summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2006-05-03 16:01:41 +0000
committererdgeist <erdgeist@erdgeist.org>2006-05-03 16:01:41 +0000
commit96700dbb845dfae4facc52e361c36d32adc3e9b3 (patch)
tree284785f5a9353b284c1bf05abc08875c6c8c4095
parentb5acbdb9036346482acbc32ded6dfb3774f38f8a (diff)
Crypto image init-attach args converter introduced.
-rwxr-xr-xezjail-admin68
-rwxr-xr-xezjail.sh13
2 files changed, 66 insertions, 15 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 5e30c9f..2c6e7ee 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -43,7 +43,7 @@ detach_images () {
43 umount ${ezjail_rootdir} > /dev/null 43 umount ${ezjail_rootdir} > /dev/null
44 case ${ezjail_imagetype} in 44 case ${ezjail_imagetype} in
45 bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;; 45 bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;;
46 eli) geil detach /dev/${ezjail_imagedevice} > /dev/null;; 46 eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;;
47 esac 47 esac
48 mdconfig -d -u ${ezjail_imagedevice} > /dev/null 48 mdconfig -d -u ${ezjail_imagedevice} > /dev/null
49 [ "$1" = "success" ] || rm -f ${ezjail_image} 49 [ "$1" = "success" ] || rm -f ${ezjail_image}
@@ -139,7 +139,7 @@ case "$1" in
139######################## ezjail-admin CREATE ######################## 139######################## ezjail-admin CREATE ########################
140create) 140create)
141 # Clean variables, prevent polution 141 # Clean variables, prevent polution
142 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config 142 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams
143 ezjail_fillme="YES" 143 ezjail_fillme="YES"
144 144
145 shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in 145 shift; while getopts :f:r:s:xic:C: arg; do case ${arg} in
@@ -246,16 +246,24 @@ create)
246 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" 246 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
247 247
248 case "${ezjail_imagetype}" in 248 case "${ezjail_imagetype}" in
249 bde) 249 bde|eli)
250 # Initialise crypto image 250 # parse imageparams, generate attachparams
251 echo "Initialising crypto device. Enter a new passphrase twice..." 251 if [ -n "${ezjail_imageparams}" ] ; then
252 gbde init /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not initialise crypto image." 252 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh `
253 253 [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed"
254 echo "Attaching crypto device. Enter the passphrase..." 254 fi
255 gbde attach /dev/${ezjail_imagedevice} || detach_images || exerr "Error: Could not attach crypto image." 255 case "${ezjail_imagetype}" in
256 ezjail_device=${ezjail_imagedevice}.bde 256 bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}"
257 ;; 257 attach_cmd="gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams}";;
258 eli) 258 eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}"
259 attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";;
260 esac
261 echo "Initialising crypto device. Enter a new passphrase twice... (if necessary)"
262 ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image."
263
264 echo "Attaching crypto device. Enter the passphrase... (if necessary)"
265 ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image."
266 ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype}
259 ;; 267 ;;
260 simple) 268 simple)
261 ezjail_device=${ezjail_imagedevice} 269 ezjail_device=${ezjail_imagedevice}
@@ -306,6 +314,7 @@ create)
306 echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} 314 echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config}
307 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} 315 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config}
308 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} 316 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config}
317 echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config}
309 318
310 # Final steps for flavour installation 319 # Final steps for flavour installation
311 if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then 320 if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then
@@ -545,6 +554,41 @@ config)
545 esac 554 esac
546 555
547 ;; 556 ;;
557
558##############################################################################
559# ezjail_imageparams HACK starts here
560#
561#
562_parse_geli_attach_args_)
563 # create geli(8) attach arguments from geli(8) init arguments:
564 # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present,
565 # everything else is dicarded
566 shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in
567 b|v|a|i|l|s);; # ignore these
568 P) echo -n "-p ";;
569 K) echo -n "-k '$OPTARG' ";;
570 ?) exit 11;;
571 esac; done
572 exit 0
573 ;;
574_parse_gbde_attach_args_)
575 # create gbde(8) attach arguments from gbde(8) init arguments:
576 # -L lockfile becomes -l lockfile if present
577 # -K keyfile becomes -k keyfile if present
578 # -P passphrase becomes -p passphrase if present
579 # everything else is discarded
580 shift; while getopts :iK:f:L:P: arg; do case ${arg} in
581 i|f);; # ignore these
582 P) echo -n "-p '$OPTARG' ";;
583 K) echo -n "-k '$OPTARG' ";;
584 L) echo -n "-l '$OPTARG' ";;
585 ?) exit 11;;
586 esac; done
587 exit 0
588 ;;
589#
590# ezjail_imageparams HACK ends here (thank god)
591##############################################################################
548*) 592*)
549 exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" 593 exerr "Usage: `basename -- $0` [config|create|delete|install|list|update] {params}"
550 ;; 594 ;;
diff --git a/ezjail.sh b/ezjail.sh
index 49d915f..e461436 100755
--- a/ezjail.sh
+++ b/ezjail.sh
@@ -60,6 +60,7 @@ do_cmd()
60 eval ezjail_root=\"\$jail_${ezjail}_rootdir\" 60 eval ezjail_root=\"\$jail_${ezjail}_rootdir\"
61 eval ezjail_image=\"\$jail_${ezjail}_image\" 61 eval ezjail_image=\"\$jail_${ezjail}_image\"
62 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" 62 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\"
63 eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\"
63 64
64 # Cannot auto mount crypto jails without interrupting boot process 65 # Cannot auto mount crypto jails without interrupting boot process
65 [ "${ezjail_fromrc}" = "YES" -a "${ezjail_imagetype}" = "crypto" -a "${action}" = "start" ] && continue 66 [ "${ezjail_fromrc}" = "YES" -a "${ezjail_imagetype}" = "crypto" -a "${action}" = "start" ] && continue
@@ -95,12 +96,15 @@ attach_detach_pre ()
95 case ${ezjail_imagetype} in 96 case ${ezjail_imagetype} in
96 crypto|bde) 97 crypto|bde)
97 echo "Attaching gbde device for image jail ${ezjail}..." 98 echo "Attaching gbde device for image jail ${ezjail}..."
98 gbde attach /dev/${ezjail_device} 99 echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh
99
100 # Device to mount is not md anymore 100 # Device to mount is not md anymore
101 ezjail_device=${ezjail_device}.bde 101 ezjail_device=${ezjail_device}.bde
102 ;; 102 ;;
103 eli) 103 eli)
104 echo "Attaching gbde device for image jail ${ezjail}..."
105 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh
106 # Device to mount is not md anymore
107 ezjail_device=${ezjail_device}.eli
104 ;; 108 ;;
105 esac 109 esac
106 110
@@ -115,7 +119,10 @@ attach_detach_pre ()
115 ezjail_device=`stat -f "%Y" ${ezjail_root}.device` 119 ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
116 120
117 # Add this device to the list of devices to be unmounted 121 # Add this device to the list of devices to be unmounted
118 ezjail_mds="${ezjail_mds} ${ezjail_device%.bde}" 122 case ${ezjail_imagetype} in
123 crypto|bde) ezjail_mds="${ezjail_mds} ${ezjail_device%.bde}" ;;
124 eli) ezjail_mds="${ezjail_mds} ${ezjail_device%.eli}" ;;
125 esac
119 126
120 # Remove soft link (which acts as a lock) 127 # Remove soft link (which acts as a lock)
121 rm -f ${ezjail_root}.device 128 rm -f ${ezjail_root}.device