From f9142cd3868a565f3b9d8aee87b92321f667de4c Mon Sep 17 00:00:00 2001 From: lars Date: Wed, 30 Nov 2005 03:38:31 +0000 Subject: [PATCH] the configuration directory may now be static (not mounted/mountable) --- cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh | 108 +++++++++++-------- 1 file changed, 61 insertions(+), 47 deletions(-) diff --git a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh index e929b10..2adfd39 100755 --- a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh +++ b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh @@ -21,7 +21,6 @@ set -eu . /etc/cryptobox/cryptobox.conf ## configuration -CONFIG_MARKER="$CONFIG_DIR/cryptobox.marker" CERT_TEMP=/tmp/stunnel.pem ######## stuff ########## @@ -66,12 +65,12 @@ function config_set_value() # parameters: SettingName [SettingValue] # read from stdin if SettingValue is not defined { - mount -o rw,remount "$CONFIG_DIR" + mountpoint -q "$CONFIG_DIR" && mount -o rw,remount "$CONFIG_DIR" if [ $# -gt 1 ] then echo -n "$2" > "$CONFIG_DIR/$1" else cat - >"$CONFIG_DIR/$1" fi - mount -o ro,remount "$CONFIG_DIR" + mountpoint -q "$CONFIG_DIR" && mount -o ro,remount "$CONFIG_DIR" } @@ -107,14 +106,18 @@ function create_config() # Parameter: device { local device="$1" - log_msg "Creating config filesystem ..." - # filter output through 'tr' to replace tabs - $MKFS_CONFIG "$device" | tr '\010' ' ' - # mount the config partition rw - log_msg "Mounting config partition ..." - mount "$device" "$CONFIG_DIR" + # create the new configuration filesystem if it is not static + if is_config_mounted + then log_msg "Using static configuration ..." + else log_msg "Creating config filesystem ..." + # filter output through 'tr' to replace tabs + $MKFS_CONFIG "$device" | tr '\010' ' ' + # mount the config partition rw + log_msg "Mounting config partition ..." + mount "$device" "$CONFIG_DIR" + fi # create a marker to recognize a cryptobox partition - date -I >"$CONFIG_MARKER" + date -I >"$CONFIG_DIR/$CONFIG_MARKER" log_msg "Copying configuration defaults ..." cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR" @@ -122,17 +125,15 @@ function create_config() # beware: the temp file should always be there - even after reboot - see "mount_config" cp -p "$CERT_TEMP" "$CERT_FILE" - # create database of readable names - touch "$CONFIG_DIR/names.db" - log_msg "Setting inital values ..." # beware: config_set_value remounts the config partition read-only - config_set_value "device" "$device" config_set_value "ip" "$(get_current_ip)" + # create database of readable names + config_set_value "names.db" "" # reinitialise configuration log_msg "Unmounting config partition ..." - umount "$CONFIG_DIR" + umount_config log_msg "Reload configuration ..." mount_config } @@ -149,7 +150,7 @@ function get_current_ip() function list_crypto_containers() { for a in $ALL_PARTITIONS - do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a" + do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a" done } @@ -157,16 +158,15 @@ function list_crypto_containers() function list_unused_partitions() { for a in $ALL_PARTITIONS - do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a" - done | grep -v "$(config_get_value device)1" - # replace the config_get_value by a sub, that returns the config partition + do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a" + done } function get_crypto_uuid() # Parameter: DEVICE { - $CRYPTSETUP luksUUID "$1" + "$CRYPTSETUP" luksUUID "$1" } @@ -240,7 +240,7 @@ function config_mount_test() { local device=$1 local STATUS=0 - mount "${device}1" "$CONFIG_DIR" &>/dev/null || true + mount "${device}" "$CONFIG_DIR" &>/dev/null || true is_config_mounted && STATUS=1 umount "$CONFIG_DIR" &>/dev/null || true # return code is the result of this expression @@ -250,7 +250,7 @@ function config_mount_test() function is_config_mounted() { - mount | grep -q " $CONFIG_DIR " && [ -f "$CONFIG_MARKER" ] + test -f "$CONFIG_DIR/$CONFIG_MARKER" } @@ -285,11 +285,7 @@ function check_at_command_queue() function find_harddisk() # look for the harddisk to be partitioned { - local device - if is_config_mounted - then device=$(config_get_value "device") - else device=$(get_available_disks | head -1) - fi + local device=$(get_available_disks | head -1) if [ -z "$device" ] ; then log_msg "no valid harddisk for initialisation found!" cat /proc/partitions >>"$LOG_FILE" @@ -313,22 +309,39 @@ function get_available_disks() function mount_config() { - is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!" - local device=$( - for a in $SCAN_DEVICES - do log_msg "Trying to load configuration from $a ..." - config_mount_test "$a" && echo "$a" && break - done ) - if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR" - then log_msg "configuraton found on $device" - config_set_value "device" "$device" - # copy certificate to /tmp in case of re-initialization - # /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d) - cp "$CERT_FILE" "$CERT_TEMP" - return 0 - else log_msg "failed to locate harddisk" - return 1 - fi + # error if dynamic configuration is active + # return if static configuration is active + if is_config_mounted && mountpoint -q "$CONFIG_DIR" + then error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!" + else is_config_mounted && return + fi + # look for a configuration partition + # modify all scan_devices to get regular expressions like "^hda[0-9]*$" + local scan_regex=$(echo "SCAN_DEVICES" | tr " " "\n" | sed 's/^/^/; s/$/[0-9]*$/') + echo "$ALL_PARTITIONS" | grep "$scan_regex" | while read part + do log_msg "Trying to load configuration from $part ..." + if config_mount_test "$part" + then log_msg "configuraton found on $part" + mount "$part" "$CONFIG_DIR" + # copy certificate to /tmp in case of re-initialization + # /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d) + cp "$CERT_FILE" "$CERT_TEMP" + return + fi + done + log_msg "failed to locate config partition" + return 1 +} + + +function umount_config() +{ + is_config_mounted || return + # only try to unmount, if it is not static (the config of a live-cd is always dynamic) + if mountpoint -q "$CONFIG_DIR" + then umount "$CONFIG_DIR" + else true + fi } @@ -372,7 +385,7 @@ function umount_crypto() fi local uuid=$(get_crypto_uuid $device) local name=$(get_crypto_name $device) - if mount | grep -q " $MNT_PARENT/$name " + if mountpoint -q "$MNT_PARENT/$name" then log_msg "Unmounting crypto partition ..." umount "$MNT_PARENT/$name" rmdir "$MNT_PARENT/$name" @@ -403,9 +416,10 @@ function init_cryptobox() local device=$(find_harddisk) [ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1 turn_off_all_crypto - mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true + is_config_mounted && umount_config || true log_msg "Initializing config partition on $device ..." create_partitions "$device" + # TODO: this should not be hard-coded create_config "${device}1" } @@ -435,7 +449,7 @@ case "$ACTION" in fi ;; config-down ) - mount | grep -q " $CONFIG_DIR$ " && umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition" + umount_config || error_msg 4 "Could not unmount configuration partition" ;; network-up ) kudzu -s -q --class network @@ -493,7 +507,7 @@ case "$ACTION" in [ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'" # do it in the background to provide a smoother web interface # messages and errors get written to $LOG_FILE - keyfile=/tmp/$(basename $0)-passphrase-$(basename $1) + keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1") # read the password cat - >"$keyfile" # execute it in the background