpgagent"

193

194

195

elif dpkg --compare-versions "$libgpgme11_version" ge 1.4.1-0.1; then

196

gpg=/usr/bin/gpg2

197

198

if [ ! -e "${DESTDIR}$gpg" ]; then

199

copy_exec "$gpg"

200

201

unset gpg

202

unset libgpgme11_version

150

# GPGME needs /usr/bin/gpg

151

if [ ! -e "${DESTDIR}/usr/bin/gpg" \

152

-a -n "`ls \"${DESTDIR}\"/usr/lib/libgpgme.so* \

153

2>/dev/null`" ]; then

154

copy_exec /usr/bin/gpg

155

203

156

204

157

# Config files

205

158

for file in /etc/mandos/plugin-runner.conf; do

224

177

if [ -d "$file" ]; then

225

178

continue

226

179

227

case "$file" in

228

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

229

: ;;

230

"*") : ;;

231

232

cp --archive --sparse=always "$file" \

233

"${DESTDIR}${CONFDIR}"

234

chown ${mandos_user}:${mandos_group} \

235

"${DESTDIR}${CONFDIR}/`basename \"$file\"`"

236

;;

237

esac

180

cp --archive --sparse=always "$file" "${DESTDIR}${CONFDIR}"

181

chown ${mandos_user}:${mandos_group} \

182

"${DESTDIR}${CONFDIR}/`basename \"$file\"`"

238

183

done

239

# Use Diffie-Hellman parameters file if available

240

if [ -e "${DESTDIR}${CONFDIR}"/dhparams.pem ]; then

241

sed --in-place \

242

--expression="1i--options-for=mandos-client:--dh-params=${CONFDIR}/dhparams.pem" \

243

"${DESTDIR}/${CONFDIR}/plugin-runner.conf"

244

245

184

246

185

# /lib/mandos/plugin-runner will drop priviliges, but needs access to

247

186

# its plugin directory and its config file. However, since almost all

252

191

# initrd; it is intended to affect the initrd.img file itself, since

253

192

# it now contains secret key files. There is, however, no other way

254

193

# to set the permission of the initrd.img file without a race

255

# condition. This umask is set by "initramfs-tools-conf", installed

256

# as "/usr/share/initramfs-tools/conf.d/mandos-conf".)

194

# condition. This umask is set by "initramfs-tools-hook-conf",

195

# installed as "/usr/share/initramfs-tools/conf-hooks.d/mandos".)

257

196

258

197

for full in "${MANDOSDIR}" "${CONFDIR}"; do

259

198

while [ "$full" != "/" ]; do

271

210

done

272

211

for dir in "${DESTDIR}"/lib* "${DESTDIR}"/usr/lib*; do

273

212

if [ -d "$dir" ]; then

274

find "$dir" \! -perm -u+rw,g+r -prune -or \! -type l -print0 \

275

| xargs --null --no-run-if-empty chmod a+rX --

213

find "$dir" \! -perm -u+rw,g+r -prune -or -print0 \

214

| xargs --null --no-run-if-empty chmod a+rX

276

215

277

216

done

Older »