bilibop-0.4.20/0000755000000000000000000000000012251231505010077 5ustar bilibop-0.4.20/usr/0000755000000000000000000000000012165414757010730 5ustar bilibop-0.4.20/usr/share/0000755000000000000000000000000012165414757012032 5ustar bilibop-0.4.20/usr/share/bilibop/0000755000000000000000000000000012244300427013434 5ustar bilibop-0.4.20/usr/share/bilibop/grub_device_map_manager0000755000000000000000000000743112165414757020212 0ustar #!/bin/sh set -e # /usr/share/bilibop/grub_device_map_manager # Replace /boot/grub/device.map by a symlink to /run/bilibop/grub-device.map # is a way to always keep the file up to date. Or create a persistent fake # device map. # # Options: # -h, --help Print help message on stdout and exit # -f, --fake Replace device map content by a fake # -l, --link Link grub device map to /run/bilibop/grub-device.map # -r, --remove Remove /boot/grub/device.map # -s, --show Display grub device map location and content # -u, --update Run grub-mkdevicemap ### BEGIN ### PATH="/usr/sbin:/sbin:/usr/bin:/bin" PROG="${0##*/}" SOPTS="fhlrsu" LOPTS="fake,help,link,remove,show,update" . /lib/bilibop/common.sh get_udev_root get_bilibop_variables GRUB_DEVICE_MAP="/boot/grub/device.map" short_usage() { cat <&2 exit 1 else eval set -- "${ARGS}" fi ################################################################################ set -e if [ "${1}" = "--" ]; then show="true" fi while true; do case "${1}" in -f|--fake) fake="true" shift ;; -h|--help) usage exit 0 ;; -l|--link) link="true" shift ;; -r|--remove) remove="true" shift ;; -s|--show) show="true" shift ;; -u|--update) update="true" shift ;; --) shift break ;; *) unknown_argument "${1}" >&2 short_usage >&2 exit 1 ;; esac done if [ ! -d "/boot/grub" ]; then echo "${PROG}: /boot/grub directory doesn't exist." >&2 exit 3 fi if [ "${fake}" = "true" -a "${update}" = "true" ]; then echo "${PROG}: --fake and --update options are not compatible." >&2 exit 1 fi # Run now... if [ "${remove}" = "true" ]; then rm -f ${GRUB_DEVICE_MAP} fi if [ "${link}" = "true" ]; then link_device_map ${GRUB_DEVICE_MAP} fi if [ "${update}" = "true" ]; then grub-mkdevicemap fi if [ "${fake}" = "true" ]; then fake_device_map >${GRUB_DEVICE_MAP} fi if [ "${show}" = "true" ]; then show_device_map ${GRUB_DEVICE_MAP} fi ### END ### # vim: ts=4 sts=4 sw=4 bilibop-0.4.20/usr/share/bilibop/make_unpersistent_rules0000755000000000000000000001102112165414757020345 0ustar #!/bin/sh set -e # /usr/share/bilibop/make_unpersistent_rules # Remove some persistent udev rules files (cd & net) and replace them by links # to unpersistent files (in /run/udev/rules.d); ...or restore them. # This is made because these persistent rules files are cumulative, and so are # not very adapted for an operating system on external hard disk or usb key. ### BEGIN ### PATH="/sbin:/bin:/usr/bin" PROG="${0##*/}" SOPTS="ho:rsv" LOPTS="help,only:,restore,status,verbose" ETC_RULES_DIR="/etc/udev/rules.d" RUN_RULES_DIR="/run/udev/rules.d" if [ -f /etc/udev/udev.conf ]; then . /etc/udev/udev.conf fi udev_root="${udev_root:-/dev}" udev_root="${udev_root%/}" status="" restore="" verbose="" only="" TYPE="" SKIP="" short_usage() { cat < ${@}" fi "${@}" } set +e ### Parse options ############################################################## ARGS="$(getopt -o ${SOPTS} --long ${LOPTS} -n ${PROG} -- "${@}")" if [ "${?}" != "0" ]; then short_usage >&2 exit 1 else eval set -- "${ARGS}" fi ################################################################################ set -e while true; do case "${1}" in -h|--help) usage exit 0 ;; -o|--only) only="${2}" shift 2 ;; -r|--restore) restore="true" shift ;; -s|--status) status="true" shift ;; -v|--verbose) verbose="-v" shift ;; --) shift break ;; *) unknown_argument "${1}" >&2 short_usage >&2 exit 1 ;; esac done if [ "${status}" = "true" ]; then for rules in 70-persistent-cd.rules 70-persistent-net.rules; do printf "%s\t" "${rules}" if [ -h "${ETC_RULES_DIR}/${rules}" ]; then printf "%s " ":link: ->" readlink -f ${ETC_RULES_DIR}/${rules} elif [ -f "${ETC_RULES_DIR}/${rules}" ]; then printf "%s " ":file: ==" ls ${ETC_RULES_DIR}/${rules} else printf "%s\n" ":none: ()" fi done exit 0 fi # Now, analyse the results. case "${only}" in cd) TYPE="cd" SKIP="net" ;; net) TYPE="net" SKIP="cd" ;; "") TYPE="cd net" SKIP="" ;; *) unknown_argument "${only}" >&2 short_usage >&2 exit 1 ;; esac make_regular() { persistent="${ETC_RULES_DIR}/70-persistent-${1}.rules" if [ -h "${persistent}" ]; then unpersistent="$(readlink -f ${persistent})" execute rm ${verbose} ${persistent} if [ -f "${unpersistent}" ]; then execute mv ${verbose} ${unpersistent} ${persistent} else execute touch ${persistent} fi elif [ ! -f "${persistent}" ]; then unpersistent="${RUN_RULES_DIR}/70-persistent-${1}.rules" if [ -f "${unpersistent}" ]; then execute mv ${verbose} ${unpersistent} ${persistent} else execute touch ${persistent} fi fi } make_symlink() { persistent="${ETC_RULES_DIR}/70-persistent-${1}.rules" unpersistent="${RUN_RULES_DIR}/70-persistent-${1}.rules" if [ -h "${persistent}" ]; then target="$(readlink -f ${persistent})" if [ "${target}" = "${unpersistent}" ]; then [ -f "${target}" ] || execute touch ${target} # nothing else to do: continue else #[ -d "${RUN_RULES_DIR}" ] || execute mkdir -p ${RUN_RULES_DIR} [ -f "${target}" ] && execute mv ${verbose} ${target} ${unpersistent} execute rm ${verbose} ${persistent} fi elif [ -f "${persistent}" ]; then #[ -d "${RUN_RULES_DIR}" ] || execute mkdir -p ${RUN_RULES_DIR} execute mv ${verbose} ${persistent} ${unpersistent} fi #[ -e "${persistent}" ] && execute rm ${verbose} ${persistent} [ -e "${unpersistent}" ] || execute touch ${unpersistent} execute ln -s ${verbose} ${unpersistent} ${persistent} } # And run... if [ "${restore}" = "true" ]; then for i in ${TYPE}; do make_regular ${i} done for i in ${SKIP}; do make_symlink ${i} done else for i in ${TYPE}; do make_symlink ${i} done for i in ${SKIP}; do make_regular ${i} done fi ### END ### # vim: ts=4 sts=4 sw=4 bilibop-0.4.20/usr/share/bilibop/physical_volumes_filter0000755000000000000000000003714212244300427020324 0ustar #!