the configuration directory may now be static (not mounted/mountable)
parent
24c0572cfe
commit
f9142cd386
|
@ -21,7 +21,6 @@ set -eu
|
|||
. /etc/cryptobox/cryptobox.conf
|
||||
|
||||
## configuration
|
||||
CONFIG_MARKER="$CONFIG_DIR/cryptobox.marker"
|
||||
CERT_TEMP=/tmp/stunnel.pem
|
||||
|
||||
######## stuff ##########
|
||||
|
@ -66,12 +65,12 @@ function config_set_value()
|
|||
# parameters: SettingName [SettingValue]
|
||||
# read from stdin if SettingValue is not defined
|
||||
{
|
||||
mount -o rw,remount "$CONFIG_DIR"
|
||||
mountpoint -q "$CONFIG_DIR" && mount -o rw,remount "$CONFIG_DIR"
|
||||
if [ $# -gt 1 ]
|
||||
then echo -n "$2" > "$CONFIG_DIR/$1"
|
||||
else cat - >"$CONFIG_DIR/$1"
|
||||
fi
|
||||
mount -o ro,remount "$CONFIG_DIR"
|
||||
mountpoint -q "$CONFIG_DIR" && mount -o ro,remount "$CONFIG_DIR"
|
||||
}
|
||||
|
||||
|
||||
|
@ -107,14 +106,18 @@ function create_config()
|
|||
# Parameter: device
|
||||
{
|
||||
local device="$1"
|
||||
log_msg "Creating config filesystem ..."
|
||||
# filter output through 'tr' to replace tabs
|
||||
$MKFS_CONFIG "$device" | tr '\010' ' '
|
||||
# mount the config partition rw
|
||||
log_msg "Mounting config partition ..."
|
||||
mount "$device" "$CONFIG_DIR"
|
||||
# create the new configuration filesystem if it is not static
|
||||
if is_config_mounted
|
||||
then log_msg "Using static configuration ..."
|
||||
else log_msg "Creating config filesystem ..."
|
||||
# filter output through 'tr' to replace tabs
|
||||
$MKFS_CONFIG "$device" | tr '\010' ' '
|
||||
# mount the config partition rw
|
||||
log_msg "Mounting config partition ..."
|
||||
mount "$device" "$CONFIG_DIR"
|
||||
fi
|
||||
# create a marker to recognize a cryptobox partition
|
||||
date -I >"$CONFIG_MARKER"
|
||||
date -I >"$CONFIG_DIR/$CONFIG_MARKER"
|
||||
log_msg "Copying configuration defaults ..."
|
||||
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
|
||||
|
||||
|
@ -122,17 +125,15 @@ function create_config()
|
|||
# beware: the temp file should always be there - even after reboot - see "mount_config"
|
||||
cp -p "$CERT_TEMP" "$CERT_FILE"
|
||||
|
||||
# create database of readable names
|
||||
touch "$CONFIG_DIR/names.db"
|
||||
|
||||
log_msg "Setting inital values ..."
|
||||
# beware: config_set_value remounts the config partition read-only
|
||||
config_set_value "device" "$device"
|
||||
config_set_value "ip" "$(get_current_ip)"
|
||||
# create database of readable names
|
||||
config_set_value "names.db" ""
|
||||
|
||||
# reinitialise configuration
|
||||
log_msg "Unmounting config partition ..."
|
||||
umount "$CONFIG_DIR"
|
||||
umount_config
|
||||
log_msg "Reload configuration ..."
|
||||
mount_config
|
||||
}
|
||||
|
@ -149,7 +150,7 @@ function get_current_ip()
|
|||
function list_crypto_containers()
|
||||
{
|
||||
for a in $ALL_PARTITIONS
|
||||
do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
|
||||
do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
|
||||
done
|
||||
}
|
||||
|
||||
|
@ -157,16 +158,15 @@ function list_crypto_containers()
|
|||
function list_unused_partitions()
|
||||
{
|
||||
for a in $ALL_PARTITIONS
|
||||
do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
|
||||
done | grep -v "$(config_get_value device)1"
|
||||
# replace the config_get_value by a sub, that returns the config partition
|
||||
do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
function get_crypto_uuid()
|
||||
# Parameter: DEVICE
|
||||
{
|
||||
$CRYPTSETUP luksUUID "$1"
|
||||
"$CRYPTSETUP" luksUUID "$1"
|
||||
}
|
||||
|
||||
|
||||
|
@ -240,7 +240,7 @@ function config_mount_test()
|
|||
{
|
||||
local device=$1
|
||||
local STATUS=0
|
||||
mount "${device}1" "$CONFIG_DIR" &>/dev/null || true
|
||||
mount "${device}" "$CONFIG_DIR" &>/dev/null || true
|
||||
is_config_mounted && STATUS=1
|
||||
umount "$CONFIG_DIR" &>/dev/null || true
|
||||
# return code is the result of this expression
|
||||
|
@ -250,7 +250,7 @@ function config_mount_test()
|
|||
|
||||
function is_config_mounted()
|
||||
{
|
||||
mount | grep -q " $CONFIG_DIR " && [ -f "$CONFIG_MARKER" ]
|
||||
test -f "$CONFIG_DIR/$CONFIG_MARKER"
|
||||
}
|
||||
|
||||
|
||||
|
@ -285,11 +285,7 @@ function check_at_command_queue()
|
|||
function find_harddisk()
|
||||
# look for the harddisk to be partitioned
|
||||
{
|
||||
local device
|
||||
if is_config_mounted
|
||||
then device=$(config_get_value "device")
|
||||
else device=$(get_available_disks | head -1)
|
||||
fi
|
||||
local device=$(get_available_disks | head -1)
|
||||
if [ -z "$device" ] ; then
|
||||
log_msg "no valid harddisk for initialisation found!"
