the configuration directory may now be static (not mounted/mountable)

cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh

@@ -21,7 +21,6 @@ set -eu
 . /etc/cryptobox/cryptobox.conf
 
 ## configuration
-CONFIG_MARKER="$CONFIG_DIR/cryptobox.marker"
 CERT_TEMP=/tmp/stunnel.pem
 
 ######## stuff ##########
@@ -66,12 +65,12 @@ function config_set_value()
 # parameters: SettingName [SettingValue]
 # read from stdin if SettingValue is not defined
 {
-	mount -o rw,remount "$CONFIG_DIR"
+	mountpoint -q "$CONFIG_DIR" && mount -o rw,remount "$CONFIG_DIR"
 	if [ $# -gt 1 ]
 		then	echo -n "$2" > "$CONFIG_DIR/$1"
 		else	cat - >"$CONFIG_DIR/$1"
 	  fi
-	mount -o ro,remount "$CONFIG_DIR"
+	mountpoint -q "$CONFIG_DIR" && mount -o ro,remount "$CONFIG_DIR"
 }
 
 
@@ -107,14 +106,18 @@ function create_config()
 # Parameter: device
 {
 	local device="$1"
-	log_msg "Creating config filesystem ..."
+	# create the new configuration filesystem if it is not static
-	# filter output through 'tr' to replace tabs
+	if is_config_mounted
-	$MKFS_CONFIG "$device" | tr '\010' ' '
+	   then log_msg "Using static configuration ..."
-	# mount the config partition rw
+	   else	log_msg "Creating config filesystem ..."
-	log_msg "Mounting config partition ..."
+			# filter output through 'tr' to replace tabs
-	mount "$device" "$CONFIG_DIR"
+			$MKFS_CONFIG "$device" | tr '\010' ' '
+			# mount the config partition rw
+			log_msg "Mounting config partition ..."
+			mount "$device" "$CONFIG_DIR"
+	  fi
 	# create a marker to recognize a cryptobox partition
-	date -I >"$CONFIG_MARKER" 
+	date -I >"$CONFIG_DIR/$CONFIG_MARKER" 
 	log_msg "Copying configuration defaults ..."
 	cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
 
@@ -122,17 +125,15 @@ function create_config()
 	# beware: the temp file should always be there - even after reboot - see "mount_config"
 	cp -p "$CERT_TEMP" "$CERT_FILE"
 
-	# create database of readable names
-	touch "$CONFIG_DIR/names.db"
-
 	log_msg "Setting inital values ..."
 	# beware: config_set_value remounts the config partition read-only
-	config_set_value "device" "$device"
 	config_set_value "ip" "$(get_current_ip)"
+	# create database of readable names
+	config_set_value "names.db" ""
 
 	# reinitialise configuration
 	log_msg "Unmounting config partition ..."
-	umount "$CONFIG_DIR"
+	umount_config
 	log_msg "Reload configuration ..."
 	mount_config
 }
@@ -149,7 +150,7 @@ function get_current_ip()
 function list_crypto_containers()
 {
 	for a in $ALL_PARTITIONS
-		do	$CRYPTSETUP isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
+		do	"$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
 	  done
 }
 
@@ -157,16 +158,15 @@ function list_crypto_containers()
 function list_unused_partitions()
 {
 	for a in $ALL_PARTITIONS
-		do	$CRYPTSETUP isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
+		do	"$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
-	  done | grep -v "$(config_get_value device)1"
+	  done
-	# replace the config_get_value by a sub, that returns the config partition
 }
 
 
 function get_crypto_uuid()
 # Parameter: DEVICE
 {
-	$CRYPTSETUP luksUUID "$1"
+	"$CRYPTSETUP" luksUUID "$1"
 }
 
 
@@ -240,7 +240,7 @@ function config_mount_test()
 {
 	local device=$1
 	local STATUS=0
-	mount "${device}1" "$CONFIG_DIR" &>/dev/null || true
+	mount "${device}" "$CONFIG_DIR" &>/dev/null || true
 	is_config_mounted && STATUS=1
 	umount "$CONFIG_DIR" &>/dev/null || true
 	# return code is the result of this expression
@@ -250,7 +250,7 @@ function config_mount_test()
 
 function is_config_mounted()
 {
-	mount | grep -q " $CONFIG_DIR " && [ -f "$CONFIG_MARKER" ]
+	test -f "$CONFIG_DIR/$CONFIG_MARKER"
 }
 