/bin/sh set -e # /usr/share/bilibop/physical_volumes_filter # Get|set the 'filter' (or 'global_filter') and 'obtain_device_list_from_udev' # variables in lvm.conf(5). ### BEGIN ### PATH="/bin:/usr/bin" PROG="${0##*/}" SOPTS="a:bDd:f:ghilnor:sux:" LOPTS="accept:,blank,default,delimiter:,exclude:,file:,global,help,init,list-pv,noglobal,overwrite,reject:,show,udev" # Check if 'lvm' is installed; if not, exit unconditionally. have_lvm="1" for dir in /sbin /usr/sbin /bin /usr/bin; do if [ -x "${dir}/lvm" ]; then have_lvm="$?" break fi done if [ "${have_lvm}" = "1" ]; then echo "${PROG}: lvm command not found." >&2 exit 11 fi unset have_lvm # Initialize other variables and load bilibop functions LVM_CONF="${LVM_SYSTEM_DIR:=/etc/lvm}/lvm.conf" blank="false" # --blank default="false" # --default init="false" # --init listpv="false" # --list-pv overwrite="false" # --overwrite show="false" # --show udev="false" # --udev accept_all="false" # --accept all filter="false" # --accept, --reject, --exclude global="false" # --global noglobal="false" # --noglobal B="|"; E="${B}" # --delimiter exit_code="" # for -o with unwritable file reject_path="" # not empty if /dev/disk/by-path is already rejected reject_block="" # not empty if /dev/block is already rejected FILTER_STRING="" # final result of all -a, -r or -x options ALREADY_DONE="" # list of already treated devices . /lib/bilibop/pvfilter.sh get_udev_root # short_usage() ============================================================={{{ # Print short help in case of error. short_usage() { cat < a specific block device verbatim=* an arbitrary string -b, --blank Start with a blank 'filter' before to apply --accept and --reject options. -D, --default Reset filter to its default value (i.e. accept all). -d ?, --delimiter ? Set the delimiter to use at the beginning and end of a 'accept' or 'reject' pattern. Can be invoked several times, one before each -a or -r option. Valid delimiters can be: "!", "#", "%", "+", ",", ".", ":", ";", "=", "@", "|", "{}", "[]" and "()". Most of them must be protected to not be interpreted by the shell. -f FILE, --file FILE Use FILE as an alternative LVM configuration file. -g, --global Set the 'global_filter' instead of 'filter'. If this variable is not supported (i.e. lvm2 < 2.02.98), this option is silently ignored. Note that this variable is not set by default. If 'global_filter' is supported and if it is set (even with an empty array), then --global is implicit. See also --noglobal. -h, --help Print this message on stdout and exit. -i, --init Initialize lvm.conf if one of the file itself, its 'devices' section, or the 'filter' or 'obtain_device_list_from_udev' variables are missing. Filter is then set to its default value (i.e. [ "a|.*|" ] for 'filter', [ ] for 'global_filter'). -l, --list-pv List block devices with LVM2_member fstype and exit. -n, --noglobal Do not modify 'global_filter', even if it is already set. This overrides the implicit behaviour of the --global option, and forces the command to be applied to the 'filter' variable. See also --global. -o, --overwrite Overwrite the configuration file (lvm.conf). -s, --show Show the filter rules in use or built with other options. Used with --list-pv, show all symlinks found in /dev for each listed PV. -u, --udev Set the 'obtain_device_list_from_udev' variable to 1 and obtain device list from udev. When used with --list-pv, override the -s option and show only the symlinks managed by udev. -x ARG, --exclude ARG Same as --reject, except that all symlinks to devices to reject are rejected. ARG can be: insidev only PV on internal disks bilibop only PV on the same disk than the root filesystem other only PV on other disks a specific block device EOF } # ===========================================================================}}} set +e ### Parse options ############################################################## ARGS="$(getopt -o ${SOPTS} --long ${LOPTS} -n ${PROG} -- "${@}")" if [ "${?}" != "0" ]; then short_usage >&2 exit 1 else eval set -- "${ARGS}" fi ################################################################################ set -e # Parse options ============================================================={{{ while true; do case "${1}" in -h|--help) usage exit 0 ;; -i|--init) init="true" shift ;; -g|--global) global="true" noglobal="false" shift ;; -n|--noglobal) noglobal="true" global="false" shift ;; -f|--file) LVM_CONF="${2}" shift 2 ;; -s|--show) show="true" shift ;; -u|--udev) udev="true" shift ;; -b|--blank) blank="true" shift ;; -o|--overwrite) overwrite="true" shift ;; -l|--list-pv) listpv="true" shift ;; -D|--default) default="true" shift ;; -d|--delimiter) # This option will be parsed again later shift 2 ;; -a|--accept) # This option will be parsed again later, but we have to know in # advance if the filter will contain something like "a|.*|". In # that case, the list of devices to reject must contain all the # symlinks to the rejected devices. if [ "${2}" = "all" ]; then accept_all="true" fi shift 2 ;; -r|--reject) # This option will be parsed again later shift 2 ;; -x|--exclude) # This option will be parsed again later shift 2 ;; --) shift break ;; *) unknown_argument "${1}" >&2 short_usage >&2 exit 1 ;; esac done # Options will be parsed again: eval set -- "${ARGS}" # Fix the behaviour of the --global/--noglobal options: if 'global_filter' is # supported and is set, the command will be applied to it, unless --noglobal # is invoked; if 'global_filter' is supported but not set, the command will # be applied to 'filter', unless --global is invoked (with --init); and if # 'global_filter' is not supported, --global/--noglobal are silently ignored. if _pvfilter_has_global; then global_filter_is_supported="true" if grep -qs '^[[:blank:]]*global_filter[[:blank:]]*=[[:blank:]]*\[.*\]' ${LVM_CONF}; then [ "${noglobal}" = "true" ] || global="true" fi else global_filter_is_supported="false" global="false" fi # ===========================================================================}}} ################################################################# # At first, treat options that override, bypass or reset others # ################################################################# # 0. If no option is invoked, or only -f FILE or --file FILE, just # display the actual settings (if possible) and exit: if [ "${1}" = "--" ] || [ "${3}" = "--" -a "${1}" = "-f" ] || [ "${3}" = "--" -a "${1}" = "--file" ]; then not_found=0 grep -qs '^[[:blank:]]*devices[[:blank:]]{' ${LVM_CONF} || not_found="$?" case "${not_found}" in 0) grep '^[[:blank:]]*obtain_device_list_from_udev[[:blank:]]*=' ${LVM_CONF} || not_found=$((not_found+$?)) if [ "${global_filter_is_supported}" = "true" ]; then grep '^[[:blank:]]*\(global_\)\?filter[[:blank:]]*=' ${LVM_CONF} || not_found=$((not_found+$?)) else grep '^[[:blank:]]*filter[[:blank:]]*=' ${LVM_CONF} || not_found=$((not_found+$?)) fi [ "${not_found}" != "0" ] && echo "${PROG}: a needed variable is not defined in ${LVM_CONF}" >&2 && echo "Use '--init' option to create it." >&2 exit ${not_found} ;; 1) echo "${PROG}: 'devices' section is missing in ${LVM_CONF}." >&2 echo "Use '--init' option to create it." >&2 exit 10 ;; 2) echo "${PROG}: ${LVM_CONF} does not exist." >&2 echo "Use '--init' option to create it." >&2 exit 10 ;; esac exit $? fi # 1. -l, --list-pv # List LVM2 members - even those rejected by the filter - and exit. if [ "${listpv}" = "true" ]; then _pvfilter_list_pv exit $? fi # 2. -i, --init # Check lvm.conf consistency (relatively to its 'devices' section and/or # 'obtain_device_list_from_udev' and 'filter' variables); add missing # file, section and/or variables if asked by --init, and exit. If --init # is not invoked but something is missing, exit too. if [ "${init}" = "true" ]; then if [ -f "${LVM_CONF}" ]; then _pvfilter_init_device_filters || exit $? else _pvfilter_init_lvm_configfile || exit $? fi exit 0 else _pvfilter_init_lvm_configfile || exit $? _pvfilter_init_device_filters || exit $? fi # 3. -d, --default # Reset -b, -u, -o, -a and -r options. if [ "${default}" = "true" ]; then echo "${PROG}: ${LVM_CONF} reset to default filter (accept all)." >&2 udev="true" blank="true" overwrite="true" ARGS="--accept all --" eval set -- "${ARGS}" fi # 4. Some options cannot be invoked by unprivileged users: if [ ! -r "${LVM_CONF}" ]; then echo "${PROG}: ${LVM_CONF} is not readable." >&2 exit 10 elif [ ! -w "${LVM_CONF}" ]; then if [ "${overwrite}" = "true" ]; then overwrite="false" show="true" exit_code="11" exec 1>&2 echo "${PROG}: you don't have write permissions on ${LVM_CONF}" echo "THIS IS A DRY RUN:" fi fi # Build the strings to filter ==============================================={{{ # For that, we parse options and arguments again: while true; do case "${1}" in --) shift break ;; -d|--delimiter) _pvfilter_delimiter "${2}" shift 2 ;; -a|--accept) case "${2}" in all) FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }\"a${B}.