|
|
|
@ -110,8 +110,9 @@ function create_config()
|
|
|
|
|
# Parameter: device
|
|
|
|
|
{
|
|
|
|
|
local device=$1
|
|
|
|
|
unload_config
|
|
|
|
|
# create the new configuration filesystem if it is not static
|
|
|
|
|
if is_config_active || [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
|
|
|
|
if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
|
|
|
|
then log_msg "Using static configuration ..."
|
|
|
|
|
else log_msg "Creating config filesystem ..."
|
|
|
|
|
sudo "$ROOT_PERM_SCRIPT" create_config "$device"
|
|
|
|
@ -163,17 +164,9 @@ function list_partitions_of_type()
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
case "$1" in
|
|
|
|
|
config )
|
|
|
|
|
echo "$config"
|
|
|
|
|
;;
|
|
|
|
|
crypto )
|
|
|
|
|
echo "$crypto"
|
|
|
|
|
;;
|
|
|
|
|
plaindata )
|
|
|
|
|
echo "$plaindata"
|
|
|
|
|
;;
|
|
|
|
|
unused )
|
|
|
|
|
echo "$unused"
|
|
|
|
|
config | crypto | plaindata | unused )
|
|
|
|
|
# dirty hack, but it works
|
|
|
|
|
eval "echo \$$1"
|
|
|
|
|
;;
|
|
|
|
|
* )
|
|
|
|
|
errot_msg "wrong parameter ($1) for list_partition_types in $(basename $0)"
|
|
|
|
@ -303,27 +296,30 @@ function get_available_disks()
|
|
|
|
|
|
|
|
|
|
function load_config()
|
|
|
|
|
{
|
|
|
|
|
# error if dynamic configuration is active
|
|
|
|
|
# return if static configuration is active
|
|
|
|
|
is_config_active && [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ] && return
|
|
|
|
|
unload_config
|
|
|
|
|
local status=0
|
|
|
|
|
# look for a configuration partition
|
|
|
|
|
list_partitions_of_type config | head -1 | while read part
|
|
|
|
|
do log_msg "Trying to load configuration from /dev/$part ..."
|
|
|
|
|
if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
|
|
|
|
then log_msg "configuraton found on $part"
|
|
|
|
|
sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
|
|
|
|
# copy certificate to /tmp in case of re-initialization
|
|
|
|
|
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
|
|
|
|
[ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
log_msg "failed to locate config partition"
|
|
|
|
|
return 1
|
|
|
|
|
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
|
|
|
|
|
list_partitions_of_type config | while read part && [ "$status" = 0 ]
|
|
|
|
|
do log_msg "Trying to load configuration from /dev/$part ..."
|
|
|
|
|
if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
|
|
|
|
then log_msg "configuraton found on $part"
|
|
|
|
|
sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
|
|
|
|
status=1
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
if is_config_active
|
|
|
|
|
then # copy certificate to /tmp in case of re-initialization
|
|
|
|
|
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
|
|
|
|
[ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
|
|
|
|
|
else log_msg "failed to locate config partition"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function umount_config()
|
|
|
|
|
function unload_config()
|
|
|
|
|
{
|
|
|
|
|
is_config_active || return
|
|
|
|
|
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
|
|
|
@ -362,7 +358,7 @@ function box_purge()
|
|
|
|
|
# TODO: not ALL harddisks, please!
|
|
|
|
|
get_available_disks | while read a
|
|
|
|
|
do log_msg "Purging $a ..."
|
|
|
|
|
sudo "$ROOT_PERM_SCRIPT" trash_device "$a" >>"$LOG_FILE" 2>&1
|
|
|
|
|
sudo "$ROOT_PERM_SCRIPT" trash_device "$a"
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -373,7 +369,7 @@ function init_cryptobox()
|
|
|
|
|
local device=$(find_harddisk)
|
|
|
|
|
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
|
|
|
|
turn_off_all_crypto
|
|
|
|
|
is_config_active && umount_config || true
|
|
|
|
|
unload_config || true
|
|
|
|
|
log_msg "Partitioning the device ($device) ..."
