feat(systemd-integritysetup): introducing the systemd-integritysetup module

Module to allow root FS to be a dm-integrity volume. Utilizes functionality added with: https://github.com/systemd/systemd/pull/20902 Information on dm-integrity: https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html Signed-off-by: Tony Asleson <tasleson@redhat.com>
3 years ago · 33cf47a608
1 changed files with 59 additions and 0 deletions
--- a/modules.d/01systemd-integritysetup/module-setup.sh
+++ b/modules.d/01systemd-integritysetup/module-setup.sh
@ -0,0 +1,59 @@
				@@ -0,0 +1,59 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd dm
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+installkernel() {
+    instmods dm-integrity
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    inst_multiple -o \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        "$systemdsystemunitdir"/integritysetup-pre.target \
+        "$systemdsystemunitdir"/integritysetup.target \
+        "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            /etc/integritytab \
+            "$systemdsystemconfdir"/integritysetup.target \
+            "$systemdsystemconfdir/integritysetup.target.wants/*.target" \
+            "$systemdsystemconfdir"/integritysetup-pre.target \
+            "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \
+            "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \
+            "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target"
+    fi
+
+    # Install required libraries.
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*"
+
+}