*${E}\"" filter="true" blank="true" break ;; verbatim=*) verbatim="${2#verbatim=}" [ -n "${verbatim}" ] && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }\"a${B}${verbatim}${E}\"" ;; bilibop|insidev|other|${udev_root}/*) _pvfilter_list_filter_devices "${2}" [ -n "${diskid}" ] && diskid="$(_pvfilter_accept_string "" ${diskid})" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${diskid:+\"${diskid}\"}" [ -n "${dmname}" ] && dmname="$(_pvfilter_accept_string ${udev_root}/mapper ${dmname})" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${dmname:+\"${dmname}\"}" [ -n "${lvname}" ] && lvname="$(_pvfilter_accept_string "" ${lvname})" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${lvname:+\"${lvname}\"}" ;; *) unknown_argument "${2}" >&2 short_usage >&2 exit 1 ;; esac filter="true" shift 2 ;; -r|--reject) case "${2}" in all) FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }\"r${B}.*${E}\"" filter="true" blank="true" break ;; verbatim=*) verbatim="${2#verbatim=}" [ -n "${verbatim}" ] && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }\"r${B}${verbatim}${E}\"" ;; bilibop|insidev|other|${udev_root}/*) if [ "${accept_all}" = "true" ]; then _pvfilter_list_exclude_devices "${2}" [ -n "${devlist}" ] && devlist="$(_pvfilter_reject_string "" ${devlist} -f)" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${devlist:+\"${devlist}\"}" [ -n "${dirlist}" ] && dirlist="$(_pvfilter_reject_string ${udev_root} ${dirlist} -d)" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${dirlist:+\"${dirlist}\"}" else _pvfilter_list_filter_devices "${2}" [ -n "${diskid}" ] && diskid="$(_pvfilter_reject_string "" ${diskid})" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${diskid:+\"${diskid}\"}" [ -n "${dmname}" ] && dmname="$(_pvfilter_reject_string ${udev_root}/mapper ${dmname})" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${dmname:+\"${dmname}\"}" [ -n "${lvname}" ] && lvname="$(_pvfilter_accept_string "" ${lvname})" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${lvname:+\"${lvname}\"}" fi ;; *) unknown_argument "${2}" >&2 short_usage >&2 exit 1 ;; esac filter="true" shift 2 ;; -x|--exclude) case "${2}" in bilibop|insidev|other|${udev_root}/*) _pvfilter_list_exclude_devices "${2}" [ -n "${devlist}" ] && devlist="$(_pvfilter_reject_string "" ${devlist} -f)" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${devlist:+\"${devlist}\"}" [ -n "${dirlist}" ] && dirlist="$(_pvfilter_reject_string ${udev_root} ${dirlist} -d)" && FILTER_STRING="${FILTER_STRING:+${FILTER_STRING}, }${dirlist:+\"${dirlist}\"}" ;; *) unknown_argument "${2}" >&2 short_usage >&2 exit 1 ;; esac filter="true" shift 2 ;; *) shift ;; esac done # ===========================================================================}}} # Run now! LVM_TEMP="$(mktemp /tmp/lvm.conf.XXXXXXX)" trap "rm -f ${LVM_TEMP}" 0 2 3 6 9 15 [ "${udev}" = "true" ] && u=1 || u=0 sed "s,^\(\s*obtain_device_list_from_udev\s*=\s*\).*,\1${u}," ${LVM_CONF} >${LVM_TEMP} if [ "${global}" = "true" -a "${blank}" = "true" ]; then sed -i "s?^\(\s*global_filter\s*=\s*\[\).*]?\1${FILTER_STRING:+ ${FILTER_STRING}} ]?" ${LVM_TEMP} elif [ "${global}" = "true" ]; then sed -i "s?^\(\s*global_filter\s*=\s*\[\)?\1${FILTER_STRING:+ ${FILTER_STRING}, }?" ${LVM_TEMP} elif [ "${blank}" = "true" ]; then sed -i "s?^\(\s*filter\s*=\s*\[\).*]?\1${FILTER_STRING:+ ${FILTER_STRING}} ]?" ${LVM_TEMP} else sed -i "s?^\(\s*filter\s*=\s*\[\)?\1${FILTER_STRING:+ ${FILTER_STRING}, }?" ${LVM_TEMP} fi # Overwrite the file: if [ "${overwrite}" = "true" ]; then if ! diff -q ${LVM_CONF} ${LVM_TEMP} >/dev/null; then cp ${LVM_CONF} ${LVM_CONF}.bak cat ${LVM_TEMP} >${LVM_CONF} fi if [ "${show}" = "true" ]; then if [ "${global_filter_is_supported}" = "true" ]; then grep '^[[:blank:]]*\(\(global_\)\?filter\|obtain_device_list_from_udev\)[[:blank:]]*=' ${LVM_CONF} else grep '^[[:blank:]]*\(filter\|obtain_device_list_from_udev\)[[:blank:]]*=' ${LVM_CONF} fi fi # Show only (--show is implicit when --overwrite is not invoked): elif [ "${global_filter_is_supported}" = "true" ]; then grep '^[[:blank:]]*\(\(global_\)\?filter\|obtain_device_list_from_udev\)[[:blank:]]*=' ${LVM_TEMP} else grep '^[[:blank:]]*\(filter\|obtain_device_list_from_udev\)[[:blank:]]*=' ${LVM_TEMP} fi exit ${exit_code} ### END ### # vim: ts=4 sts=4 sw=4 bilibop-0.4.20/usr/share/bilibop/bilibop_rules_generator0000755000000000000000000003265712244300427020277 0ustar #!/bin/sh set -e # /usr/share/bilibop/bilibop_rules_generator # Produce a udev rules file to: # - create a symlink to the physical hard disk (or usb key, memstick, etc) # on which the system is installed. # - force this disk and its partitions to be owned by the 'disk' group # instead of the 'floppy' group, to forbid low-level write access on this # disk by unprivileged users. # - hide the partitions of this disk for the desktop applications, or rename # them, set their icon, etc. depending if udisks is installed and also # depending on the bilibop config file. # # The generated (specific) rules file is placed into /etc/udev/rules.d and # overrides the (generic) rules file placed into /lib/udev/rules.d, with the # same name. This can be done to decrease boot time, or if the shell script # called from the generic rules file fails to find the underlying hard disk # of the running system - or if the system to set has been chrooted, etc. # # We assume the system can be booted from USB, FireWire or SD-Card # TODO: add support for eSATA devices. ### BEGIN ### PATH="/bin:/usr/bin" PROG="${0##*/}" SOPTS="a:e:hn:o:t:" LOPTS="attribute:,environment:,help,name:,output:,target:" ETC_RULES_DIR="/etc/udev/rules.d" LIB_RULES_DIR="/lib/udev/rules.d" # If a udev rules file exists in /lib/udev/rules.d, it can be overridden by # an other file with the same name in /etc/udev/rules.d. If the file don't # exist in /lib, then we can write a rules file in /etc to be executed very # early. RULE="$(ls ${LIB_RULES_DIR}/??