dracut/modules.d/91crypt-gpg/module-setup.sh

#!/bin/bash

# GPG support is optional
# called by dracut
check() {
    require_binaries gpg || return 1

    if sc_requested; then
        if ! sc_supported; then
            dwarning "crypt-gpg: GnuPG >= 2.1 with scdaemon and libusb required for ccid smartcard support"
            return 1
        fi
        return 0
    fi

    return 255
}

# called by dracut
depends() {
    echo crypt
}

# called by dracut
install() {
    inst_multiple gpg
    inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"

    if sc_requested; then
        inst_multiple gpg-agent
        inst_multiple gpg-connect-agent
        inst_multiple /usr/libexec/scdaemon
        cp "$dracutsysrootdir$(sc_public_key)" "${initdir}/root/"
    fi
}

sc_public_key() {
    echo -n "/etc/dracut.conf.d/crypt-public-key.gpg"
}

# CCID Smartcard support requires GnuPG >= 2.1 with scdaemon and libusb
sc_supported() {
    local gpgMajor="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')"
    local gpgMinor="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')"
    if [[ "${gpgMajor}" -gt 2 || "${gpgMajor}" -eq 2 && "${gpgMinor}" -ge 1 ]] && \
       require_binaries gpg-agent &&
       require_binaries gpg-connect-agent &&
       require_binaries /usr/libexec/scdaemon &&
       ($DRACUT_LDD "$dracutsysrootdir"/usr/libexec/scdaemon | grep libusb > /dev/null); then
        return 0
    else
        return 1
    fi
}

sc_requested() {
    if [ -f "$dracutsysrootdir$(sc_public_key)" ]; then
        return 0
    else
        return 1
    fi
}
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`#!/bin/bash`

			`# GPG support is optional`
*/module-setup.sh: add comments for dracut called functions 12 years ago			`# called by dracut`
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`check() {`
Factor out all the "type -V" commands Add new functions require_binaries() and require_any_binary() to be used in the check() section of module-setup.sh. These functions print a warning line telling the user, which binary is missing for the specific dracut module. This unifies the way of checking for binaries and makes the life of an initramfs creator easier, if he wants to find out why a specific dracut module is not included in the initramfs. 11 years ago			`require_binaries gpg \|\| return 1`
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago
crypt-gpg: Rework setup for CCID smartcard support 8 years ago			`if sc_requested; then`
			`if ! sc_supported; then`
			`dwarning "crypt-gpg: GnuPG >= 2.1 with scdaemon and libusb required for ccid smartcard support"`
			`return 1`
			`fi`
crypt-gpg: Include module if CCID smartcard support requested 8 years ago			`return 0`
crypt-gpg: For GnuPG >= 2.1 support OpenPGP smartcards 10 years ago			`fi`

new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`return 255`
			`}`

*/module-setup.sh: add comments for dracut called functions 12 years ago			`# called by dracut`
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`depends() {`
			`echo crypt`
			`}`

*/module-setup.sh: add comments for dracut called functions 12 years ago			`# called by dracut`
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`install() {`
dracut-functions.sh: inst_multiple == dracut_install 12 years ago			`inst_multiple gpg`
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"`
crypt-gpg: For GnuPG >= 2.1 support OpenPGP smartcards 10 years ago
crypt-gpg: Rework setup for CCID smartcard support 8 years ago			`if sc_requested; then`
crypt-gpg: For GnuPG >= 2.1 support OpenPGP smartcards 10 years ago			`inst_multiple gpg-agent`
			`inst_multiple gpg-connect-agent`
crypt-gpg: Rework setup for CCID smartcard support 8 years ago			`inst_multiple /usr/libexec/scdaemon`
Allow running on a cross-compiled rootfs For the shell scripts, new environment variables were introduced. dracutsysrootdir is the root directory, file existence checks use it. DRACUT_LDCONFIG can override ldconfig with a different one that works on the sysroot with foreign binaries. DRACUT_LDD can override ldd with a different one that works with foreign binaries. DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot may use symlinks that are valid only when running on the target so a real file must be provided that exist in the sysroot. DRACUT_INSTALL now supports debugging dracut-install in itself when run by dracut but without debugging the dracut scripts. E.g. DRACUT_INSTALL="valgrind dracut-install or DRACUT_INSTALL="dracut-install --debug". DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA, DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ, DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4, DRACUT_COMPRESS_CAT: All of the compression utilities may be overridden, to support the native binaries in non-standard places. DRACUT_ARCH overrides "uname -m". SYSTEMD_VERSION overrides "systemd --version". The dracut-install utility was overhauled to support sysroot via a new option -r and fixes for clang-analyze. It supports cross-compiler-ldd from https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f DRACUT_INSTALL_PATH was introduced so dracut-install can work with a different PATH. In a cross-compiled environment (e.g. Yocto), PATH points to natively built binaries that are not in the host's /bin, /usr/bin, etc. dracut-install still needs plain /bin and /usr/bin that are relative to the cross-compiled sysroot. The hashmap pool allocate_tile/deallocate_tile code was removed because clang-analyze showed errors in it. hashmap_copy was removed because it wasn't used and clang-analyze showed errors in it. DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were introduced so dracut-install can use different settings from DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL. Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu> 5 years ago			`cp "$dracutsysrootdir$(sc_public_key)" "${initdir}/root/"`
crypt-gpg: Rework setup for CCID smartcard support 8 years ago			`fi`
			`}`