|
|
|
|
|
sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
|
|
|
|
log_msg "Initializing config partition on ${device}1 ..."
|
|
|
|
@ -407,13 +403,10 @@ case "$ACTION" in
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
config-down )
|
|
|
|
|
if is_config_active && [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
|
|
|
|
|
then umount_config || error_msg 4 "Could not unmount configuration partition"
|
|
|
|
|
else true
|
|
|
|
|
fi
|
|
|
|
|
unload_config || error_msg 4 "Could not unmount configuration partition"
|
|
|
|
|
;;
|
|
|
|
|
network-up )
|
|
|
|
|
if [ "$SKIP_NETWORK_CONFIG}" != 1 ]
|
|
|
|
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
|
|
|
|
then conf_ip=$(config_get_value "ip")
|
|
|
|
|
log_msg "Configuring $NET_IFACE for $conf_ip ..."
|
|
|
|
|
echo "Configuring network interface for $NET_IFACE: $conf_ip"
|
|
|
|
@ -445,7 +438,8 @@ case "$ACTION" in
|
|
|
|
|
fi
|
|
|
|
|
if [ "$USE_STUNNEL" = 1 ]
|
|
|
|
|
then log_msg "Stopping stunnel ..."
|
|
|
|
|
killall stunnel
|
|
|
|
|
# TODO: what about a pid?
|
|
|
|
|
killall stunnel 2>/dev/null || true
|
|
|
|
|
fi
|
|
|
|
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
|
|
|
|
then log_msg "Shutting the network interface down ..."
|
|
|
|
@ -455,12 +449,17 @@ case "$ACTION" in
|
|
|
|
|
services-up )
|
|
|
|
|
# the mount point has to be writeable
|
|
|
|
|
# this action is called as root - so we are allowed to umount
|
|
|
|
|
mount -t tmpfs tmpfs "$MNT_PARENT"
|
|
|
|
|
# is something special necessary?
|
|
|
|
|
# TODO: do this only for ro-filesystem
|
|
|
|
|
# TODO: this way of mounting is evil
|
|
|
|
|
if mountpoint -q "$MNT_PARENT"
|
|
|
|
|
then true
|
|
|
|
|
else mount -t tmpfs tmpfs "$MNT_PARENT"
|
|
|
|
|
fi
|
|
|
|
|
true
|
|
|
|
|
;;
|
|
|
|
|
services-down )
|
|
|
|
|
# this action is called as root - so we are allowed to umount
|
|
|
|
|
umount "$MNT_PARENT"
|
|
|
|
|
mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT"
|
|
|
|
|
# TODO: we should not depend on samba and thttpd
|
|
|
|
|
# /etc/init.d/samba stop || true
|
|
|
|
|
# /etc/init.d/thttpd stop || true
|
|
|
|
@ -545,7 +544,7 @@ case "$ACTION" in
|
|
|
|
|
log_msg "Cleaning the CryptoBox ..."
|
|
|
|
|
turn_off_all_crypto
|
|
|
|
|
"$0" config-down
|
|
|
|
|
box_purge
|
|
|
|
|
box_purge >>"$LOG_FILE" 2>&1
|
|
|
|
|
;;
|
|
|
|
|
poweroff )
|
|
|
|
|
log_msg "Turning off the CryptoBox ..."
|
|
|
|
@ -580,7 +579,7 @@ case "$ACTION" in
|
|
|
|
|
echo " set_config NAME VALUE - change a configuration setting"
|
|
|
|
|
echo " get_config NAME - retrieve a configuration setting"
|
|
|
|
|
echo " diskinfo - show the partition table of the harddisk"
|
|
|
|
|
echo " box-purge - destroy partitiontable of the harddisk (delete everything)"
|
|
|
|
|
echo " box-purge - destroy partitiontable of all harddisks (delete everything)"
|
|
|
|
|
echo " poweroff - shutdown the cryptobox"
|
|
|
|
|
echo " reboot - reboot the cryptobox"
|
|
|
|
|
echo
|
|
|
|
|