-bilibop.rules 2>/dev/null || echo 20-bilibop.rules)" RULE="${RULE##*/}" . /lib/bilibop/common.sh get_udev_root get_bilibop_variables # Other variables NODE="" # the device node (/dev/sda, /dev/sdb) KEY="" # the type of udev key (ENV, ATTRS) CLASS="" # the sysfs attribute class (serial, model, vendor...) or the # udev environment variable name (ID_SERIAL, ID_MODEL...) VALUE="" # the value of the attribute or environment variable attrib="" envvar="" header="" output="" target="" rules=0 short_usage() { cat <&2 exit 1 else eval set -- "${ARGS}" fi ################################################################################ set -e while true; do case "${1}" in -h|--help) usage exit 0 ;; -a|--attribute) attrib="${2}" shift 2 ;; -e|--environment) envvar="${2}" shift 2 ;; -n|--name) header="${2}" shift 2 ;; -o|--output) output="${2}" shift 2 ;; -t|--target) target="${2}" shift 2 ;; --) shift break ;; *) unknown_argument "${1}" >&2 short_usage >&2 exit 1 ;; esac done # Now, analyse the results. # 1. Redirect stdout. if [ -n "${output}" ]; then case "${output}" in -) output="" ;; -*) unknown_argument "${output}" >&2 usage >&2 exit 1 ;; *) if [ ! -d "$(dirname "${output}")" ]; then cat >&2 <"${TEMPOUT}" fi ;; esac else output="${ETC_RULES_DIR}/${RULE}" TEMPOUT="$(mktemp /tmp/bilibop-rules.XXXXXXX)" trap "rm -f ${TEMPOUT}" 0 2 3 6 9 15 exec 1>"${TEMPOUT}" fi # 2. Set target. if [ -n "${target}" ]; then if ! [ -b "${target}" -o -d "${target}" -o -f "${target}" ]; then cat >&2 <&2 <"; then noway="model" elif echo "${attrib}" | grep -q '\'; then noway="vendor" fi if [ -n "${noway}" ]; then uncompatible_attributes "${x}" "${noway}" >&2 exit 1 fi ;; *) unknown_argument "${x}" >&2 short_usage exit 1 ;; esac done fi # 5. Get udev environment variables names. if [ -n "${envvar}" ]; then envvar="$(echo ${envvar} | tr ',' ' ')" for x in ${envvar}; do case "${x}" in ID_SERIAL|ID_SERIAL_SHORT|ID_MODEL|ID_VENDOR) ;; *) unknown_argument "${x}" >&2 exit 1 ;; esac done fi # 6. Query udev environment variables. eval $(query_udev_envvar ${NODE}) # Run now... if [ -z "${attrib}" -a -z "${envvar}" ]; then if [ ${rules} -eq 0 ]; then sysfs_attrs_rule manufacturer || echo "Unavailable sysfs attribute: manufacturer" >&2 sysfs_attrs_rule product || echo "Unavailable sysfs attribute: product" >&2 sysfs_attrs_rule serial || echo "Unavailable sysfs attribute: serial" >&2 fi if [ ${rules} -eq 0 ]; then # Use this for an external HDD you can boot from both USB or # FireWire. sysfs_attrs_rule vendor || echo "Unavailable sysfs attribute: vendor" >&2 sysfs_attrs_rule model || echo "Unavailable sysfs attribute: model" >&2 fi if [ ${rules} -eq 0 ]; then # It seems ID_SERIAL is a good fallback (exists in almost all # cases) udev_envvar_rule ID_SERIAL || echo "Unavailable udev property: ID_SERIAL" >&2 fi else for a in ${attrib}; do sysfs_attrs_rule "${a}" || echo "Unavailable sysfs attribute: ${a}" >&2 done for e in ${envvar}; do udev_envvar_rule "${e}" || echo "Unavailable udev property: ${e}" >&2 done fi # XXX: if [ ${rules} -eq 0 ]; then for x in ${attrib}; do attrib_not_found="${attrib_not_found:+${attrib_not_found}, }'${x}'" done attrib_not_found="${attrib_not_found:+${attrib_not_found} sysfs attribute(s)}" for x in ${envvar}; do envvar_not_found="${envvar_not_found:+${envvar_not_found}, }'${x}'" done envvar_not_found="${envvar_not_found:+${envvar_not_found} udev environment variable(s)}" if [ -z "${attrib}" -a -z "${envvar}" ]; then not_found="for" elif [ -n "${attrib_not_found}" -a -n "${envvar_not_found}" ]; then not_found="from ${attrib_not_found} or ${envvar_not_found} for" else not_found="from ${attrib_not_found}${envvar_not_found} for" fi cat >&2 < # $ udevadm info --query property --name # See udev(7) for details. SUBSYSTEM!="block", GOTO="bilibop_end" ACTION!="add|change", GOTO="bilibop_end" KERNEL=="dm-?*|loop?*", GOTO="bilibop_virtual_block" KERNEL!="sd?*|mmcblk?*|mspblk?*", GOTO="bilibop_end" ${ALL_RULES}, \\ GROUP:="disk", \\ TAG+="BILIBOP", \\ GOTO="bilibop_physical_block" SUBSYSTEMS=="usb|firewire", GOTO="bilibop_end" KERNEL=="sd?*", TAG+="INSIDEV" GOTO="bilibop_end" LABEL="bilibop_physical_block" ATTR{partition}=="?*", \\ ENV{BILIBOP_PARTITION}="%r/%k", \\ GOTO="bilibop_subdevice" ATTR{removable}=="?*", \\ SYMLINK+="${BILIBOP_COMMON_BASENAME}/disk", \\ ENV{BILIBOP_DISK}="%r/%k" ATTR{removable}=="?*", \\ TEST=="/lib/udev/rules.d/80-udisks.rules", \\ ENV{ID_DRIVE_DETACHABLE}:="0", \\ ENV{UDISKS_SYSTEM_INTERNAL}:="1" ATTR{removable}=="?*", \\ TEST=="/lib/udev/rules.d/80-udisks2.rules", \\ ENV{UDISKS_CAN_POWER_OFF}:="0", \\ ENV{UDISKS_SYSTEM}:="1" ATTR{removable}=="?*", \\ GOTO="bilibop_end" LABEL="bilibop_virtual_block" TEST!="/lib/udev/bilibop_disk", GOTO="bilibop_end" KERNEL=="loop?*", \\ TEST=="loop/backing_file", \\ PROGRAM=="bilibop_disk --test %r/%k", \\ PROGRAM=="bilibop_disk --part %r/%k", \\ ENV{BILIBOP_UNDERLYING_PARTITION}="%c", \\ TAG+="BILIBOP", \\ GOTO="bilibop_subdevice" KERNEL=="dm-?*", \\ PROGRAM=="bilibop_disk --test %r/%k", \\ PROGRAM=="bilibop_disk --part %r/%k", \\ ENV{BILIBOP_UNDERLYING_PARTITION}="%c", \\ SYMLINK+="mapper/%s{dm/name}", \\ TAG+="BILIBOP", \\ GOTO="bilibop_subdevice" GOTO="bilibop_end" LABEL="bilibop_subdevice" TEST!="/lib/udev/bilibop_disk", GOTO="bilibop_end" PROGRAM=="bilibop_disk --root %r/%k", SYMLINK+="%c" ENV{DM_SUSPENDED}=="1", GOTO="bilibop_dm_end" ENV{ID_FS_USAGE}=="", IMPORT{program}="/sbin/blkid -o udev -p %r/%k" KERNEL!="dm-?*", GOTO="bilibop_dm_end" ATTR{dm/uuid}=="LVM-?*", ENV{DM_LV_NAME}=="", \\ IMPORT{program}="/sbin/dmsetup splitname --nameprefixes --noheadings --rows %s{dm/name}" ENV{DM_LV_NAME}=="?*", ENV{DM_VG_NAME}=="?*", ENV{DM_LV_LAYER}=="", \\ SYMLINK+="%E{DM_VG_NAME}/%E{DM_LV_NAME}" LABEL="bilibop_dm_end" TEST!="/lib/udev/rules.d/80-udisks.rules", GOTO="bilibop_udisks_end" PROGRAM=="bilibop_disk --lock %r/%k", ENV{UDISKS_SYSTEM_INTERNAL}:="1" PROGRAM=="bilibop_disk --hide %r/%k", ENV{UDISKS_PRESENTATION_HIDE}:="1", GOTO="bilibop_udisks_end" PROGRAM=="bilibop_disk --icon %r/%k", ENV{UDISKS_PRESENTATION_ICON_NAME}:="%c" PROGRAM=="bilibop_disk --name %r/%k", ENV{UDISKS_PRESENTATION_NAME}:="%c" LABEL="bilibop_udisks_end" TEST!="/lib/udev/rules.d/80-udisks2.rules", GOTO="bilibop_udisks2_end" PROGRAM=="bilibop_disk --lock %r/%k", ENV{UDISKS_SYSTEM}:="1" PROGRAM=="bilibop_disk --hide %r/%k", ENV{UDISKS_IGNORE}:="1", GOTO="bilibop_udisks2_end" PROGRAM=="bilibop_disk --icon %r/%k", ENV{UDISKS_ICON_NAME}:="%c" PROGRAM=="bilibop_disk --name %r/%k", ENV{UDISKS_NAME}:="%c" LABEL="bilibop_udisks2_end" LABEL="bilibop_end" EOF if [ -f "${TEMPOUT}" -a -n "${output}" ]; then umask 022 touch ${output} cat ${TEMPOUT} >|${output} fi ### END ### # vim: ts=4 sts=4 sw=4 bilibop-0.4.20/usr/share/initramfs-tools/0000755000000000000000000000000012165414757015164 5ustar bilibop-0.4.20/usr/share/initramfs-tools/hooks/0000755000000000000000000000000012244114417016273 5ustar bilibop-0.4.20/usr/share/initramfs-tools/hooks/bilibop-lockfs0000755000000000000000000000414512244114417021124 0ustar #!