			`sc_public_key() {`
			`echo -n "/etc/dracut.conf.d/crypt-public-key.gpg"`
			`}`

			`# CCID Smartcard support requires GnuPG >= 2.1 with scdaemon and libusb`
			`sc_supported() {`
			`local gpgMajor="$(gpg --version \| sed -n 1p \| sed -n -r -e 's\|.* ([0-9]).\|\1\|p')"`
			`local gpgMinor="$(gpg --version \| sed -n 1p \| sed -n -r -e 's\|.* [0-9]\.([0-9]).*\|\1\|p')"`
			`if [[ "${gpgMajor}" -gt 2 \|\| "${gpgMajor}" -eq 2 && "${gpgMinor}" -ge 1 ]] && \`
			`require_binaries gpg-agent &&`
			`require_binaries gpg-connect-agent &&`
			`require_binaries /usr/libexec/scdaemon &&`
fix: shellcheck for modules.d/91crypt-gpg/module-setup.sh 4 years ago			`($DRACUT_LDD "$dracutsysrootdir"/usr/libexec/scdaemon \| grep libusb > /dev/null); then`
crypt-gpg: Rework setup for CCID smartcard support 8 years ago			`return 0`
			`else`
			`return 1`
			`fi`
			`}`

			`sc_requested() {`
Allow running on a cross-compiled rootfs For the shell scripts, new environment variables were introduced. dracutsysrootdir is the root directory, file existence checks use it. DRACUT_LDCONFIG can override ldconfig with a different one that works on the sysroot with foreign binaries. DRACUT_LDD can override ldd with a different one that works with foreign binaries. DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot may use symlinks that are valid only when running on the target so a real file must be provided that exist in the sysroot. DRACUT_INSTALL now supports debugging dracut-install in itself when run by dracut but without debugging the dracut scripts. E.g. DRACUT_INSTALL="valgrind dracut-install or DRACUT_INSTALL="dracut-install --debug". DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA, DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ, DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4, DRACUT_COMPRESS_CAT: All of the compression utilities may be overridden, to support the native binaries in non-standard places. DRACUT_ARCH overrides "uname -m". SYSTEMD_VERSION overrides "systemd --version". The dracut-install utility was overhauled to support sysroot via a new option -r and fixes for clang-analyze. It supports cross-compiler-ldd from https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f DRACUT_INSTALL_PATH was introduced so dracut-install can work with a different PATH. In a cross-compiled environment (e.g. Yocto), PATH points to natively built binaries that are not in the host's /bin, /usr/bin, etc. dracut-install still needs plain /bin and /usr/bin that are relative to the cross-compiled sysroot. The hashmap pool allocate_tile/deallocate_tile code was removed because clang-analyze showed errors in it. hashmap_copy was removed because it wasn't used and clang-analyze showed errors in it. DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were introduced so dracut-install can use different settings from DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL. Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu> 5 years ago			`if [ -f "$dracutsysrootdir$(sc_public_key)" ]; then`
crypt-gpg: Rework setup for CCID smartcard support 8 years ago			`return 0`
			`else`
			`return 1`
crypt-gpg: For GnuPG >= 2.1 support OpenPGP smartcards 10 years ago			`fi`
new module - 91crypt-gpg It's an extension to 90crypt module. Adds support for GPG-encrypted keys (symmetrically, of course). Module is optional. 14 years ago			`}`