mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-14 22:32:30 +01:00
241 lines
7.8 KiB
Bash
241 lines
7.8 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (c) 1999 Matt Dillon
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions
|
|
# are met:
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
# documentation and/or other materials provided with the distribution.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
# SUCH DAMAGE.
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
# PROVIDE: initdiskless
|
|
# KEYWORD: FreeBSD
|
|
|
|
|
|
# On entry to this script the entire system consists of a read-only root
|
|
# mounted via NFS. We use the contents of /conf to create and populate
|
|
# memory filesystems. The kernel has run BOOTP and configured an interface
|
|
# (otherwise it would not have been able to mount the NFS root!)
|
|
#
|
|
# The following directories are scanned. Each sucessive directory overrides
|
|
# (is merged into) the previous one.
|
|
#
|
|
# /conf/base universal base
|
|
# /conf/default modified by a secondary universal base
|
|
# /conf/${ipba} modified based on the assigned broadcast IP
|
|
# /conf/${ip} modified based on the machine's assigned IP
|
|
#
|
|
# Each of these directories may contain any number of subdirectories which
|
|
# represent directories in / on the diskless machine. The existance of
|
|
# these subdirectories causes this script to create a MEMORY FILESYSTEM for
|
|
# /<sub_directory_name>. For example, if /conf/base/etc exists then a
|
|
# memory filesystem will be created for /etc.
|
|
#
|
|
# If a subdirectory contains the file 'diskless_remount' the contents of
|
|
# the file is used to remount the subdirectory prior to it being copied to
|
|
# the memory filesystem. For example, if /conf/base/etc/diskless_remount
|
|
# contains the string 'my.server.com:/etc' then my.server.com:/etc will be
|
|
# mounted in place of the subdirectory. This allows you to avoid making
|
|
# duplicates of system directories in /conf.
|
|
#
|
|
# If a subdirectory contains the file 'md_size', the contents of the
|
|
# file is used to determine the size of the memory filesystem, in 512
|
|
# byte sectors. The default is 10240 (5MB). You only have to specify an
|
|
# md_size if the default doesn't work for you (i.e. if it is too big or
|
|
# too small). For example, /conf/base/etc/md_size might contain '16384'.
|
|
#
|
|
# If /conf/<special_dir>/SUBDIR.cpio.gz exists, the file is cpio'd into
|
|
# the specified /SUBDIR (and a memory filesystem is created for /SUBDIR
|
|
# if necessary).
|
|
#
|
|
# If /conf/<special_dir>/SUBDIR.remove exists, the file contains a list
|
|
# of paths which are rm -rf'd relative to /SUBDIR.
|
|
#
|
|
# You will almost universally want to create a /conf/base/etc containing
|
|
# a diskless_remount and possibly an md_size file. You will then almost
|
|
# universally want to override rc.conf, rc.local, and fstab by creating
|
|
# /conf/default/etc/{rc.conf,rc.local,fstab}. Your fstab should be sure
|
|
# to mount a /usr... typically an NFS readonly /usr.
|
|
#
|
|
# NOTE! /etc/rc.d/diskless will create /var, /tmp, and /dev.
|
|
# Those filesystems should not be specified in /conf. At least not yet.
|
|
|
|
dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null`
|
|
[ ${dlv:=0} -eq 0 ] && exit 0
|
|
|
|
# chkerr:
|
|
#
|
|
# Routine to check for error
|
|
#
|
|
# checks error code and drops into shell on failure.
|
|
# if shell exits, terminates script as well as /etc/rc.
|
|
#
|
|
chkerr() {
|
|
case $1 in
|
|
0)
|
|
;;
|
|
*)
|
|
echo "$2 failed: dropping into /bin/sh"
|
|
/bin/sh
|
|
# RESUME
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# Create a generic memory disk
