/mandos/trunk : revision 1131

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to dracut-module/module-setup.sh

Committer: Teddy Hogeborn
Date: 2019-07-29 16:35:53 UTC
Revision ID: teddy@recompile.se-20190729163553-1i442i2cbx64c537

Make tests and man page examples match

Make the tests test_manual_page_example[1-5] match exactly what is
written in the manual page, and add comments to manual page as
reminders to keep tests and manual page examples in sync.

* mandos-ctl (Test_commands_from_options.test_manual_page_example_1):
  Remove "--verbose" option, since the manual does not have it as the
  first example, and change assertion to match.
* mandos-ctl.xml (EXAMPLE): Add comments to all examples documenting
  which test function they correspond to.  Also remove unnecessary
  quotes from option arguments in fourth example, and clarify language
  slightly in fifth example.

files added:
debian/po/POTFILES.in

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf-hook

files modified:
.bzrignore

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.templates

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/rules

debian/watch

initramfs-unpack

intro.xml

mandos

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

dracut-module/module-setup.sh

#!/bin/sh

# This file should be present in the root file system directory

# /usr/lib/dracut/modules.d/90mandos. When dracut creates the

# initramfs image, dracut will source this file and run the shell

# functions defined in this file: "install", "check", "depends",

# "cmdline", and "installkernel".

# Despite the above #!/bin/sh line and the executable flag, this file

# is not executed; this file is sourced by dracut when creating the

# initramfs image file.

mandos_libdir(){

for dir in /usr/lib \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/local/lib; do

if [ -d "$dir"/mandos ]; then

echo "$dir"/mandos

return

done

# Mandos not found

return 1

}

mandos_keydir(){

for dir in /etc/keys/mandos /etc/mandos/keys; do

if [ -d "$dir" ]; then

echo "$dir"

return

done

# Mandos key directory not found

return 1

}

check(){

if [ "${hostonly:-no}" = "no" ]; then

dwarning "Mandos: Dracut not in hostonly mode"

return 1

local libdir=`mandos_libdir`

if [ -z "$libdir" ]; then

dwarning "Mandos lib directory not found"

return 1

local keydir=`mandos_keydir`

if [ -z "$keydir" ]; then

dwarning "Mandos key directory not found"

return 1

}

install(){

chmod go+w,+t "$initdir"/tmp

local libdir=`mandos_libdir`

local keydir=`mandos_keydir`

set `{ getent passwd _mandos \

|| getent passwd nobody \

|| echo ::65534:65534:::; } \

| cut --delimiter=: --fields=3,4 --only-delimited \

--output-delimiter=" "`

local mandos_user="$1"

local mandos_group="$2"

inst "${libdir}" /lib/mandos

if dracut_module_included "systemd"; then

plugindir=/lib/mandos

inst "${libdir}/plugins.d/mandos-client" \

"${plugindir}/mandos-client"

chmod u-s "${initdir}/${plugindir}/mandos-client"

inst "${moddir}/ask-password-mandos.service" \

"${systemdsystemunitdir}/ask-password-mandos.service"

if [ ${mandos_user} != 65534 ]; then

sed --in-place \

--expression="s,^ExecStart=/lib/mandos/password-agent ,&--user=${mandos_user} ," \

"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"

if [ ${mandos_group} != 65534 ]; then

sed --in-place \

--expression="s,^ExecStart=/lib/mandos/password-agent ,&--group=${mandos_group} ," \

"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"

else

inst_hook cmdline 20 "$moddir"/cmdline-mandos.sh

plugindir=/lib/mandos/plugins.d

inst "${libdir}/plugin-runner" /lib/mandos/plugin-runner

inst /etc/mandos/plugin-runner.conf

sed --in-place \

--expression='1i--options-for=mandos-client:--pubkey=/etc/mandos/keys/pubkey.txt,--seckey=/etc/mandos/keys/seckey.txt,--tls-pubkey=/etc/mandos/keys/tls-pubkey.pem,--tls-privkey=/etc/mandos/keys/tls-privkey.pem' \

"${initdir}/etc/mandos/plugin-runner.conf"

if [ ${mandos_user} != 65534 ]; then

sed --in-place --expression="1i--userid=${mandos_user}" \

"${initdir}/etc/mandos/plugin-runner.conf"

if [ ${mandos_group} != 65534 ]; then

sed --in-place \

--expression="1i--groupid=${mandos_group}" \

100

"${initdir}/etc/mandos/plugin-runner.conf"

101

102

inst "${libdir}/plugins.d" "$plugindir"

103

chown ${mandos_user}:${mandos_group} "${initdir}/${plugindir}"

104

# Copy the packaged plugins

105

for file in "$libdir"/plugins.d/*; do

106

base="`basename \"$file\"`"

107

# Is this plugin overridden?

108

if [ -e "/etc/mandos/plugins.d/$base" ]; then

109

continue

110

111

case "$base" in

112

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

113

: ;;

