#!/bin/bash
# called by dracut
check() {
local fs
# Fix tmpfiledir
#XXX: fix installation of /usr/lib/tmpfileS.d/{dracut-tmpfiles,systemd}.conf
#XXX: should be removed when bug 18642 (mageia) or 1343230 (fedora) will be fixed in /usr/bin/dracut +1262-1282
[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /usr/lib/tmpfiles.d ] && tmpfilesdir=/usr/lib/tmpfiles.d
[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /etc/tmpfiles.d ] && tmpfilesdir=/etc/tmpfiles.d
[ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /lib/tmpfiles.d ] && tmpfilesdir=/lib/tmpfiles.d
# if cryptsetup is not installed, then we cannot support encrypted devices.
require_binaries cryptsetup || return 1
# if hostonly or mount_needs include if required by other module
# if one of fs types is crypto_LUKS include it
[[ $hostonly ]] || [[ $mount_needs ]] && {
for fs in "${host_fs_types[@]}"; do
[[ $fs = "crypto_LUKS" ]] && return 0
done
return 255
}
return 0
}
# called by dracut
depends() {
# depend on crypt for /etc/crypttab
# depend on systemd-networkd for rd.neednet=1
# depend on dracut-systemd for appending to $tmpfilesdir/dracut-tmpfiles.conf
echo crypt systemd-networkd dracut-systemd
return 0
}
# called by dracut
cmdline() {
local fs
for fs in "${host_fs_types[@]}"; do
if [[ "$fs" == "crypto_LUKS" ]]; then
#XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration)
printf "%s" " rd.neednet=1"
break
fi
done
}
# called by dracut
install() {
local _ihttpdconf=$(cmdline)
local fs
#XXX: rd.neednet=1 is mandatory to have active network in initrd
[[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"
# Install cert dirs
inst_dir \
/etc/pki/tls/certs \
/etc/pki/tls/private \
/etc/systemd/network \
$systemdsystemunitdir/ihttpd.service.wants \
/var/www/html
# Install all files
#XXX: force cryptsetup install until systemd-cryptsetup implement a method that don't rely on password ending with \0
inst_multiple \
/etc/hosts \
/etc/localtime \
/etc/mime.types \
/etc/nsswitch.conf \
/etc/pki/tls/certs/ihttpd.pem \
/etc/pki/tls/private/ihttpd.pem \
/etc/systemd/resolved.conf \
$systemdsystemunitdir/systemd-networkd.service \
$systemdsystemunitdir/systemd-resolved.service \
$systemdsystemunitdir/systemd-tmpfiles-setup.service \
$systemdutildir/systemd-resolved \
$tmpfilesdir/ihttpd.conf \
'/sbin/cryptsetup' \
'/usr/bin/false' \
'/usr/bin/reboot' \
'/usr/sbin/ihttpd'
# Install favicon
inst_simple -o /var/www/html/favicon.ico
# Include all ihttpd deps
inst_libdir_file \
"ld-linux-*.so.*" \
"libapr-1.so.*" \
"libaprutil-1.so.*" \
"libcrypto.so.*" \
"libcrypt.so.*" \
"libc.so.*" \
"libdb-*.so" \
"libdl.so.*" \
"libexpat.so.*" \
"libnsl.so.*" \
"libpcre.so.*" \
"libpthread.so.*" \
"libresolv.so.*" \
"librt.so.*" \
"libuuid.so.*" \
"libz.so.*" \
"libnss_files.so.*" \
"libnss_dns.so.*" \
"libnss_myhostname.so.*" \
{"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*"
# Install ihttpd.conf index.bin reboot.bin ihttpd.service
for nc in /etc/ihttpd.conf /var/www/html/index.bin /var/www/html/reboot.bin $systemdsystemunitdir/ihttpd.service; do
inst_simple /usr/lib/ihttpd/${nc##*/} $nc
done
# Force load of ihttpd.service
ln -fs ../ihttpd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
# Copy systemd-networkd config
for nc in `ls /etc/systemd/network/`; do
inst_simple /etc/systemd/network/$nc
done
# Install resolv.conf as symlink
ln -fs '/run/systemd/resolve/resolv.conf' $initdir/etc/resolv.conf
# Install in ihttpd.service.wants
ln -fs \
../systemd-resolved.service \
../systemd-networkd.service \
../systemd-tmpfiles-setup.service \
$initdir$systemdsystemunitdir/ihttpd.service.wants/
# Cleanup resolved.conf
perl -pne 'undef $_ if /^(?:#.*|Domains=|FallbackDNS=|DNS=(?:127.0.0.1|::1)$|$)/;/^DNS=/ && $_ =~ s/(?:127.0.0.1|::1)[ \t]*//g' \
-i "$initdir/etc/systemd/resolved.conf"
# Cleanup nsswitch.conf
perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
-i "$initdir/etc/nsswitch.conf"
# Require systemd-resolve user and group for our ihttpd process
`egrep -q '^systemd-resolve:' $initdir/etc/group` || egrep '^systemd-resolve:' /etc/group >> "$initdir/etc/group"
`egrep -q '^systemd-resolve:' $initdir/etc/passwd` || egrep '^systemd-resolve:' /etc/passwd >> "$initdir/etc/passwd"
#XXX: bug: fix /usr/lib/tmpfiles.d/{systemd,dracut-tmpfiles}.conf missing user and group
`egrep -q '^utmp:' $initdir/etc/group` || egrep '^utmp:' /etc/group >> "$initdir/etc/group"
# Require root user and group for our ihttpd process
`egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
`egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"
# For debug only
if false; then
# Install ihttpd log
ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/
# Install sshd dirs
inst_dir \
/etc/pam.d \
/etc/profile.d \
/etc/security \
/etc/ssh \
/etc/sysconfig \
$systemdsystemunitdir/basic.target.wants \
$systemdsystemunitdir/emergency.target.wants \
$systemdsystemunitdir/rescue.target.wants \
$systemdsystemunitdir/sysinit.target.wants \
/usr/lib64/security \
/usr/share/terminfo/x \
/var/empty
# Install sshd files
inst_multiple \
/etc/bashrc \
/etc/environment \
/etc/gshadow \
/etc/pam.d/sshd \
/etc/pam.d/system-auth \
/etc/profile.d/*.sh \
/etc/security/limits.conf \
/etc/security/pam_env.conf \
/etc/shadow \
/etc/ssh/denyusers \
/etc/ssh/moduli \
/etc/ssh/ssh_config \
/etc/ssh/sshd_config \
/etc/ssh/ssh_host_* \
/root/.bash_profile \
/root/.bashrc \
/usr/bin/cat \
/usr/bin/id \
'/usr/bin/kill' \
/usr/bin/ps \
/usr/lib64/security/pam_cracklib.so \
/usr/lib64/security/pam_deny.so \
/usr/lib64/security/pam_env.so \
/usr/lib64/security/pam_keyinit.so \
/usr/lib64/security/pam_limits.so \
/usr/lib64/security/pam_listfile.so \
/usr/lib64/security/pam_nologin.so \
/usr/lib64/security/pam_succeed_if.so \
/usr/lib64/security/pam_systemd.so \
/usr/lib64/security/pam_tcb.so \
/usr/sbin/sshd \
/usr/share/terminfo/x/*
# Disable pam
#perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
# Install debug sshd service
inst_simple /usr/lib/ihttpd/debug-sshd.service $initdir$systemdsystemunitdir/debug-sshd.service
# Install in sysinit.target.wants
ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
# Install sshd user and group
`grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
`grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
fi
}