|
|
#
|
|
mount_md() {
|
|
/sbin/mdmfs -i 4096 -s $1 -M md $2
|
|
}
|
|
|
|
# Create the memory filesystem if it has not already been created
|
|
#
|
|
create_md() {
|
|
if [ "x`eval echo \\$md_created_$1`" = "x" ]; then
|
|
if [ "x`eval echo \\$md_size_$1`" = "x" ]; then
|
|
md_size=10240
|
|
else
|
|
md_size=`eval echo \\$md_size_$1`
|
|
fi
|
|
mount_md $md_size /$1
|
|
/bin/chmod 755 /$1
|
|
eval md_created_$1=created
|
|
fi
|
|
}
|
|
|
|
# DEBUGGING
|
|
#
|
|
# set -v
|
|
|
|
# Figure out our interface and IP.
|
|
#
|
|
bootp_ifc=""
|
|
bootp_ipa=""
|
|
bootp_ipbca=""
|
|
iflist=`ifconfig -l`
|
|
for i in ${iflist} ; do
|
|
set `ifconfig ${i}`
|
|
while [ $# -ge 1 ] ; do
|
|
if [ "${bootp_ifc}" = "" -a "$1" = "inet" ] ; then
|
|
bootp_ifc=${i} ; bootp_ipa=${2} ; shift
|
|
fi
|
|
if [ "${bootp_ipbca}" = "" -a "$1" = "broadcast" ] ; then
|
|
bootp_ipbca=$2; shift
|
|
fi
|
|
shift
|
|
done
|
|
if [ "${bootp_ifc}" != "" ] ; then
|
|
break
|
|
fi
|
|
done
|
|
echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca}"
|
|
|
|
# Figure out our NFS root path
|
|
#
|
|
set `mount -t nfs`
|
|
while [ $# -ge 1 ] ; do
|
|
if [ "$2" = "on" -a "$3" = "/" ]; then
|
|
nfsroot="$1"
|
|
break
|
|
fi
|
|
shift
|
|
done
|
|
|
|
# Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca},
|
|
# and /conf/${bootp_ipa}. For each subdirectory found within these
|
|
# directories:
|
|
#
|
|
# - calculate memory filesystem sizes. If the subdirectory (prior to
|
|
# NFS remounting) contains the file 'md_size', the contents specified
|
|
# in 512 byte sectors will be used to size the memory filesystem. Otherwise
|
|
# 8192 sectors (4MB) is used.
|
|
#
|
|
# - handle NFS remounts. If the subdirectory contains the file
|
|
# diskless_remount, the contents of the file is NFS mounted over
|
|
# the directory. For example /conf/base/etc/diskless_remount
|
|
# might contain 'myserver:/etc'. NFS remounts allow you to avoid
|
|
# having to dup your system directories in /conf. Your server must
|
|
# be sure to export those filesystems -alldirs, however.
|
|
# If the diskless_remount file contains a string beginning with a
|
|
# '/' it is assumed that the local nfsroot should be prepended to
|
|
# it before attemping to the remount. This allows the root to be
|
|
# relocated without needing to change the remount files.
|
|
#
|
|
for i in base default ${bootp_ipbca} ${bootp_ipa} ; do
|
|
for j in /conf/$i/* ; do
|
|
# memory filesystem size specification
|
|
#
|
|
subdir=${j##*/}
|
|
if [ -d $j -a -f $j/md_size ]; then
|
|
eval md_size_$subdir=`cat $j/md_size`
|
|
fi
|
|
|
|
# NFS remount
|
|
#
|
|
if [ -d $j -a -f $j/diskless_remount ]; then
|
|
nfspt=`/bin/cat $j/diskless_remount`
|
|
if [ `expr "$nfspt" : '\(.\)'` = "/" ]; then
|
|
nfspt="${nfsroot}${nfspt}"
|
|
fi
|
|
mount_nfs $nfspt $j
|
|
chkerr $? "mount_nfs $nfspt $j"
|
|
fi
|
|
done
|
|
done
|
|
|
|
# - Create all required MFS filesystems and populate them from
|
|
# our templates. Support both a direct template and a dir.cpio.gz
|
|
# archive. Support dir.remove files containing a list of relative
|
|
# paths to remove.
|
|
#
|
|
# TODO:
|
|
# + find a way to assign a 'group' identifier to a machine
|
|
# so we can use group-specific configurations;
|
|
|
|
for i in base default ${bootp_ipbca} ${bootp_ipa} ; do
|
|
for j in /conf/$i/* ; do
|
|
subdir=${j##*/}
|
|
if [ -d $j ]; then
|
|
create_md $subdir
|
|
cp -Rp $j/* /$subdir
|
|
fi
|
|
done
|
|
for j in /conf/$i/*.cpio.gz ; do
|
|
subdir=${j%*.cpio.gz}
|
|
subdir=${subdir##*/}
|
|
if [ -f $j ]; then
|
|
create_md $subdir
|
|
echo "Loading /$subdir from cpio archive $j"
|
|
(cd / ; /stand/gzip -d < $j | /stand/cpio --extract -d )
|
|
fi
|
|
done
|
|
for j in /conf/$i/*.remove ; do
|
|
subdir=${j%*.remove}
|
|
subdir=${subdir##*/}
|
|
if [ -f $j ]; then
|
|
# doubly sure it is a memory disk before rm -rf'ing
|
|
create_md $subdir
|
|
(cd /$subdir; rm -rf `/bin/cat $j`)
|
|
fi
|
|
done
|
|
done
|
|
|