#!/usr/bin/bash # called by dracut check() { local _fs # if cryptsetup is not installed, then we cannot support encrypted devices. require_binaries cryptsetup || return 1 # hostonly mode check [[ $hostonly ]] && { for _fs in "${host_fs_types[@]}"; do # include when a crypto_LUKS fs is present [[ $_fs = "crypto_LUKS" ]] && return 0 done # include if required by other module return 255 } # include by default return 0 } # called by dracut depends() { # depend on crypt for /etc/crypttab # depend on systemd-networkd for rd.neednet=1 echo crypt systemd-networkd return 0 } # called by dracut cmdline() { local _fs for _fs in "${host_fs_types[@]}"; do if [[ "$_fs" == "crypto_LUKS" ]]; then #XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration) printf "%s" " rd.neednet=1" break fi done } # called by dracut install() { local _ihttpdconf=$(cmdline) #XXX: rd.neednet=1 is mandatory to have active network in initrd [[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf" # Install required dirs inst_dir \ /etc/pki/tls/certs \ /etc/pki/tls/private \ /etc/systemd/network \ $systemdsystemunitdir/ihttpd.service.wants \ $systemdsystemunitdir/sysinit.target.wants \ /var/www/html # Install all files #XXX: force cryptsetup install until systemd-cryptsetup implement a method that don't rely on password ending with \0 inst_multiple \ /etc/hosts \ /etc/localtime \ /etc/mime.types \ /etc/nsswitch.conf \ /etc/pki/tls/certs/ihttpd.pem \ /etc/pki/tls/private/ihttpd.pem \ $systemdsystemunitdir/systemd-networkd.service \ '/sbin/cryptsetup' \ '/usr/bin/false' \ '/usr/bin/reboot' \ '/usr/sbin/ihttpd' # Install favicon inst_simple -o /var/www/html/favicon.ico # Include all ihttpd deps inst_libdir_file \ "ld-linux-*.so.*" \ "libapr-1.so.*" \ "libaprutil-1.so.*" \ "libcrypto.so.*" \ "libcrypt.so.*" \ "libc.so.*" \ "libdb-*.so" \ "libdl.so.*" \ "libexpat.so.*" \ "libnsl.so.*" \ "libpcre.so.*" \ "libpthread.so.*" \ "libresolv.so.*" \ "librt.so.*" \ "libuuid.so.*" \ "libz.so.*" \ "libnss_files.so.*" \ "libnss_dns.so.*" \ "libnss_myhostname.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*" # Install ihttpd.conf index.bin reboot.bin ihttpd.service for nc in /etc/ihttpd.conf /var/www/html/index.bin /var/www/html/reboot.bin $systemdsystemunitdir/ihttpd.service; do inst_simple /usr/lib/ihttpd/${nc##*/} $nc done # Force load of ihttpd.service ln -fs ../ihttpd.service $initdir$systemdsystemunitdir/sysinit.target.wants/ # Copy systemd-networkd config for nc in `ls /etc/systemd/network/`; do inst_simple /etc/systemd/network/$nc done # Install resolv.conf as symlink grep -vE '^($|#|nameserver 127.0.0.1|nameserver ::1)' /etc/resolv.conf > $initdir/etc/resolv.conf # Install in ihttpd.service.wants ln -fs \ ../systemd-networkd.service \ $initdir$systemdsystemunitdir/ihttpd.service.wants/ # Cleanup nsswitch.conf perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \ -i "$initdir/etc/nsswitch.conf" # Require root user and group for our ihttpd process `egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group" `egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd" # For debug only if false; then # Install ihttpd log ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/ # Install sshd dirs inst_dir \ /etc/pam.d \ /etc/profile.d \ /etc/security \ /etc/ssh \ /etc/sysconfig \ $systemdsystemunitdir/basic.target.wants \ $systemdsystemunitdir/emergency.target.wants \ $systemdsystemunitdir/rescue.target.wants \ /usr/lib64/security \ /usr/share/terminfo/x \ /var/empty # Install sshd files inst_multiple \ /etc/bashrc \ /etc/environment \ /etc/gshadow \ /etc/pam.d/sshd \ /etc/pam.d/system-auth \ /etc/profile.d/*.sh \ /etc/security/limits.conf \ /etc/security/pam_env.conf \ /etc/shadow \ /etc/ssh/denyusers \ /etc/ssh/moduli \ /etc/ssh/ssh_config \ /etc/ssh/sshd_config \ /etc/ssh/ssh_host_* \ /root/.bash_profile \ /root/.bashrc \ /usr/bin/cat \ /usr/bin/id \ '/usr/bin/kill' \ /usr/bin/ps \ /usr/lib64/security/pam_cracklib.so \ /usr/lib64/security/pam_deny.so \ /usr/lib64/security/pam_env.so \ /usr/lib64/security/pam_keyinit.so \ /usr/lib64/security/pam_limits.so \ /usr/lib64/security/pam_listfile.so \ /usr/lib64/security/pam_nologin.so \ /usr/lib64/security/pam_succeed_if.so \ /usr/lib64/security/pam_systemd.so \ /usr/lib64/security/pam_tcb.so \ /usr/sbin/sshd \ /usr/share/terminfo/x/* # Disable pam #perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config" perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config" # Install debug sshd service inst_simple /usr/lib/ihttpd/debug-sshd.service $initdir$systemdsystemunitdir/debug-sshd.service # Install in sysinit.target.wants ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/ # Install sshd user and group `grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd" `grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group" fi }