/bin/sh PREREQ="klibc" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac # Add bilibop functions and needed commands to use them. ### BEGIN ### . /usr/share/initramfs-tools/hook-functions # Copy the needed bilibop functions files: cp --parents /lib/bilibop/common.sh ${DESTDIR} cp --parents /lib/bilibop/lockfs.sh ${DESTDIR} # Add commands needed by the bilibop functions. This depends if busybox is # added too or not. if [ "${BUSYBOX}" = "n" -o ! -e ${BUSYBOXDIR}/busybox ] then copy_exec /bin/df /bin copy_exec /bin/grep /bin copy_exec /bin/sed /bin copy_exec /sbin/blockdev /sbin # replace klibc's 'readlink': rm -f ${DESTDIR}/bin/readlink copy_exec /bin/readlink /bin fi # Copy the needed module: manual_add_modules aufs # Be sure the removable media hosting the system can be managed: force_load usb-storage force_load firewire-sbp2 force_load mmc_block # Add a list of LV used by local filesystems. if [ -x /sbin/lvm ] then lv_list=$(lvm lvs --noheadings -o vg_name,lv_name) [ -n "${lv_list}" ] || exit 0 else exit 0 fi . /lib/bilibop/common.sh get_udev_root mkdir -p ${DESTDIR}/etc/lvm LV_LIST="${DESTDIR}/etc/lvm/bilibop" for dev in $(grep -v '^[[:blank:]]*\(#\|$\)' /etc/fstab | sed 's,^\s*\([^[:blank:]]\+\)\s.*,\1,') do case "${dev}" in UUID=*|LABEL=*) dev="$(findfs ${dev})" ;; /*) ;; *) continue ;; esac dev="$(readlink -f ${dev})" devlist="${devlist} ${dev}" done [ -f "/etc/crypttab" ] && for dev in $(grep -v '^[[:blank:]]*\(#\|$\)' /etc/crypttab | sed 's,^\s*[^[:blank:]]\+\s\+\([^[:blank:]]\+\)\s.*,\1,') do case "${dev}" in UUID=*|LABEL=*) dev="$(findfs ${dev})" ;; /*) ;; *) continue ;; esac dev="$(readlink -f ${dev})" devlist="${devlist} ${dev}" done echo "${lv_list}" | while read VG LV do for dev in ${devlist} do case "${dev}" in ${udev_root}/dm-*) if [ "$(readlink -f ${udev_root}/${VG}/${LV})" = "${dev}" ] || [ "$(readlink -f ${udev_root}/mapper/${VG}-${LV})" = "${dev}" ] then touch ${LV_LIST} echo ${VG}/${LV} >>${LV_LIST} break fi ;; *) continue ;; esac done done : ### END ### bilibop-0.4.20/usr/share/initramfs-tools/scripts/0000755000000000000000000000000012165414757016653 5ustar bilibop-0.4.20/usr/share/initramfs-tools/scripts/init-top/0000755000000000000000000000000012236272332020404 5ustar bilibop-0.4.20/usr/share/initramfs-tools/scripts/init-top/bilibop-lockfs0000755000000000000000000000517012236272332023234 0ustar #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac # Modify local lvm.conf (in the initramfs) to lock LVM metadata with: # global { # locking_type = 4 # metadata_read_only = 1 # } # activation { # read_only_volume_list = [ "vg0/lv0", "vg0/lv1", "vg1/lv0", "vg1/lv1", "vg1/lv2" ] # } # This is done very early in the boot process, before activation of Logical # Volumes. # If the system has no Logical Volume registered in fstab, nothing to do: [ -f "/etc/lvm/bilibop" ] || exit 0 # /proc/cmdline will be parsed several times. We call 'cat' only one time: readonly CMDLINE="$(cat /proc/cmdline)" # Set verbosity from boot commandline: for param in ${CMDLINE} do case "${param}" in quiet) quiet="y" break ;; esac done # Load functions: . /scripts/functions . /lib/bilibop/lockfs.sh udev_root="/dev" BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_POLICY="hard" # Check if BILIBOP_LOCKFS or BILIBOP_LOCKFS_POLICY are overridden from the # boot commandline. To enable bilibop-lockfs in single-user mode, it is # necessary to use 'lockfs=force'. for param in ${CMDLINE} do case "${param}" in single|S|1) single="true" ;; [02-6]) single="false" ;; nolockfs) BILIBOP_LOCKFS="false" _force="false" ;; lockfs) BILIBOP_LOCKFS="true" ;; lockfs=*) BILIBOP_LOCKFS="true" for opt in $(IFS=',' ; echo ${param#lockfs=}) do case "${opt}" in default) BILIBOP_LOCKFS_POLICY="hard" _force="false" ;; force) _force="true" ;; hard|soft) BILIBOP_LOCKFS_POLICY="${opt}" ;; esac done ;; esac done # 'lockfs=force' boot option is available only for single-user sessions: if [ "${single}" = "true" ] then BILIBOP_LOCKFS="false" [ "${_force}" = "true" ] && BILIBOP_LOCKFS="true" fi # But it may also happen that a drive is physically locked by a switch (write # protected). Unfortunately, at this step, there is no way to know if the # write-protected drive is the one that hosts the system, or not. if dmesg | grep -q '\([Ww]rite [Pp]rotect [Ii]s [Oo]n\|[MG]i\?B (ro)\)$'; then BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_POLICY="hard" fi # If bilibop-lockfs is disabled, or enabled with a 'soft' policy, do nothing: if [ "${BILIBOP_LOCKFS}" = "true" ] && [ "${BILIBOP_LOCKFS_POLICY}" = "hard" ] then log_warning_msg "${0##*/}: Set LVM read-only." else log_warning_msg "${0##*/}: Nothing to do." exit 0 fi # Now modify 'locking_type', 'metadata_read_only' and 'read_only_volume_list' # variables in (initramfs)/etc/lvm/lvm.conf: LVM_CONF="/etc/lvm/lvm.conf" initialize_lvm_conf "${udev_root}" set_readonly_lvm_settings : bilibop-0.4.20/usr/share/initramfs-tools/scripts/local-bottom/0000755000000000000000000000000012244114417021233 5ustar bilibop-0.4.20/usr/share/initramfs-tools/scripts/local-bottom/bilibop-rules0000755000000000000000000000217412236272332023737 0ustar #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac # Create non-empty symlinked files in temporary directories under /run. # bilibop-specific temporary directory (in /run), and populate it. ### BEGIN ### if [ -f /etc/udev/udev.conf ]; then . /etc/udev/udev.conf fi udev_root="${udev_root:-/dev}" udev_root="${udev_root%/}" if [ -f ${rootmnt}/etc/bilibop/bilibop.conf ]; then . ${rootmnt}/etc/bilibop/bilibop.conf fi BILIBOP_RUNDIR="/run/${BILIBOP_COMMON_BASENAME:=bilibop}" mkdir -p "${BILIBOP_RUNDIR}" # Create a fake device map (optional, but enabled by default): [ "${BILIBOP_RULES_FAKE_DEVICE_MAP}" = "false" ] || echo "(hd0) ${udev_root}/${BILIBOP_COMMON_BASENAME}/disk" >${BILIBOP_RUNDIR}/grub-device.map # Create two non-empty files. This last action is not absolutely necessary, # but avoids some udev complaints. ETC_RULES_DIR="${rootmnt}/etc/udev/rules.d" RUN_RULES_DIR="/run/udev/rules.d" for rules in cd.rules net.rules; do [ -e "${ETC_RULES_DIR}/70-persistent-${rules}" ] || echo "# 70-(un)persistent-${rules}" >${RUN_RULES_DIR}/70-persistent-${rules} done : ### END ### bilibop-0.4.20/usr/share/initramfs-tools/scripts/local-bottom/bilibop-lockfs0000755000000000000000000002310412244114417024060 0ustar #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac # Lock root filesystem by mounting it readonly with aufs, and modify fstab on # the fly to prepare to automatically lock other filesystems later in the boot # process. # We assume that /proc, /sys and /dev are correctly mounted. # /proc/cmdline will be parsed several times. We call 'cat' only one time: readonly CMDLINE="$(cat /proc/cmdline)" # Set verbosity from boot commandline: for param in ${CMDLINE} do case "${param}" in quiet) quiet="y" break ;; esac done # Load functions: . /scripts/functions . /lib/bilibop/lockfs.sh get_bilibop_variables ${rootmnt} # The bilibop functions assume that udev_root can be different from /dev; but # this applies only for the running system, not for the initramfs. So, we have # to fix it here: get_udev_root UDEV_ROOT="${udev_root}" udev_root="/dev" # Check if BILIBOP_LOCKFS is overridden from the boot commandline. To use # lockfs in single-user mode, it is necessary to use 'lockfs=force'. for param in ${CMDLINE} do case "${param}" in single|S|1) single="true" ;; [02-6]) single="false" ;; nolockfs) BILIBOP_LOCKFS="false" _force="false" ;; lockfs) BILIBOP_LOCKFS="true" ;; lockfs=*) BILIBOP_LOCKFS="true" for opt in $(IFS=',' ; echo ${param#lockfs=}) do case "${opt}" in default) BILIBOP_LOCKFS_POLICY="" BILIBOP_LOCKFS_WHITELIST="" BILIBOP_LOCKFS_SIZE="" BILIBOP_LOCKFS_SWAP_POLICY="" BILIBOP_LOCKFS_NOTIFY_POLICY="" _force="false" SIZE="" ;; force) _force="true" ;; hard|soft) BILIBOP_LOCKFS_POLICY="${opt}" ;; [1-9]*) SIZE="$(printf ${opt} | grep '^[1-9][0-9]*[KkMmGg%]\?