]> Raphaƫl G. Git Repositories - ihttpd/blob - SOURCES/ihttpd.module-setup
Cleanup
[ihttpd] / SOURCES / ihttpd.module-setup
1 #!/usr/bin/bash
2
3 # called by dracut
4 check() {
5 local _fs
6
7 # if cryptsetup is not installed, then we cannot support encrypted devices.
8 require_binaries cryptsetup || return 1
9
10 # hostonly mode check
11 [[ $hostonly ]] && {
12 for _fs in "${host_fs_types[@]}"; do
13 # include when a crypto_LUKS fs is present
14 [[ $_fs = "crypto_LUKS" ]] && return 0
15 done
16
17 # include if required by other module
18 return 255
19 }
20
21 # include by default
22 return 0
23 }
24
25 # called by dracut
26 depends() {
27 # depend on crypt for /etc/crypttab
28 # depend on systemd-networkd for rd.neednet=1
29 echo crypt systemd-networkd
30
31 return 0
32 }
33
34 # called by dracut
35 cmdline() {
36 local _fs
37
38 for _fs in "${host_fs_types[@]}"; do
39 if [[ "$_fs" == "crypto_LUKS" ]]; then
40 #XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration)
41 printf "%s" " rd.neednet=1"
42 break
43 fi
44 done
45 }
46
47 # called by dracut
48 install() {
49 local _ihttpdconf=$(cmdline)
50
51 #XXX: rd.neednet=1 is mandatory to have active network in initrd
52 [[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"
53
54 # Install required dirs
55 inst_dir \
56 /etc/pki/tls/certs \
57 /etc/pki/tls/private \
58 /etc/systemd/network \
59 $systemdsystemunitdir/ihttpd.service.wants \
60 $systemdsystemunitdir/sysinit.target.wants \
61 /var/www/html
62
63 # Install all files
64 #XXX: force cryptsetup install until systemd-cryptsetup implement a method that don't rely on password ending with \0
65 inst_multiple \
66 /etc/hosts \
67 /etc/localtime \
68 /etc/mime.types \
69 /etc/nsswitch.conf \
70 /etc/pki/tls/certs/ihttpd.pem \
71 /etc/pki/tls/private/ihttpd.pem \
72 $systemdsystemunitdir/systemd-networkd.service \
73 '/sbin/cryptsetup' \
74 '/usr/bin/false' \
75 '/usr/bin/reboot' \
76 '/usr/sbin/ihttpd'
77
78 # Install favicon
79 inst_simple -o /var/www/html/favicon.ico
80
81 # Include all ihttpd deps
82 inst_libdir_file \
83 "ld-linux-*.so.*" \
84 "libapr-1.so.*" \
85 "libaprutil-1.so.*" \
86 "libcrypto.so.*" \
87 "libcrypt.so.*" \
88 "libc.so.*" \
89 "libdb-*.so" \
90 "libdl.so.*" \
91 "libexpat.so.*" \
92 "libnsl.so.*" \
93 "libpcre.so.*" \
94 "libpthread.so.*" \
95 "libresolv.so.*" \
96 "librt.so.*" \
97 "libuuid.so.*" \
98 "libz.so.*" \
99 "libnss_files.so.*" \
100 "libnss_dns.so.*" \
101 "libnss_myhostname.so.*" \
102 {"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*"
103
104 # Install ihttpd.conf index.bin reboot.bin ihttpd.service
105 for nc in /etc/ihttpd.conf /var/www/html/index.bin /var/www/html/reboot.bin $systemdsystemunitdir/ihttpd.service; do
106 inst_simple /usr/lib/ihttpd/${nc##*/} $nc
107 done
108
109 # Force load of ihttpd.service
110 ln -fs ../ihttpd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
111
112 # Copy systemd-networkd config
113 for nc in `ls /etc/systemd/network/`; do
114 inst_simple /etc/systemd/network/$nc
115 done
116
117 # Install resolv.conf as symlink
118 grep -vE '^($|#|nameserver 127.0.0.1|nameserver ::1)' /etc/resolv.conf > $initdir/etc/resolv.conf
119
120 # Install in ihttpd.service.wants
121 ln -fs \
122 ../systemd-networkd.service \
123 $initdir$systemdsystemunitdir/ihttpd.service.wants/
124
125 # Cleanup nsswitch.conf
126 perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
127 -i "$initdir/etc/nsswitch.conf"
128
129 # Require root user and group for our ihttpd process
130 `egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
131 `egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"
132
133 # For debug only
134 if false; then
135 # Install ihttpd log
136 ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/
137
138 # Install sshd dirs
139 inst_dir \
140 /etc/pam.d \
141 /etc/profile.d \
142 /etc/security \
143 /etc/ssh \
144 /etc/sysconfig \
145 $systemdsystemunitdir/basic.target.wants \
146 $systemdsystemunitdir/emergency.target.wants \
147 $systemdsystemunitdir/rescue.target.wants \
148 /usr/lib64/security \
149 /usr/share/terminfo/x \
150 /var/empty
151
152 # Install sshd files
153 inst_multiple \
154 /etc/bashrc \
155 /etc/environment \
156 /etc/gshadow \
157 /etc/pam.d/sshd \
158 /etc/pam.d/system-auth \
159 /etc/profile.d/*.sh \
160 /etc/security/limits.conf \
161 /etc/security/pam_env.conf \
162 /etc/shadow \
163 /etc/ssh/denyusers \
164 /etc/ssh/moduli \
165 /etc/ssh/ssh_config \
166 /etc/ssh/sshd_config \
167 /etc/ssh/ssh_host_* \
168 /root/.bash_profile \
169 /root/.bashrc \
170 /usr/bin/cat \
171 /usr/bin/id \
172 '/usr/bin/kill' \
173 /usr/bin/ps \
174 /usr/lib64/security/pam_cracklib.so \
175 /usr/lib64/security/pam_deny.so \
176 /usr/lib64/security/pam_env.so \
177 /usr/lib64/security/pam_keyinit.so \
178 /usr/lib64/security/pam_limits.so \
179 /usr/lib64/security/pam_listfile.so \
180 /usr/lib64/security/pam_nologin.so \
181 /usr/lib64/security/pam_succeed_if.so \
182 /usr/lib64/security/pam_systemd.so \
183 /usr/lib64/security/pam_tcb.so \
184 /usr/sbin/sshd \
185 /usr/share/terminfo/x/*
186
187 # Disable pam
188 #perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
189 perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
190
191 # Install debug sshd service
192 inst_simple /usr/lib/ihttpd/debug-sshd.service $initdir$systemdsystemunitdir/debug-sshd.service
193
194 # Install in sysinit.target.wants
195 ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
196
197 # Install sshd user and group
198 `grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
199 `grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
200 fi
201 }