114

"*") dwarning "Mandos client plugin directory is empty." >&2 ;;

115

askpass-fifo) : ;; # Ignore packaged for dracut

116

*) inst "${file}" "${plugindir}/${base}" ;;

117

esac

118

done

119

# Copy any user-supplied plugins

120

for file in /etc/mandos/plugins.d/*; do

121

base="`basename \"$file\"`"

122

case "$base" in

123

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

124

: ;;

125

"*") : ;;

126

*) inst "$file" "${plugindir}/${base}" ;;

127

esac

128

done

129

# Copy any user-supplied plugin helpers

130

for file in /etc/mandos/plugin-helpers/*; do

131

base="`basename \"$file\"`"

132

case "$base" in

133

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

134

: ;;

135

"*") : ;;

136

*) inst "$file" "/lib/mandos/plugin-helpers/$base";;

137

esac

138

done

139

140

# Copy network hooks

141

for hook in /etc/mandos/network-hooks.d/*; do

142

basename=`basename "$hook"`

143

case "$basename" in

144

"*") continue ;;

145

*[!A-Za-z0-9_.-]*) continue ;;

146

*) test -d "$hook" || inst "$hook" "/lib/mandos/network-hooks.d/$basename" ;;

147

esac

148

if [ -x "$hook" ]; then

149

# Copy any files needed by the network hook

150

MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \

151

VERBOSITY=0 "$hook" files | while read file target; do

152

if [ ! -e "${file}" ]; then

153

dwarning "WARNING: file ${file} not found, requested by Mandos network hook '${basename}'" >&2

154

155

if [ -z "${target}" ]; then

156

inst "$file"

157

else

158

inst "$file" "$target"

159

160

done

161

162

done

163

# Copy the packaged plugin helpers

164

for file in "$libdir"/plugin-helpers/*; do

165

base="`basename \"$file\"`"

166

# Is this plugin overridden?

167

if [ -e "/etc/mandos/plugin-helpers/$base" ]; then

168

continue

169

170

case "$base" in

171

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

172

: ;;

173

"*") : ;;

174

*) inst "$file" "/lib/mandos/plugin-helpers/$base";;

175

esac

176

done

177

local gpg=/usr/bin/gpg

178

if [ -e /usr/bin/gpgconf ]; then

179

inst /usr/bin/gpgconf

180

gpg="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg:[^:]*://p'`"

181

gpgagent="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg-agent:[^:]*://p'`"

182

# Newer versions of GnuPG 2 requires the gpg-agent binary

183

if [ -e "$gpgagent" ]; then

184

inst "$gpgagent"

185

186

187

inst "$gpg"

188

if dracut_module_included "systemd"; then

189

inst "${moddir}/password-agent" /lib/mandos/password-agent

190

inst "${moddir}/ask-password-mandos.path" \

191

"${systemdsystemunitdir}/ask-password-mandos.path"

192

ln_r "${systemdsystemunitdir}/ask-password-mandos.path" \

193

"${systemdsystemunitdir}/sysinit.target.wants/ask-password-mandos.path"

194

195

# Key files

196

for file in "$keydir"/*; do

197

if [ -d "$file" ]; then

198

continue

199

200

case "$file" in

201

*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)

202

: ;;

203

"*") : ;;

204

205

inst "$file" "/etc/mandos/keys/`basename \"$file\"`"

206

chown ${mandos_user}:${mandos_group} \

207

"${initdir}/etc/mandos/keys/`basename \"$file\"`"

208

if [ `basename "$file"` = dhparams.pem ]; then

209

# Use Diffie-Hellman parameters file

210

if dracut_module_included "systemd"; then

211

sed --in-place \

212

--expression='/^ExecStart/s/$/ --dh-params=\/etc\/mandos\/keys\/dhparams.pem/' \

213

"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"

214

else

215

sed --in-place \

216

--expression="1i--options-for=mandos-client:--dh-params=/etc/mandos/keys/dhparams.pem" \

217

"${initdir}/etc/mandos/plugin-runner.conf"

218

219

220

;;

221

esac

222

done

223

}

224

225

installkernel(){

226

instmods =drivers/net

227

hostonly='' instmods ipv6

228

# Copy any kernel modules needed by network hooks

229

for hook in /etc/mandos/network-hooks.d/*; do

230

basename=`basename "$hook"`

231

case "$basename" in

232

"*") continue ;;

233

*[!A-Za-z0-9_.-]*) continue ;;

234

esac

235

if [ -x "$hook" ]; then

236

# Copy and load any modules needed by the network hook

237

MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \

238

VERBOSITY=0 "$hook" modules | while read module; do

239

if [ -z "${target}" ]; then

240

instmods "$module"

241

242

done

243

244

done

245

}

246

247

depends(){

248

echo crypt

249

}

250

251

cmdline(){

252

253

}

Older »