$')" ;; all) BILIBOP_LOCKFS_WHITELIST="" ;; -/*) BILIBOP_LOCKFS_WHITELIST="${BILIBOP_LOCKFS_WHITELIST:+${BILIBOP_LOCKFS_WHITELIST} }${opt#-}" ;; esac done ;; noswap) BILIBOP_LOCKFS_SWAP_POLICY="hard" ;; esac done # 'lockfs=force' boot option is available only for single-user sessions: if [ "${single}" = "true" ] then BILIBOP_LOCKFS="false" [ "${_force}" = "true" ] && BILIBOP_LOCKFS="true" fi # Collect information that will be used later: BILIBOP_ROOT="$(underlying_device_from_file ${rootmnt})" BILIBOP_PART="$(underlying_partition ${BILIBOP_ROOT})" BILIBOP_DISK="$(physical_hard_disk ${BILIBOP_PART})" # Check if the drive is physically locked (write protected); if it is the case, # this will override several variables. if is_physically_locked ${BILIBOP_DISK##*/}; then mkdir -p "${BILIBOP_RUNDIR}" cat >${BILIBOP_RUNDIR}/plocked </dev/null 2>&1 # Check if the aufs filesystem is now supported: if ! grep -q '\' /proc/filesystems then log_failure_msg "${0##*/}: No aufs kernel support." log_failure_msg "${0##*/}: Exit." plymouth_message "${0##*/}: ERROR" exit 1 fi # If BILIBOP_LOCKFS_POLICY is not explicitly set to 'soft', then apply a hard # policy: set readonly branch as 'rr' (real readonly) instead of just 'ro' and # set the root device and all its parent devices until the whole disk itself # as readonly, with blockdev(8): if [ "${BILIBOP_LOCKFS_POLICY}" = "soft" ] then RO="ro" else RO="rr" blockdev_root_subtree ro ${BILIBOP_ROOT} ${BILIBOP_DISK} BILIBOP_LOCKFS_POLICY="hard" fi # Determine tmpfs size for the aufs writable branch: if [ -z "${SIZE}" ] then for size in ${BILIBOP_LOCKFS_SIZE} do case "${size}" in /=[1-9]*) SIZE="$(printf ${size#/=} | grep '^[1-9][0-9]*[KkMmGg%]\?$')" break ;; esac done fi log_begin_msg "${0##*/}: Setting up aufs branches" # Prepare directories: BASEDIR="/aufs" HOSTDIR="${BASEDIR}/ro" TEMPDIR="${BASEDIR}/rw" AUFSDIR="${BASEDIR}/aufs" [ -d "${BASEDIR}" ] || mkdir "${BASEDIR}" [ -d "${HOSTDIR}" ] || mkdir "${HOSTDIR}" [ -d "${TEMPDIR}" ] || mkdir "${TEMPDIR}" [ -d "${AUFSDIR}" ] || mkdir "${AUFSDIR}" mount -o bind ${rootmnt} ${HOSTDIR} if ! mount -t tmpfs -o mode=0755${SIZE:+,size=${SIZE}} tmpfs ${TEMPDIR} then # Don't forget to undo what has been done before ! umount ${HOSTDIR} [ "${BILIBOP_LOCKFS_POLICY}" = "soft" ] || blockdev_root_subtree rw ${BILIBOP_ROOT} ${BILIBOP_DISK} log_failure_msg "${0##*/}: Error occured when setting aufs writable branch." log_failure_msg "${0##*/}: Exit." plymouth_message "${0##*/}: ERROR" exit 1 fi # Now do the job: if mount -t aufs -o br:${TEMPDIR}=rw:${HOSTDIR}=${RO} none ${AUFSDIR} then umount ${rootmnt} mount -o move ${AUFSDIR} ${rootmnt} mkdir ${rootmnt}${BASEDIR} mkdir ${rootmnt}${HOSTDIR} mkdir ${rootmnt}${TEMPDIR} mount -o move ${HOSTDIR} ${rootmnt}${HOSTDIR} mount -o move ${TEMPDIR} ${rootmnt}${TEMPDIR} else # Again, don't forget to undo what has been done before: [ "${BILIBOP_LOCKFS_POLICY}" = "soft" ] || blockdev_root_subtree rw ${BILIBOP_ROOT} ${BILIBOP_DISK} umount ${HOSTDIR} umount ${TEMPDIR} _log_msg "failed.\n" log_failure_msg "${0##*/}: Persistent root filesystem is writable." plymouth_message "${0##*/}: ERROR" exit 1 fi # Create a file to say the root filesystem is locked: [ -d "${BILIBOP_RUNDIR}" ] || mkdir "${BILIBOP_RUNDIR}" >${BILIBOP_RUNDIR}/lock log_end_msg log_success_msg "${0##*/}: Root filesystem is now locked (${BILIBOP_LOCKFS_POLICY} policy)." case "${BILIBOP_LOCKFS_NOTIFY_POLICY}" in never|nolockfs) ;; *) plymouth_message "${0##*/}: ${BILIBOP_LOCKFS_POLICY} policy is enabled" ;; esac # Avoid filesystems check: >${rootmnt}/fastboot # This is for the case LVM is used for something else than $ROOT and $resume, # and cryptsetup is not used (no /conf/conf.d/cryptroot in the initrd); in # such a case, only $ROOT and $resume are activated from initrd; others are # activated from the system with an initscript; but: # 1. if BILIBOP_LOCKFS_POLICY is 'hard', this initscript will have no effect # 2. we need to make devices available before parsing ${rootmnt}/etc/fstab activate_bilibop_lv # Rebuild fstab to automatically mount other filesystems as readonly aufs # branches: log_warning_msg "${0##*/}: Modifying temporary static filesystem table (fstab)." FSTAB="${rootmnt}/etc/fstab" >>${FSTAB} # touch the file comment="# Original line commented by ${0##*/}:" replace="# ...and replaced by:" # Comment the line about the root filesystem, which must not be managed later # by initscripts or whatever: sed -i "s|^\s*[^[:blank:]]\+\s\+/\s.*|\n${comment}\n#&\n|" ${FSTAB} # Add /etc/fstab to the list of files that have been modified. This is not # needed now, but will be used by further purposes (as the ability to sync # on the readonly branch the files that have been modified on the writable # branch, but those listed in ${BILIBOP_RUNDIR}/lock): lock_file "/etc/fstab" # Now parse fstab and modify some entries (and optionally modify crypttab # too): parse_and_modify_fstab # Be sure the lockfs mount helper script will be executed when needed: grep -q '[[:blank:]]lockfs[[:blank:]]' ${FSTAB} && check_mount_lockfs "${rootmnt}" # Avoid breakage of read-only settings by LVM tools: if [ -f "/etc/lvm/bilibop" ] && [ "${BILIBOP_LOCKFS_POLICY}" != "soft" ] then eval $(grep '^[[:blank:]]*LVM_SYSTEM_DIR=' ${rootmnt}/etc/environment) LVM_CONF="${rootmnt}${LVM_SYSTEM_DIR:=/etc/lvm}/lvm.conf" initialize_lvm_conf "${UDEV_ROOT}" set_readonly_lvm_settings blacklist_bilibop_devices >>${LVM_CONF} lock_file "${LVM_SYSTEM_DIR}/lvm.conf" fi # Now modify some other files, or execute specific actions if wanted by the # sysadmin: set the hostname, modify MAC addresses, set autologin, and so on. # For example: # touch ${rootmnt}/* ${rootmnt}/bin/* ${rootmnt}/sbin/* # find ${rootmnt}/etc ${rootmnt}/root -type f -xdev -exec touch {} \; # find ${rootmnt} -type d -xdev -exec touch {} \; # find ${rootmnt}/lib -xdev -exec touch {} \; # and maybe more would allow the admin to rescue the session even if the # device is wildly unplugged. # TODO: this is Still In Development # Maybe we have to provide a sample file (skeleton) including instructions to # write a script that can be executed both from the initramfs environment or # from the running system. # XXX: is it standards compliant ? for param in ${CMDLINE} do case "${param}" in config) BILIBOP_LOCKFS_RUN_SCRIPTS="true" ;; noconfig) BILIBOP_LOCKFS_RUN_SCRIPTS="false" ;; esac done [ "${BILIBOP_LOCKFS_RUN_SCRIPTS}" = "true" ] && if [ -d "${rootmnt}/etc/bilibop/lockfs.d" ] then for exe in ${rootmnt}/etc/bilibop/lockfs.d/[0-9][0-9]_[a-z]*[a-z].sh do [ -x "${exe}" ] && ${exe} ${rootmnt} done fi : bilibop-0.4.20/usr/share/doc/0000755000000000000000000000000012165414757012577 5ustar bilibop-0.4.20/usr/share/doc/bilibop-common/0000755000000000000000000000000012165414757015505 5ustar bilibop-0.4.20/usr/share/doc/bilibop-common/examples/0000755000000000000000000000000012236272332017311 5ustar