/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to initramfs-tools-script

  • Committer: Teddy Hogeborn
  • Date: 2018-02-19 21:32:07 UTC
  • Revision ID: teddy@recompile.se-20180219213207-0un0ylegx390pftq
Client bug fixes: Fix file descriptor leaks

* plugin-helpers/mandos-client.c (init_gnutls_global, get_flags):
  Always close files and sockets after they are used.

Show diffs side-by-side

added added

removed removed

Lines of Context:
10
10
# eventually be "/scripts/init-premount/mandos" in the initrd.img
11
11
# file.
12
12
 
13
 
# No initramfs pre-requirements.
14
13
PREREQ="udev"
15
14
prereqs()
16
15
{
58
57
# Get DEVICE from /conf/initramfs.conf and other files
59
58
. /conf/initramfs.conf
60
59
for conf in /conf/conf.d/*; do
61
 
    [ -f ${conf} ] && . ${conf}
 
60
    [ -f "${conf}" ] && . "${conf}"
62
61
done
63
62
if [ -e /conf/param.conf ]; then
64
63
    . /conf/param.conf
95
94
# If we are connecting directly, run "configure_networking" (from
96
95
# /scripts/functions); it needs IPOPTS and DEVICE
97
96
if [ "${connect+set}" = set ]; then
 
97
    set +e                      # Required by library functions
98
98
    configure_networking
 
99
    set -e
99
100
    if [ -n "$connect" ]; then
100
101
        cat <<-EOF >>/conf/conf.d/mandos/plugin-runner.conf
101
102
        
109
110
 
110
111
# Our keyscript
111
112
mandos=/lib/mandos/plugin-runner
 
113
test -x "$mandos"
112
114
 
113
115
# parse /conf/conf.d/cryptroot.  Format:
114
 
# target=sda2_crypt,source=/dev/sda2,key=none,keyscript=/foo/bar/baz
 
116
# target=sda2_crypt,source=/dev/sda2,rootdev,key=none,keyscript=/foo/bar/baz
 
117
# Is the root device specially marked?
 
118
changeall=yes
 
119
while read -r options; do
 
120
    case "$options" in
 
121
        rootdev,*|*,rootdev,*|*,rootdev)
 
122
            # If the root device is specially marked, don't change all
 
123
            # lines in crypttab by default.
 
124
            changeall=no
 
125
            ;;
 
126
    esac
 
127
done < /conf/conf.d/cryptroot
 
128
 
115
129
exec 3>/conf/conf.d/cryptroot.mandos
116
 
while read options; do
 
130
while read -r options; do
117
131
    newopts=""
 
132
    keyscript=""
 
133
    changethis="$changeall"
118
134
    # Split option line on commas
119
135
    old_ifs="$IFS"
120
136
    IFS="$IFS,"
126
142
                newopts="$newopts,$opt"
127
143
                ;;
128
144
            "") : ;;
 
145
            # Always use Mandos on the root device, if marked
 
146
            rootdev)
 
147
                changethis=yes
 
148
                newopts="$newopts,$opt"
 
149
                ;;
 
150
            # Don't use Mandos on resume device, if marked
 
151
            resumedev)
 
152
                changethis=no
 
153
                newopts="$newopts,$opt"
 
154
                ;;
129
155
            *)
130
156
                newopts="$newopts,$opt"
131
157
                ;;
134
160
    IFS="$old_ifs"
135
161
    unset old_ifs
136
162
    # If there was no keyscript option, add one.
137
 
    if [ -z "$keyscript" ]; then
 
163
    if [ "$changethis" = yes ] && [ -z "$keyscript" ]; then
138
164
        replace_cryptroot=yes
139
165
        newopts="$newopts,keyscript=$mandos"
140
166
    fi