/mandos/trunk : contents of dracut-module/module-setup.sh at revision 1328

: (revision 1328)

To get this branch, use:

bzr branch
http://term.recompile.se/loggerhead/mandos/trunk

#!/bin/sh
#
# This file should be present in the root file system directory
# /usr/lib/dracut/modules.d/90mandos.  When dracut creates the
# initramfs image, dracut will source this file and run the shell
# functions defined in this file: "install", "check", "depends",
# "cmdline", and "installkernel".
# 
# Despite the above #!/bin/sh line and the executable flag, this file
# is not executed; this file is sourced by dracut when creating the
# initramfs image file.

mandos_libdir(){
    for dir in /usr/lib \
	"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
	"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/local/lib; do
	if [ -d "$dir"/mandos ]; then
	    echo "$dir"/mandos
	    return
	fi
    done
    # Mandos not found
    return 1
}

mandos_keydir(){
    for dir in /etc/keys/mandos /etc/mandos/keys; do
	if [ -d "$dir" ]; then
	    echo "$dir"
	    return
	fi
    done
    # Mandos key directory not found
    return 1
}

check(){
    if [ "${hostonly:-no}" = "no" ]; then
	dwarning "Mandos: Dracut not in hostonly mode"
	return 1
    fi

    local libdir=`mandos_libdir`
    if [ -z "$libdir" ]; then
	dwarning "Mandos lib directory not found"
	return 1
    fi

    local keydir=`mandos_keydir`
    if [ -z "$keydir" ]; then
	dwarning "Mandos key directory not found"
	return 1
    fi
}

