22
22
# Update the initial RAM file system image
25
if command -v update-initramfs >/dev/null; then
26
update-initramfs -k all -u
27
elif command -v dracut >/dev/null; then
28
dracut_version="`dpkg-query --showformat='${Version}' --show dracut`"
29
if dpkg --compare-versions "$dracut_version" lt 043-1 \
30
&& bash -c '. /etc/dracut.conf; . /etc/dracut.conf.d/*; [ "$hostonly" != yes ]'; then
31
echo 'Dracut is not configured to use hostonly mode!' >&2
34
# Logic taken from dracut.postinst
35
for kernel in /boot/vmlinu[xz]-*; do
36
kversion="${kernel#/boot/vmlinu[xz]-}"
37
# Dracut preserves old permissions of initramfs image
38
# files, so we adjust permissions before creating new
39
# initramfs image containing secret keys.
40
if [ -e /boot/initrd.img-"$kversion" ]; then
41
chmod go-r /boot/initrd.img-"$kversion"
43
# An initrd image has not yet been created for this
44
# kernel, possibly because this new kernel is about to
45
# be, but has not yet been, installed. In this case,
46
# we create an empty file with the right permissions
47
# so that Dracut will preserve those permissions when
48
# it creates the real, new initrd image for this
50
install --mode=u=rw /dev/null \
51
/boot/initrd.img-"$kversion"
53
if [ "$kversion" != "*" ]; then
54
/etc/kernel/postinst.d/dracut "$kversion"
25
update-initramfs -u -k all
59
27
if dpkg --compare-versions "$2" lt-nl "1.0.10-1"; then
60
28
# Make old initrd.img files unreadable too, in case they were
103
71
--load-privkey=/etc/keys/mandos/tls-privkey.pem \
104
72
--outfile=/dev/null --pubkey-info --no-text \
106
shred --remove -- /etc/keys/mandos/tls-privkey.pem \
108
rm --force -- /etc/keys/mandos/tls-pubkey.pem
74
shred --remove -- /etc/keys/mandos/tls-privkey.pem
75
rm -- /etc/keys/mandos/tls-pubkey.pem
126
93
local umask=$(umask)
128
95
cp --archive "$TLS_PRIVKEYTMP" /etc/keys/mandos/tls-privkey.pem
129
shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :
96
shred --remove -- "$TLS_PRIVKEYTMP"
131
98
# First try certtool from GnuTLS
132
99
if ! certtool --password='' \