|
||||
cat /proc/partitions >>"$LOG_FILE"
|
||||
|
@ -313,22 +309,39 @@ function get_available_disks()
|
|||
|
||||
function mount_config()
|
||||
{
|
||||
is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
|
||||
local device=$(
|
||||
for a in $SCAN_DEVICES
|
||||
do log_msg "Trying to load configuration from $a ..."
|
||||
config_mount_test "$a" && echo "$a" && break
|
||||
done )
|
||||
if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
|
||||
then log_msg "configuraton found on $device"
|
||||
config_set_value "device" "$device"
|
||||
# copy certificate to /tmp in case of re-initialization
|
||||
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
||||
cp "$CERT_FILE" "$CERT_TEMP"
|
||||
return 0
|
||||
else log_msg "failed to locate harddisk"
|
||||
return 1
|
||||
fi
|
||||
# error if dynamic configuration is active
|
||||
# return if static configuration is active
|
||||
if is_config_mounted && mountpoint -q "$CONFIG_DIR"
|
||||
then error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
|
||||
else is_config_mounted && return
|
||||
fi
|
||||
# look for a configuration partition
|
||||
# modify all scan_devices to get regular expressions like "^hda[0-9]*$"
|
||||
local scan_regex=$(echo "SCAN_DEVICES" | tr " " "\n" | sed 's/^/^/; s/$/[0-9]*$/')
|
||||
echo "$ALL_PARTITIONS" | grep "$scan_regex" | while read part
|
||||
do log_msg "Trying to load configuration from $part ..."
|
||||
if config_mount_test "$part"
|
||||
then log_msg "configuraton found on $part"
|
||||
mount "$part" "$CONFIG_DIR"
|
||||
# copy certificate to /tmp in case of re-initialization
|
||||
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
||||
cp "$CERT_FILE" "$CERT_TEMP"
|
||||
return
|
||||
fi
|
||||
done
|
||||
log_msg "failed to locate config partition"
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
function umount_config()
|
||||
{
|
||||
is_config_mounted || return
|
||||
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
||||
if mountpoint -q "$CONFIG_DIR"
|
||||
then umount "$CONFIG_DIR"
|
||||
else true
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
@ -372,7 +385,7 @@ function umount_crypto()
|
|||
fi
|
||||
local uuid=$(get_crypto_uuid $device)
|
||||
local name=$(get_crypto_name $device)
|
||||
if mount | grep -q " $MNT_PARENT/$name "
|
||||
if mountpoint -q "$MNT_PARENT/$name"
|
||||
then log_msg "Unmounting crypto partition ..."
|
||||
umount "$MNT_PARENT/$name"
|
||||
rmdir "$MNT_PARENT/$name"
|
||||
|
@ -403,9 +416,10 @@ function init_cryptobox()
|
|||
local device=$(find_harddisk)
|
||||
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
||||
turn_off_all_crypto
|
||||
mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
|
||||
is_config_mounted && umount_config || true
|
||||
log_msg "Initializing config partition on $device ..."
|
||||
create_partitions "$device"
|
||||
# TODO: this should not be hard-coded
|
||||
create_config "${device}1"
|
||||
}
|
||||
|
||||
|
@ -435,7 +449,7 @@ case "$ACTION" in
|
|||
fi
|
||||
;;
|
||||
config-down )
|
||||
mount | grep -q " $CONFIG_DIR$ " && umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
|
||||
umount_config || error_msg 4 "Could not unmount configuration partition"
|
||||
;;
|
||||
network-up )
|
||||
kudzu -s -q --class network
|
||||
|
@ -493,7 +507,7 @@ case "$ACTION" in
|
|||
[ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'"
|
||||
# do it in the background to provide a smoother web interface
|
||||
# messages and errors get written to $LOG_FILE
|
||||
keyfile=/tmp/$(basename $0)-passphrase-$(basename $1)
|
||||
keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1")
|
||||
# read the password
|
||||
cat - >"$keyfile"
|
||||
# execute it in the background
|
||||
|
|
Loading…
Reference in New Issue