install(){
    chmod go+w,+t "$initdir"/tmp
    local libdir=`mandos_libdir`
    local keydir=`mandos_keydir`
    set `{ getent passwd _mandos \
	|| getent passwd nobody \
	|| echo ::65534:65534:::; } \
	| cut --delimiter=: --fields=3,4 --only-delimited \
	--output-delimiter=" "`
    local mandos_user="$1"
    local mandos_group="$2"
    inst "${libdir}" /lib/mandos
    if dracut_module_included "systemd"; then
	inst_hook cmdline 20 "$moddir"/cmdline-mandos-systemd.sh
	plugindir=/lib/mandos
	inst "${libdir}/plugins.d/mandos-client" \
	     "${plugindir}/mandos-client"
	chmod u-s "${initdir}/${plugindir}/mandos-client"
	inst "${moddir}/ask-password-mandos.service" \
	     "${systemdsystemunitdir}/ask-password-mandos.service"
	if [ -d /etc/systemd/system/ask-password-mandos.service.d ]; then
	    inst /etc/systemd/system/ask-password-mandos.service.d
	    inst_multiple -o /etc/systemd/system/ask-password-mandos.service.d/*.conf
	fi
	if [ ${mandos_user} != 65534 ]; then
	    sed --in-place \
		--expression="s,^ExecStart=/lib/mandos/password-agent ,&--user=${mandos_user} ," \
		"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"
	fi
	if [ ${mandos_group} != 65534 ]; then
	    sed --in-place \
		--expression="s,^ExecStart=/lib/mandos/password-agent ,&--group=${mandos_group} ," \
		"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"
	fi
    else
	inst_hook cmdline 20 "$moddir"/cmdline-mandos.sh
	plugindir=/lib/mandos/plugins.d
	inst "${libdir}/plugin-runner" /lib/mandos/plugin-runner
	inst /etc/mandos/plugin-runner.conf
	sed --in-place \
	    --expression='1i--options-for=mandos-client:--pubkey=/etc/mandos/keys/pubkey.txt,--seckey=/etc/mandos/keys/seckey.txt,--tls-pubkey=/etc/mandos/keys/tls-pubkey.pem,--tls-privkey=/etc/mandos/keys/tls-privkey.pem' \
	    "${initdir}/etc/mandos/plugin-runner.conf"
	if [ ${mandos_user} != 65534 ]; then
	    sed --in-place --expression="1i--userid=${mandos_user}" \
		"${initdir}/etc/mandos/plugin-runner.conf"
	fi
	if [ ${mandos_group} != 65534 ]; then
	    sed --in-place \
		--expression="1i--groupid=${mandos_group}" \
		"${initdir}/etc/mandos/plugin-runner.conf"
	fi
	inst "${libdir}/plugins.d" "$plugindir"
	chown ${mandos_user}:${mandos_group} "${initdir}/${plugindir}"
	# Copy the packaged plugins
	for file in "$libdir"/plugins.d/*; do
	    base="`basename \"$file\"`"
	    # Is this plugin overridden?
	    if [ -e "/etc/mandos/plugins.d/$base" ]; then
		continue
	    fi
	    case "$base" in
		*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
		    : ;;
		"*") dwarning "Mandos client plugin directory is empty." >&2 ;;
		askpass-fifo) : ;; # Ignore packaged for dracut
		*) inst "${file}" "${plugindir}/${base}" ;;
	    esac
	done
	# Copy any user-supplied plugins
	for file in /etc/mandos/plugins.d/*; do
	    base="`basename \"$file\"`"
	    case "$base" in
		*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
		    : ;;
		"*") : ;;
		*) inst "$file" "${plugindir}/${base}" ;;
	    esac
	done
	# Copy any user-supplied plugin helpers
	for file in /etc/mandos/plugin-helpers/*; do
	    base="`basename \"$file\"`"
	    case "$base" in
		*~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
		    : ;;
		"*") : ;;
		*) inst "$file" "/lib/mandos/plugin-helpers/$base";;
	    esac
	done
    fi
    # Copy network hooks
    for hook in /etc/mandos/network-hooks.d/*; do
	basename=`basename "$hook"`
	case "$basename" in
	    "*") continue ;;
	    *[!A-Za-z0-9_.-]*) continue ;;
	    *) test -d "$hook" || inst "$hook" "/lib/mandos/network-hooks.d/$basename" ;;
	esac
	if [ -x "$hook" ]; then
	    # Copy any files needed by the network hook
	    MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \
		VERBOSITY=0 "$hook" files | while read file target; do
		if [ ! -e "${file}" ]; then
		    dwarning "WARNING: file ${file} not found, requested by Mandos network hook '${basename}'" >&2
		fi
		if [ -z "${target}" ]; then
		    inst "$file"
		else
		    inst "$file" "$target"
		fi
	    done
	fi
    done
    # Copy the packaged plugin helpers
    for file in "$libdir"/plugin-helpers/*; do
	base="`basename \"$file\"`"
	# Is this plugin overridden?
	if [ -e "/etc/mandos/plugin-helpers/$base" ]; then
	    continue
	fi
	case "$base" in
	    *~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
		: ;;
	    "*") : ;;
	    *) inst "$file" "/lib/mandos/plugin-helpers/$base";;
	esac
    done
    local gpg=/usr/bin/gpg
    if [ -e /usr/bin/gpgconf ]; then
	inst /usr/bin/gpgconf
	gpg="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg:[^:]*://p'`"
	gpgagent="`/usr/bin/gpgconf|sed --quiet --expression='s/^gpg-agent:[^:]*://p'`"
	# Newer versions of GnuPG 2 requires the gpg-agent binary
	if [ -e "$gpgagent" ]; then
	    inst "$gpgagent"
	fi
    fi
    inst "$gpg"
    if dracut_module_included "systemd"; then
	inst "${moddir}/password-agent" /lib/mandos/password-agent
	inst "${moddir}/ask-password-mandos.path" \
	     "${systemdsystemunitdir}/ask-password-mandos.path"
	ln_r "${systemdsystemunitdir}/ask-password-mandos.path" \
	     "${systemdsystemunitdir}/sysinit.target.wants/ask-password-mandos.path"
    fi
    # Key files
    for file in "$keydir"/*; do
	if [ -d "$file" ]; then
	    continue
	fi
	case "$file" in
	    *~|.*|\#*\#|*.dpkg-old|*.dpkg-bak|*.dpkg-new|*.dpkg-divert)
		: ;;
	    "*") : ;;
	    *)
		inst "$file" "/etc/mandos/keys/`basename \"$file\"`"
		chown ${mandos_user}:${mandos_group} \
		      "${initdir}/etc/mandos/keys/`basename \"$file\"`"
		if [ `basename "$file"` = dhparams.pem ]; then
		    # Use Diffie-Hellman parameters file
		    if dracut_module_included "systemd"; then
			sed --in-place \
			    --expression='/^ExecStart/s/ \$MANDOS_CLIENT_OPTIONS/ --dh-params=\/etc\/mandos\/keys\/dhparams.pem&/' \
			    "${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"
		    else
			sed --in-place \
			    --expression="1i--options-for=mandos-client:--dh-params=/etc/mandos/keys/dhparams.pem" \
			    "${initdir}/etc/mandos/plugin-runner.conf"
		    fi
		fi
		;;
	esac
    done
}

