the configuration directory may now be static (not mounted/mountable)

This commit is contained in:
lars 2005-11-30 03:38:31 +00:00
parent 24c0572cfe
commit f9142cd386
1 changed files with 61 additions and 47 deletions

View File

@ -21,7 +21,6 @@ set -eu
. /etc/cryptobox/cryptobox.conf
## configuration
CONFIG_MARKER="$CONFIG_DIR/cryptobox.marker"
CERT_TEMP=/tmp/stunnel.pem
######## stuff ##########
@ -66,12 +65,12 @@ function config_set_value()
# parameters: SettingName [SettingValue]
# read from stdin if SettingValue is not defined
{
mount -o rw,remount "$CONFIG_DIR"
mountpoint -q "$CONFIG_DIR" && mount -o rw,remount "$CONFIG_DIR"
if [ $# -gt 1 ]
then echo -n "$2" > "$CONFIG_DIR/$1"
else cat - >"$CONFIG_DIR/$1"
fi
mount -o ro,remount "$CONFIG_DIR"
mountpoint -q "$CONFIG_DIR" && mount -o ro,remount "$CONFIG_DIR"
}
@ -107,14 +106,18 @@ function create_config()
# Parameter: device
{
local device="$1"
log_msg "Creating config filesystem ..."
# filter output through 'tr' to replace tabs
$MKFS_CONFIG "$device" | tr '\010' ' '
# mount the config partition rw
log_msg "Mounting config partition ..."
mount "$device" "$CONFIG_DIR"
# create the new configuration filesystem if it is not static
if is_config_mounted
then log_msg "Using static configuration ..."
else log_msg "Creating config filesystem ..."
# filter output through 'tr' to replace tabs
$MKFS_CONFIG "$device" | tr '\010' ' '
# mount the config partition rw
log_msg "Mounting config partition ..."
mount "$device" "$CONFIG_DIR"
fi
# create a marker to recognize a cryptobox partition
date -I >"$CONFIG_MARKER"
date -I >"$CONFIG_DIR/$CONFIG_MARKER"
log_msg "Copying configuration defaults ..."
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
@ -122,17 +125,15 @@ function create_config()
# beware: the temp file should always be there - even after reboot - see "mount_config"
cp -p "$CERT_TEMP" "$CERT_FILE"
# create database of readable names
touch "$CONFIG_DIR/names.db"
log_msg "Setting inital values ..."
# beware: config_set_value remounts the config partition read-only
config_set_value "device" "$device"
config_set_value "ip" "$(get_current_ip)"
# create database of readable names
config_set_value "names.db" ""
# reinitialise configuration
log_msg "Unmounting config partition ..."
umount "$CONFIG_DIR"
umount_config
log_msg "Reload configuration ..."
mount_config
}
@ -149,7 +150,7 @@ function get_current_ip()
function list_crypto_containers()
{
for a in $ALL_PARTITIONS
do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
done
}
@ -157,16 +158,15 @@ function list_crypto_containers()
function list_unused_partitions()
{
for a in $ALL_PARTITIONS
do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
done | grep -v "$(config_get_value device)1"
# replace the config_get_value by a sub, that returns the config partition
do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
done
}
function get_crypto_uuid()
# Parameter: DEVICE
{
$CRYPTSETUP luksUUID "$1"
"$CRYPTSETUP" luksUUID "$1"
}
@ -240,7 +240,7 @@ function config_mount_test()
{
local device=$1
local STATUS=0
mount "${device}1" "$CONFIG_DIR" &>/dev/null || true
mount "${device}" "$CONFIG_DIR" &>/dev/null || true
is_config_mounted && STATUS=1
umount "$CONFIG_DIR" &>/dev/null || true
# return code is the result of this expression
@ -250,7 +250,7 @@ function config_mount_test()
function is_config_mounted()
{
mount | grep -q " $CONFIG_DIR " && [ -f "$CONFIG_MARKER" ]
test -f "$CONFIG_DIR/$CONFIG_MARKER"
}
@ -285,11 +285,7 @@ function check_at_command_queue()
function find_harddisk()
# look for the harddisk to be partitioned
{
local device
if is_config_mounted
then device=$(config_get_value "device")
else device=$(get_available_disks | head -1)
fi
local device=$(get_available_disks | head -1)
if [ -z "$device" ] ; then
log_msg "no valid harddisk for initialisation found!"
cat /proc/partitions >>"$LOG_FILE"
@ -313,22 +309,39 @@ function get_available_disks()
function mount_config()
{
is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
local device=$(
for a in $SCAN_DEVICES
do log_msg "Trying to load configuration from $a ..."
config_mount_test "$a" && echo "$a" && break
done )
if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
then log_msg "configuraton found on $device"
config_set_value "device" "$device"
# copy certificate to /tmp in case of re-initialization
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
cp "$CERT_FILE" "$CERT_TEMP"
return 0
else log_msg "failed to locate harddisk"
return 1
fi
# error if dynamic configuration is active
# return if static configuration is active
if is_config_mounted && mountpoint -q "$CONFIG_DIR"
then error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
else is_config_mounted && return
fi
# look for a configuration partition
# modify all scan_devices to get regular expressions like "^hda[0-9]*$"
local scan_regex=$(echo "SCAN_DEVICES" | tr " " "\n" | sed 's/^/^/; s/$/[0-9]*$/')
echo "$ALL_PARTITIONS" | grep "$scan_regex" | while read part
do log_msg "Trying to load configuration from $part ..."
if config_mount_test "$part"
then log_msg "configuraton found on $part"
mount "$part" "$CONFIG_DIR"
# copy certificate to /tmp in case of re-initialization
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
cp "$CERT_FILE" "$CERT_TEMP"
return
fi
done
log_msg "failed to locate config partition"
return 1
}
function umount_config()
{
is_config_mounted || return
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
if mountpoint -q "$CONFIG_DIR"
then umount "$CONFIG_DIR"
else true
fi
}
@ -372,7 +385,7 @@ function umount_crypto()
fi
local uuid=$(get_crypto_uuid $device)
local name=$(get_crypto_name $device)
if mount | grep -q " $MNT_PARENT/$name "
if mountpoint -q "$MNT_PARENT/$name"
then log_msg "Unmounting crypto partition ..."
umount "$MNT_PARENT/$name"
rmdir "$MNT_PARENT/$name"
@ -403,9 +416,10 @@ function init_cryptobox()
local device=$(find_harddisk)
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
turn_off_all_crypto
mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
is_config_mounted && umount_config || true
log_msg "Initializing config partition on $device ..."
create_partitions "$device"
# TODO: this should not be hard-coded
create_config "${device}1"
}
@ -435,7 +449,7 @@ case "$ACTION" in
fi
;;
config-down )
mount | grep -q " $CONFIG_DIR$ " && umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
umount_config || error_msg 4 "Could not unmount configuration partition"
;;
network-up )
kudzu -s -q --class network
@ -493,7 +507,7 @@ case "$ACTION" in
[ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'"
# do it in the background to provide a smoother web interface
# messages and errors get written to $LOG_FILE
keyfile=/tmp/$(basename $0)-passphrase-$(basename $1)
keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1")
# read the password
cat - >"$keyfile"
# execute it in the background