7 # if cryptsetup is not installed, then we cannot support encrypted devices.
8 require_binaries cryptsetup
|| return 1
12 for _fs
in "${host_fs_types[@]}"; do
13 # include when a crypto_LUKS fs is present
14 [[ $_fs = "crypto_LUKS" ]] && return 0
17 # include if required by other module
27 # depend on crypt for /etc/crypttab
28 # depend on systemd-networkd for rd.neednet=1
29 echo crypt systemd
-networkd
38 for _fs
in "${host_fs_types[@]}"; do
39 if [[ "$_fs" == "crypto_LUKS" ]]; then
40 #XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration)
41 printf "%s" " rd.neednet=1"
49 local _ihttpdconf
=$(cmdline)
51 #XXX: rd.neednet=1 is mandatory to have active network in initrd
52 [[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"
54 # Install required dirs
57 /etc
/pki
/tls
/private \
58 /etc
/systemd
/network \
59 $systemdsystemunitdir/ihttpd.service.wants \
60 $systemdsystemunitdir/sysinit.target.wants \
64 #XXX: force cryptsetup install until systemd-cryptsetup implement a method that don't rely on password ending with \0
70 /etc
/pki
/tls
/certs
/ihttpd.pem \
71 /etc
/pki
/tls
/private
/ihttpd.pem \
72 $systemdsystemunitdir/systemd
-networkd.service \
79 inst_simple
-o /var
/www
/html
/favicon.ico
81 # Include all ihttpd deps
101 "libnss_myhostname.so.*" \
102 {"tls/$_arch/",tls
/,"$_arch/",}"libssl.so.*"
104 # Install ihttpd.conf index.bin reboot.bin ihttpd.service
105 for nc
in /etc
/ihttpd.conf
/var
/www
/html
/index.bin
/var
/www
/html
/reboot.bin
$systemdsystemunitdir/ihttpd.service
; do
106 inst_simple
/usr
/lib
/ihttpd
/${nc##*/} $nc
109 # Force load of ihttpd.service
110 ln -fs ..
/ihttpd.service
$initdir$systemdsystemunitdir/sysinit.target.wants
/
112 # Copy systemd-networkd config
113 for nc
in `ls /etc/systemd/network/`; do
114 inst_simple
/etc
/systemd
/network
/$nc
117 # Install resolv.conf as symlink
118 grep -vE '^($|#|nameserver 127.0.0.1|nameserver ::1)' /etc
/resolv.conf
> $initdir/etc
/resolv.conf
120 # Install in ihttpd.service.wants
122 ..
/systemd
-networkd.service \
123 $initdir$systemdsystemunitdir/ihttpd.service.wants
/
125 # Cleanup nsswitch.conf
126 perl
-pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
127 -i "$initdir/etc/nsswitch.conf"
129 # Require root user and group for our ihttpd process
130 `grep -Eq '^root:' $initdir/etc/group` || grep -E '^root:' /etc
/group
>> "$initdir/etc/group"
131 `grep -Eq '^root:' $initdir/etc/passwd` || grep -E '^root:' /etc
/passwd
>> "$initdir/etc/passwd"
136 ln -fs ..
/..
/..
/run
/ihttpd
/log
/{http
,https
,child.
{askpassword
,ihttpd
},error
}.log
$initdir/var
/www
/html
/
145 $systemdsystemunitdir/basic.target.wants \
146 $systemdsystemunitdir/emergency.target.wants \
147 $systemdsystemunitdir/rescue.target.wants \
148 /usr
/lib
64/security \
149 /usr
/share
/terminfo
/x \
158 /etc
/pam.d
/system
-auth \
159 /etc
/profile.d
/*.sh \
160 /etc
/security
/limits.conf \
161 /etc
/security
/pam_env.conf \
165 /etc
/ssh
/ssh_config \
166 /etc
/ssh
/sshd_config \
167 /etc
/ssh
/ssh_host_
* \
168 /root
/.bash_profile \
174 /usr
/lib
64/security
/pam_cracklib.so \
175 /usr
/lib
64/security
/pam_deny.so \
176 /usr
/lib
64/security
/pam_env.so \
177 /usr
/lib
64/security
/pam_keyinit.so \
178 /usr
/lib
64/security
/pam_limits.so \
179 /usr
/lib
64/security
/pam_listfile.so \
180 /usr
/lib
64/security
/pam_nologin.so \
181 /usr
/lib
64/security
/pam_succeed_if.so \
182 /usr
/lib
64/security
/pam_systemd.so \
183 /usr
/lib
64/security
/pam_tcb.so \
185 /usr
/share
/terminfo
/x
/*
188 #perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
189 perl
-pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
191 # Install debug sshd service
192 inst_simple
/usr
/lib
/ihttpd
/debug
-sshd.service
$initdir$systemdsystemunitdir/debug
-sshd.service
194 # Install in sysinit.target.wants
195 ln -fs ..
/debug
-sshd.service
$initdir$systemdsystemunitdir/sysinit.target.wants
/
197 # Install sshd user and group
198 `grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc
/passwd
>> "$initdir/etc/passwd"
199 `grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc
/group
>> "$initdir/etc/group"