installkernel(){
    instmods =drivers/net
    hostonly='' instmods ipv6
    # Copy any kernel modules needed by network hooks
    for hook in /etc/mandos/network-hooks.d/*; do
	basename=`basename "$hook"`
	case "$basename" in
	    "*") continue ;;
	    *[!A-Za-z0-9_.-]*) continue ;;
	esac
	if [ -x "$hook" ]; then
	    # Copy and load any modules needed by the network hook
	    MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \
		VERBOSITY=0 "$hook" modules | while read module; do
		if [ -z "${target}" ]; then
		    instmods "$module"
		fi
	    done
	fi
    done
}

depends(){
    echo crypt
}

cmdline(){
    :
}

1127 by Teddy Hogeborn Add dracut(8) support	1	#!/bin/sh
	2	#
	3	# This file should be present in the root file system directory
	4	# /usr/lib/dracut/modules.d/90mandos. When dracut creates the
	5	# initramfs image, dracut will source this file and run the shell
	6	# functions defined in this file: "install", "check", "depends",
	7	# "cmdline", and "installkernel".
	8	#
	9	# Despite the above #!/bin/sh line and the executable flag, this file
	10	# is not executed; this file is sourced by dracut when creating the
	11	# initramfs image file.
	12
	13	mandos_libdir(){
	14	for dir in /usr/lib \
	15	"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
	16	"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/local/lib; do
	17	if [ -d "$dir"/mandos ]; then
	18	echo "$dir"/mandos
	19	return
	20	fi
	21	done
	22	# Mandos not found
	23	return 1
	24	}
	25
	26	mandos_keydir(){
	27	for dir in /etc/keys/mandos /etc/mandos/keys; do
	28	if [ -d "$dir" ]; then
	29	echo "$dir"
	30	return
	31	fi
	32	done
	33	# Mandos key directory not found
	34	return 1
	35	}
	36
	37	check(){
	38	if [ "${hostonly:-no}" = "no" ]; then
	39	dwarning "Mandos: Dracut not in hostonly mode"
	40	return 1
	41	fi
	42
	43	local libdir=`mandos_libdir`
	44	if [ -z "$libdir" ]; then
	45	dwarning "Mandos lib directory not found"
	46	return 1
	47	fi
	48
	49	local keydir=`mandos_keydir`
	50	if [ -z "$keydir" ]; then
	51	dwarning "Mandos key directory not found"
	52	return 1
	53	fi
	54	}
	55
	56	install(){
	57	chmod go+w,+t "$initdir"/tmp
	58	local libdir=`mandos_libdir`
	59	local keydir=`mandos_keydir`
	60	set `{ getent passwd _mandos \
	61	\|\| getent passwd nobody \
	62	\|\| echo ::65534:65534:::; } \
	63	\| cut --delimiter=: --fields=3,4 --only-delimited \
	64	--output-delimiter=" "`
65	local mandos_user="$1"
66	local mandos_group="$2"
67	inst "${libdir}" /lib/mandos
68	if dracut_module_included "systemd"; then
1326 by Teddy Hogeborn Fix kernel command line option "mandos=connect:<ip>:<port>" with dracut	69	inst_hook cmdline 20 "$moddir"/cmdline-mandos-systemd.sh
1127 by Teddy Hogeborn Add dracut(8) support	70	plugindir=/lib/mandos
	71	inst "${libdir}/plugins.d/mandos-client" \
	72	"${plugindir}/mandos-client"
	73	chmod u-s "${initdir}/${plugindir}/mandos-client"
	74	inst "${moddir}/ask-password-mandos.service" \
	75	"${systemdsystemunitdir}/ask-password-mandos.service"
1201 by teddy at recompile Allow users to alter ask-password-mandos.service	76	if [ -d /etc/systemd/system/ask-password-mandos.service.d ]; then
