[udpkey] / debian / udpkey.keyscript

#! /bin/sh
### udpkey.keyscript KEY/SERVER:PORT[=TAG][#HASH];...
###
### This is an example cryptsetup key-script for fetching keys during early
### boot.  The argument is obtained as the `key-file' field from the
### crypttab(5) file.  The KEY is the key tag name requested from the
### server(s); the rest of the argument is a udpkey(1) source-spec.
###
### A hook script or similar should arrange for /usr/bin/udpkey to be
### installed and for the following things to be placed in /etc/udpkey in the
### initramfs.  See udpkey.initramfs-hook for an example.
###
### keyring	The keyring file used by udpkey.
###
### KEY.local	A locally held key fragment.  (Optional.)
###
### seed	A key for udpkey's random-number generator.  Ideally, a hook
###		script should write high-quality random data to this file
###		each time the initramfs is constructed.
###
### The generated initramfs will contain important secrets.  It must not be
### left readable by unprivileged users.

set -e

## Check the command-line argument.
case $#,$1 in
  1,*/*:*) tag=${1%%/*} server=${1#*/} ;;
  *) echo >&2 "Usage: $0 KEY/SERVER:PORT[=TAG][#HASH];..."; exit 16 ;;
esac

## Some preflight checks.
if [ ! -x /usr/bin/udpkey ]; then
  echo >&2 "$0: can't find udpkey executable"
  exit 8
fi
if [ ! -f /etc/udpkey/keyring ]; then
  echo >&2 "$0: can't find local keyring"
  exit 8
fi

## Make sure we have networking.
if [ -f /scripts/functions ]; then
  . /scripts/functions
  configure_networking
fi >&2

## Build a command line.
cmd="/usr/bin/udpkey -k/etc/udpkey/keyring"
if [ -f /etc/udpkey/seed ]; then
  cmd="$cmd -r/etc/udpkey/seed"
fi
cmd="$cmd $tag $server"
if [ -f /etc/udpkey/$tag.local ]; then
  cmd="$cmd /etc/udpkey/$tag.local"
fi

## Ready to rock.
exec $cmd
Commit	Line	Data
247f344a MW	1	#! /bin/sh
	2	### udpkey.keyscript KEY/SERVER:PORT[=TAG][#HASH];...
	3	###
	4	### This is an example cryptsetup key-script for fetching keys during early
	5	### boot. The argument is obtained as the `key-file' field from the
	6	### crypttab(5) file. The KEY is the key tag name requested from the
	7	### server(s); the rest of the argument is a udpkey(1) source-spec.
	8	###
	9	### A hook script or similar should arrange for /usr/bin/udpkey to be
	10	### installed and for the following things to be placed in /etc/udpkey in the
	11	### initramfs. See udpkey.initramfs-hook for an example.
	12	###
	13	### keyring The keyring file used by udpkey.
	14	###
	15	### KEY.local A locally held key fragment. (Optional.)
	16	###
	17	### seed A key for udpkey's random-number generator. Ideally, a hook
	18	### script should write high-quality random data to this file
	19	### each time the initramfs is constructed.
	20	###
	21	### The generated initramfs will contain important secrets. It must not be
	22	### left readable by unprivileged users.
	23
	24	set -e
	25
	26	## Check the command-line argument.
	27	case $#,$1 in
	28	1,/:) tag=${1%%/} server=${1#*/} ;;
	29	*) echo >&2 "Usage: $0 KEY/SERVER:PORT[=TAG][#HASH];..."; exit 16 ;;
	30	esac
	31
	32	## Some preflight checks.
	33	if [ ! -x /usr/bin/udpkey ]; then
	34	echo >&2 "$0: can't find udpkey executable"
	35	exit 8
	36	fi
	37	if [ ! -f /etc/udpkey/keyring ]; then
	38	echo >&2 "$0: can't find local keyring"
	39	exit 8
	40	fi
	41
	42	## Make sure we have networking.
	43	if [ -f /scripts/functions ]; then
	44	. /scripts/functions
	45	configure_networking
37b2b8ac	46	fi >&2
247f344a MW	47
	48	## Build a command line.
	49	cmd="/usr/bin/udpkey -k/etc/udpkey/keyring"
	50	if [ -f /etc/udpkey/seed ]; then
	51	cmd="$cmd -r/etc/udpkey/seed"
	52	fi
	53	cmd="$cmd $tag $server"
	54	if [ -f /etc/udpkey/$tag.local ]; then
	55	cmd="$cmd /etc/udpkey/$tag.local"
	56	fi
	57
	58	## Ready to rock.
	59	exec $cmd