bilibop-0.4.20/usr/share/doc/bilibop-common/examples/bilibop.conf0000644000000000000000000000551612236272332021607 0ustar # This is a sample configuration file for bilibop-common. # # The variable that is described here can take place in the main bilibop # configuration file '/etc/bilibop/bilibop.conf', maybe in addition to # other variables (always beginning by the string 'BILIBOP_') that can be # used by shell scripts provided by other bilibop-* packages. See the # bilibop.conf(5) manual page, and specific documentation provided by # other packages. # BILIBOP_COMMON_BASENAME # The basename of bilibop subdirectories (or symlink) that will be created # in /dev and /run at boot time, from into the initramfs environment or from # into the running system. If it is empty or unset, the value will fallback # to 'bilibop'. If you modify it to anything else, you have to take care that # some symlinks or custom settings of your system reflect the new location. # So, maybe it is not a good idea to modify it (see below). # Default is unset. # Among the possible reasons you have to modify the default value is a # case of name conflict in /dev: if a Volume Group named 'bilibop' already # exists, the udev rules from bilibop-rules will create symlinks named # 'disk', 'part' and 'root' in this LVM directory and this can get confusion # in the sense there will be links in /dev/bilibop that not refer to Logical # Volume block devices, but to a whole disk, a partition and the rootfs # device (and this one can be a Logical Volume of another Volume Group). # Of course, if one of the Logical Volumes itself is named 'disk', 'part' or # 'root', a real conflict will appear because udev will provide symlinks that # will be used by LVM tools and BILIBOP tools. Either one program or the other # will follow a bad link with unexpected results. Additionally, bilibop-udev # will not create a symlink IN /dev/bilibop, but AS /dev/bilibop instead. # If the directory already exists, the symlink will not be created. # # Another possible reason you want to modify the default value is that you # don't like it and prefer to use a more sensual name (as the nickname of # your boyfriend) or a more useful name (as the TradeMark of your device: # sony, lacie, sandisk, iomega or whatever you want). # Among the possible settings you can have to update in the case you modify # BILIBOP_COMMON_BASENAME default value, there are: # - the symlink /dev/bilibop (bilibop-udev) # - the symlinks in /dev/bilibop (bilibop-rules) # - the symlink /boot/grub/device.map # - the content of /etc/udev/rules.d/66-bilibop.rules # - the variable BLKID_FILE in /etc/environment # - the variable CACHE_FILE in /etc/blkid.conf # - maybe others # For some of them, you may either have to: # - run dpkg-reconfigure for the related package # - run a helper script provided by the related package # - edit the related file and modify it manually # So, don't play too often with the value of BILIBOP_COMMON_BASENAME. You have # been warned. bilibop-0.4.20/usr/share/doc/bilibop-common/misc/0000755000000000000000000000000012243163671016431 5ustar bilibop-0.4.20/usr/share/doc/bilibop-common/misc/bugs.txt0000644000000000000000000000362112243160715020130 0ustar The goal of this document is to reference bugs from the Debian BTS that can give a more comprehensive overview on bilibop. Other ressources can also be referenced. FROM DEBIAN BTS =============== #675467: ITP: bilibop -- run Debian from external media http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675467 #675532: RFS: bilibop/0.4.16 (ITP #675467) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675532 Bugs in source package bilibop http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bilibop --------------- #616729: mdadm includes stuff in initrd even if this is not needed http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616729 #623975: grub2: Add support for setkey! http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623975 #645466: When running from removable media, udev allows direct access by "floppy" group http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645466 #651466: initramfs fails to start LVM half the time http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651466 #671546: udev: loop device: add backing file in udev database http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671546 #671734: Add a variable in /etc/default/grub to pass specific kernel parameters in the 'recovery mode' entry. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671734 #678954: lvm2: Inconsistencies between lvm.conf and udev rules lead to hide VG, and worse http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678954 #691029: udisks: set ID_DRIVE_DETACHABLE to 0 has no effect. This can lead to system crash. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691029 #715184: lvm2: fails to boot with root on lvm, as wait loop for slow disk is too late http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715184 #730040: lvm2: global_filter issue: lvm commands create a ????P??? directory in the current one when exiting http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730040 bilibop-0.4.20/usr/share/doc/bilibop-common/misc/lvm2.txt0000644000000000000000000001215012236272332020046 0ustar The goal of this document is to give some tips and tricks about the LVM2 configuration for systems installed on external media. 1. First step ------------- During installation of a standalone Operating System on external media, LVM can be used to set Logical Volumes on the top of a partition or on the top of an encrypted device. In all cases, because the system itself is installed on only one disk, there is no sense to set more than one Physical Volume per Volume Group. Bilibop functions don't work properly if a VG is composed of more than one PV. LVM can be used in a "multilayered block devices" schema. For example, Disk ├───Partition1───PV#1 │ ├───LV#1───Filesystem (/boot) │ └───LV#2───LUKS───PV#2 │ ├───LV#3───Filesystem (/) │ ├───LV#4───Filesystem (/home) │ └───LV#5───SWAP Filesystem ├───Partition2───LUKS───Filesystem ├───Partition3───Filesystem └───Partition4───Filesystem In this example, only one partition is used to contain the entire system, which is nevertheless divided into four different filesystems, three of which are encrypted with the same key/passphrase. 2. Configuration ---------------- /etc/lvm/lvm.conf is the configuration file for all LVM tools. See the lvm.conf(5) manpage for details. 2.1. Filter ----------- One of the first things to do when lvm2 is installed on a OS on removable media is to configure the 'filter' array in the 'devices' section. If you want to use your system to access internal drives of the host computers, then you can keep the default setting, allowing LVM tools to access any device: filter = [ "a/.