	77	inst /etc/systemd/system/ask-password-mandos.service.d
	78	inst_multiple -o /etc/systemd/system/ask-password-mandos.service.d/*.conf
	79	fi
1127 by Teddy Hogeborn Add dracut(8) support	80	if [ ${mandos_user} != 65534 ]; then
	81	sed --in-place \
	82	--expression="s,^ExecStart=/lib/mandos/password-agent ,&--user=${mandos_user} ," \
	83	"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"
	84	fi
	85	if [ ${mandos_group} != 65534 ]; then
	86	sed --in-place \
	87	--expression="s,^ExecStart=/lib/mandos/password-agent ,&--group=${mandos_group} ," \
	88	"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"
	89	fi
	90	else
	91	inst_hook cmdline 20 "$moddir"/cmdline-mandos.sh
	92	plugindir=/lib/mandos/plugins.d
	93	inst "${libdir}/plugin-runner" /lib/mandos/plugin-runner
	94	inst /etc/mandos/plugin-runner.conf
	95	sed --in-place \
	96	--expression='1i--options-for=mandos-client:--pubkey=/etc/mandos/keys/pubkey.txt,--seckey=/etc/mandos/keys/seckey.txt,--tls-pubkey=/etc/mandos/keys/tls-pubkey.pem,--tls-privkey=/etc/mandos/keys/tls-privkey.pem' \
	97	"${initdir}/etc/mandos/plugin-runner.conf"
	98	if [ ${mandos_user} != 65534 ]; then
	99	sed --in-place --expression="1i--userid=${mandos_user}" \
	100	"${initdir}/etc/mandos/plugin-runner.conf"
	101	fi
	102	if [ ${mandos_group} != 65534 ]; then
	103	sed --in-place \
	104	--expression="1i--groupid=${mandos_group}" \
	105	"${initdir}/etc/mandos/plugin-runner.conf"
	106	fi
	107	inst "${libdir}/plugins.d" "$plugindir"
	108	chown ${mandos_user}:${mandos_group} "${initdir}/${plugindir}"
	109	# Copy the packaged plugins
	110	for file in "$libdir"/plugins.d/*; do
	111	base="`basename \"$file\"`"
	112	# Is this plugin overridden?
	113	if [ -e "/etc/mandos/plugins.d/$base" ]; then
	114	continue
	115	fi
	116	case "$base" in
	117	~\|.\|\#\#\|.dpkg-old\|.dpkg-bak\|.dpkg-new\|*.dpkg-divert)
	118	: ;;
	119	"*") dwarning "Mandos client plugin directory is empty." >&2 ;;
	120	askpass-fifo) : ;; # Ignore packaged for dracut
	121	*) inst "${file}" "${plugindir}/${base}" ;;
	122	esac
	123	done
	124	# Copy any user-supplied plugins
	125	for file in /etc/mandos/plugins.d/*; do
	126	base="`basename \"$file\"`"
	127	case "$base" in
	128	~\|.\|\#\#\|.dpkg-old\|.dpkg-bak\|.dpkg-new\|*.dpkg-divert)
	129	: ;;
	130	"*") : ;;
	131	*) inst "$file" "${plugindir}/${base}" ;;
	132	esac
	133	done
	134	# Copy any user-supplied plugin helpers
	135	for file in /etc/mandos/plugin-helpers/*; do
	136	base="`basename \"$file\"`"
	137	case "$base" in
	138	~\|.\|\#\#\|.dpkg-old\|.dpkg-bak\|.dpkg-new\|*.dpkg-divert)
	139	: ;;
	140	"*") : ;;
	141	*) inst "$file" "/lib/mandos/plugin-helpers/$base";;
	142	esac
	143	done
144	fi
145	# Copy network hooks
146	for hook in /etc/mandos/network-hooks.d/*; do
147	basename=`basename "$hook"`
148	case "$basename" in
149	"*") continue ;;
150	[!A-Za-z0-9_.-]) continue ;;
151	*) test -d "$hook" \|\| inst "$hook" "/lib/mandos/network-hooks.d/$basename" ;;
152	esac
153	if [ -x "$hook" ]; then
154	# Copy any files needed by the network hook
155	MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=files \
156	VERBOSITY=0 "$hook" files \| while read file target; do
