diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2018-10-25 09:49:22 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2018-10-25 09:49:22 +0200 |
| commit | 7227ab3a425c00e6c7d49bfb69901e184e76eae1 (patch) | |
| tree | ce3fab743b4475fbeaa96fc9552a338bbb047b85 | |
| parent | b25989a274790ecc50b6310cc509f844f8c0f0e5 (diff) | |
debian pre/post naskpass initramfs init script: set printk, setup networking and start sshd
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rwxr-xr-x | scripts/naskpass_debian.initscript | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/scripts/naskpass_debian.initscript b/scripts/naskpass_debian.initscript index 340dad3..b1c4f81 100755 --- a/scripts/naskpass_debian.initscript +++ b/scripts/naskpass_debian.initscript @@ -10,6 +10,34 @@ prereqs() echo "$PREREQ" } +OLDPRINTK= + +pre_naskpass() +{ + # disable printk output + OLDPRINTK=$(cat /proc/sys/kernel/printk) + echo '0 0 0 0' >/proc/sys/kernel/printk + # setup networking and start sshd + if [ -x /sbin/sshd ]; then + [ -x /bin/ipconfig ] && configure_networking >/dev/null 2>/dev/null & + /sbin/sshd + fi +} + +post_naskpass() +{ + # restore old printk + echo "${OLDPRINTK}" >/proc/sys/kernel/printk + # stop sshd + kill $(pidof sshd) + # shutdown/clean all up'd network interfaces + for interface in $(ifconfig | grep -oE '^[a-zA-Z0-9]+\s+'); do + echo "disable ${interface}" + ifconfig ${interface} 0.0.0.0 + ifconfig ${interface} down + done +} + case $1 in prereqs) prereqs @@ -299,6 +327,10 @@ setup_mapping() count=$(( $count + 1 )) if [ ! -e "$NEWROOT" ]; then + if ! /lib/cryptsetup/naskpass_check; then + message "cryptsetup ($crypttarget): naskpass check failed" + break + fi if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ $cryptkeyscript -c"$cryptopen"; then message "cryptsetup ($crypttarget): cryptsetup failed, bad password or options?" @@ -401,15 +433,14 @@ for opt in $(cat /proc/cmdline); do esac done -OLDPRINTK=$(cat /proc/sys/kernel/printk) -echo '0 0 0 0' >/proc/sys/kernel/printk +pre_naskpass if [ -n "$cmdline_cryptopts" ]; then # Call setup_mapping separately for each possible cryptopts= setting for cryptopt in $cmdline_cryptopts; do setup_mapping "$cryptopt" done - echo "${OLDPRINTK}" >/proc/sys/kernel/printk + post_naskpass exit 0 fi @@ -420,5 +451,5 @@ if [ -r /conf/conf.d/cryptroot ]; then done 3< /conf/conf.d/cryptroot fi -echo "${OLDPRINTK}" >/proc/sys/kernel/printk +post_naskpass exit 0 |