 
@@ -285,11 +285,7 @@ function check_at_command_queue()
 function find_harddisk()
 # look for the harddisk to be partitioned
 {
-	local device
+	local device=$(get_available_disks | head -1)
-	if is_config_mounted
-		then	device=$(config_get_value "device")
-		else	device=$(get_available_disks | head -1)
-	  fi
 	if [ -z "$device" ] ; then
 		log_msg "no valid harddisk for initialisation found!"
 		cat /proc/partitions >>"$LOG_FILE"
@@ -313,22 +309,39 @@ function get_available_disks()
 
 function mount_config()
 {
-	is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
+	# error if dynamic configuration is active
-	local device=$(
+	# return if static configuration is active
-	    for a in $SCAN_DEVICES
+	if is_config_mounted && mountpoint -q "$CONFIG_DIR"
-		do	log_msg "Trying to load configuration from $a ..."
+		then	error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
-			config_mount_test "$a" && echo "$a" && break
+		else	is_config_mounted && return
-		  done )
+	  fi
-	if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
+	# look for a configuration partition
-		then	log_msg "configuraton found on $device"
+	# modify all scan_devices to get regular expressions like "^hda[0-9]*$"
-			config_set_value "device" "$device"
+	local scan_regex=$(echo "SCAN_DEVICES" | tr " " "\n" | sed 's/^/^/; s/$/[0-9]*$/')
-			# copy certificate to /tmp in case of re-initialization
+	echo "$ALL_PARTITIONS" | grep "$scan_regex" | while read part
-			# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
+		do	log_msg "Trying to load configuration from $part ..."
-			cp "$CERT_FILE" "$CERT_TEMP"
+			if config_mount_test "$part"
-			return 0
+			   then	log_msg "configuraton found on $part"
-		else	log_msg "failed to locate harddisk"
+					mount "$part" "$CONFIG_DIR"
-			return 1
+					# copy certificate to /tmp in case of re-initialization
-	fi
+					# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
+					cp "$CERT_FILE" "$CERT_TEMP"
+					return
+			  fi
+	  done
+	log_msg "failed to locate config partition"
+	return 1
+}
+
+
+function umount_config()
+{
+	is_config_mounted || return
+	# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
+	if mountpoint -q "$CONFIG_DIR"
+		then	umount "$CONFIG_DIR"
+		else	true
+	  fi
 }
 
 
@@ -372,7 +385,7 @@ function umount_crypto()
 	  fi
 	local uuid=$(get_crypto_uuid $device)
 	local name=$(get_crypto_name $device)
-	if mount | grep -q " $MNT_PARENT/$name "
+	if mountpoint -q "$MNT_PARENT/$name"
 		then	log_msg "Unmounting crypto partition ..."
 			umount "$MNT_PARENT/$name"
 			rmdir "$MNT_PARENT/$name"
@@ -403,9 +416,10 @@ function init_cryptobox()
 	local device=$(find_harddisk)
 	[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
 	turn_off_all_crypto
-	mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
+	is_config_mounted && umount_config || true
 	log_msg "Initializing config partition on $device ..."
 	create_partitions "$device"
+	# TODO: this should not be hard-coded
 	create_config "${device}1"
 }
 
@@ -435,7 +449,7 @@ case "$ACTION" in
 		 fi
 		;;
 	config-down )
-		mount | grep -q " $CONFIG_DIR$ " && umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
+		umount_config || error_msg 4 "Could not unmount configuration partition"
 		;;
 	network-up )
 		kudzu -s -q --class network
@@ -493,7 +507,7 @@ case "$ACTION" in
 		[ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'"
 		# do it in the background to provide a smoother web interface
 		# messages and errors get written to $LOG_FILE
-		keyfile=/tmp/$(basename $0)-passphrase-$(basename $1)
+		keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1")
 		# read the password
 		cat - >"$keyfile"
 		# execute it in the background