157	if [ ! -e "${file}" ]; then
158	dwarning "WARNING: file ${file} not found, requested by Mandos network hook '${basename}'" >&2
159	fi
160	if [ -z "${target}" ]; then
161	inst "$file"
162	else
163	inst "$file" "$target"
164	fi
165	done
166	fi
167	done
168	# Copy the packaged plugin helpers
169	for file in "$libdir"/plugin-helpers/*; do
170	base="`basename \"$file\"`"
171	# Is this plugin overridden?
172	if [ -e "/etc/mandos/plugin-helpers/$base" ]; then
173	continue
174	fi
175	case "$base" in
176	~\|.\|\#\#\|.dpkg-old\|.dpkg-bak\|.dpkg-new\|*.dpkg-divert)
177	: ;;
178	"*") : ;;
179	*) inst "$file" "/lib/mandos/plugin-helpers/$base";;
180	esac
181	done
182	local gpg=/usr/bin/gpg
183	if [ -e /usr/bin/gpgconf ]; then
184	inst /usr/bin/gpgconf
185	gpg="`/usr/bin/gpgconf\|sed --quiet --expression='s/^gpg:[^:]*://p'`"
186	gpgagent="`/usr/bin/gpgconf\|sed --quiet --expression='s/^gpg-agent:[^:]*://p'`"
187	# Newer versions of GnuPG 2 requires the gpg-agent binary
188	if [ -e "$gpgagent" ]; then
189	inst "$gpgagent"
190	fi
191	fi
192	inst "$gpg"
193	if dracut_module_included "systemd"; then
194	inst "${moddir}/password-agent" /lib/mandos/password-agent
195	inst "${moddir}/ask-password-mandos.path" \
196	"${systemdsystemunitdir}/ask-password-mandos.path"
197	ln_r "${systemdsystemunitdir}/ask-password-mandos.path" \
198	"${systemdsystemunitdir}/sysinit.target.wants/ask-password-mandos.path"
199	fi
200	# Key files
201	for file in "$keydir"/*; do
202	if [ -d "$file" ]; then
203	continue
204	fi
205	case "$file" in
206	~\|.\|\#\#\|.dpkg-old\|.dpkg-bak\|.dpkg-new\|*.dpkg-divert)
207	: ;;
208	"*") : ;;
209	*)
210	inst "$file" "/etc/mandos/keys/`basename \"$file\"`"
211	chown ${mandos_user}:${mandos_group} \
212	"${initdir}/etc/mandos/keys/`basename \"$file\"`"
213	if [ `basename "$file"` = dhparams.pem ]; then
214	# Use Diffie-Hellman parameters file
215	if dracut_module_included "systemd"; then
216	sed --in-place \
1201 by teddy at recompile Allow users to alter ask-password-mandos.service	217	--expression='/^ExecStart/s/ \$MANDOS_CLIENT_OPTIONS/ --dh-params=\/etc\/mandos\/keys\/dhparams.pem&/' \
1127 by Teddy Hogeborn Add dracut(8) support	218	"${initdir}/${systemdsystemunitdir}/ask-password-mandos.service"
	219	else
	220	sed --in-place \
	221	--expression="1i--options-for=mandos-client:--dh-params=/etc/mandos/keys/dhparams.pem" \
	222	"${initdir}/etc/mandos/plugin-runner.conf"
	223	fi
	224	fi
	225	;;
	226	esac
	227	done
	228	}
	229
	230	installkernel(){
	231	instmods =drivers/net
	232	hostonly='' instmods ipv6
	233	# Copy any kernel modules needed by network hooks
	234	for hook in /etc/mandos/network-hooks.d/*; do
	235	basename=`basename "$hook"`
	236	case "$basename" in
	237	"*") continue ;;
	238	[!A-Za-z0-9_.-]) continue ;;
	239	esac
	240	if [ -x "$hook" ]; then
	241	# Copy and load any modules needed by the network hook
	242	MANDOSNETHOOKDIR=/etc/mandos/network-hooks.d MODE=modules \
	243	VERBOSITY=0 "$hook" modules \| while read module; do
	244	if [ -z "${target}" ]; then
	245	instmods "$module"
	246	fi
	247	done
	248	fi
	249	done
	250	}
	251
	252	depends(){
	253	echo crypt
	254	}
	255
	256	cmdline(){
	257	:
	258	}