*/" ] But if you prefer to use your system as it was alone, you have to *hide* all Physical Volumes that are not used by your system. This is a more complicated task, but the drivemap(1) command can help you: $ drivemap -pin / /dev/sdb [ usb-_Trademark_Storage_05F210010018DD2-0:0 | 8GB ] /dev/sdb1 ............................... [ LVM2_member | 8GB ] /dev/mapper/system-boot .................... [ ext3 | 255MB ] /boot /dev/mapper/system-luks ............. [ crypto_LUKS | 7751MB ] /dev/mapper/bilibop ............. [ LVM2_member | 7750MB ] /dev/mapper/luks-root .............. [ ext4 | 6996MB ] / /dev/mapper/luks-home .............. [ ext4 | 750MB ] /home Here we see the two Physical Volumes (LVM2_member) we need to 'accept', all others will be 'rejected'. For one of these PV, it's easy: its static name is "/dev/mapper/bilibop". But we have to find a way to name the first partition of the disk, knowing that "/dev/sdb1" is dynamically attributed. You must use a symlink created by udev, but it must not refer to the UUID of the Physical Volume. Finally, it seems there is only one class of udev symlinks you can use: /dev/disk/by-id/*. This can be found with: $ ls -l /dev/disk/by-id/* | awk '/\/sdb1$/ {print $9}' /dev/disk/by-id/usb-_Trademark_Storage_05F210010018DD2-0:0-part1 (It can happen that you have the choice between two or even three names, mainly with external HDD) Now the result in lvm.conf is: filter = [ "a|^/dev/disk/by-id/usb-_Trademark_Storage_05F210010018DD2-0:0-part1$|", "a|^/dev/mapper/bilibop$|", "r|.*|" ] or simply: filter = [ "a|usb-_Trademark_Storage_05F210010018DD2-0:0-part1$|", "a|^/dev/mapper/bilibop$|", "r|.*|" ] Now test it with 'vgscan'. It can happen that the second PV (and then the second VG) is not found. This is because /dev/mapper/bilibop is not managed by udev (maybe due to some dmsetup udev rules). In that case, you have to inform LVM to not obtain device list from udev, but to scan /dev entirely and take any symlink into account; so in the same 'devices' section, set obtain_device_list_from_udev = 0 Then, if 'vgscan' gives you the expected result, run 'update-initramfs -u': this will build a new initramdisk with the new lvm.conf into; all other volumes than those used by your system will never be activated at boot time or later, until you modify the 'filter' setting. NOTE: the bilibop-rules package provides a helper script, /usr/share/bilibop/physical_volumes_filter, which has been written to automate the previously described tasks. See README.Debian in the documentation of this package for details. 2.2. Backups and archives ------------------------- If your root filesystem in on a Logical Volume, then the default place to store backups - /etc/lvm/backup - is useless, because backups are stored into the Volume that can need the backup to be opened. Additionally, you have to know that LVM archives and backups can easily be used to acquire certainty that your system was plugged on this computer or this one, if Logical Volumes on the disks of the computer are activated. So, you should probably disable these features in the 'backup' section: archive = 0 backup = 0 But keep a backup of your Volume Groups, at least to avoid the annoying warnings (WARNING: This metadata update is NOT backed up). bilibop-0.4.20/usr/share/doc/bilibop-common/misc/grub2.txt0000644000000000000000000001464312236272332020220 0ustar The goal of this document is to give some tips and tricks about the GRUB2 configuration for systems installed on external media. 1. /boot/grub/device.map ------------------------ This file is used each time the GRUB menu (/boot/grub/grub.cfg) is updated. If the content of the file does not match the block devices actually available on the system, 'update-grub' can fail. It is possible to update the device.map with 'grub-mkdevicemap'. If the device.map don't exist, it is automatically created when 'update-grub' (in fact 'grub-mkconfig') is invoked. So, a good way to always use an updated device.map is to replace the file by a symlink to a (non existing) file in a temporary directory (usually somewhere in /run or /tmp). Another way is to use a fake device.map, in wich the first and only one disk that is listed - said (hd0) in grub terminology - refers to the disk hosting the running system. This can be hard coded in /boot/grub/device.map by using a /dev/disk/by-id/* link, or updated at each boot in a temporary file (this is what bilibop-rules does by default). Bilibop-rules provides an helper script: /usr/share/bilibop/grub_device_map_manager Run it with the --help option or read the bilibop-rules documentation to know more. 2. /etc/default/grub -------------------- This is the main configuration file. 'update-grub' must be run each time this file is modified. - There is no need to hard code obsolete informations about the OS hosted by the computer we have used when the last 'update-grub' occured. So, we can/must disable os-prober: GRUB_DISABLE_OS_PROBER="true" - It can be nice to use the native resolution of the monitor to display the GRUB menu, and keep it for the session: GRUB_GFXMODE="auto" GRUB_GFXPAYLOAD_LINUX="keep" - Since it is possible to use non-default keymap in GRUB (see below for details on how to build and load a such keymap), you have to use a specific setting to enable it: GRUB_TERMINAL_INPUT="at_keyboard" - With some partition schemes, it can be necessary to add a delay, even short, in the boot commandline. This is often the case with LUKS and/or LVM. GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} rootdelay=1" - If your system is running from flash memory (USB stick, MMC, SSD), a good thing is to not use swap devices on your media, because of its limitations (each sector can be rewritten only some thousands times; if a sector defects, your drive is dead). GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} noswap" - For the moment (follow bug #671734), the 'recovery mode' only adds the 'single' kernel parameter to the boot commandline. To use other useful parameters, it is possible to create a new variable in the configuration file, and export it to be used in /etc/grub.d/10_linux, if modified. Here is the list of parameters used by DebianLive 'failsafe' session: GRUB_CMDLINE_LINUX_RECOVERY="noapic noapm nodma nomce nolapic nomodeset nosmp" export GRUB_CMDLINE_LINUX_RECOVERY 3. /etc/grub.d/10_linux ----------------------- If you want to add some useful parameters in the 'recovery mode' menu entry, as described above, replace the line (near the end of the script): "single ${GRUB_CMDLINE_LINUX}" by: "single ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_RECOVERY}" 4. /boot/grub/layouts/*.gkb --------------------------- It is now possible to use different keyboard settings, not only the default one (en_US). To be able to use a custom keymap in GRUB, this keymap must be added in /boot/grub/layouts, with the 'gkb' extension (Grub KeyBoard). If you want to build your own keymap, do as follows (see bug #623975): # mkdir -p /boot/grub/layouts # ckbcomp fr | grub-mklayout -o /boot/grub/layouts/fr.gkb NOTE: the ckbcomp follows the syntax of setxkbmap(1); for a complete list of available layouts, see /usr/share/X11/xkb/symbols/* To use it, set GRUB_TERMINAL_INPUT to "at_keyboard" in /etc/default/grub, add a line just containing 'keymap fr' in /etc/grub.d/40_custom or in /boot/grub/custom.cfg, run 'update-grub', and that's all. If several keymaps are stored in /boot/grub/layouts, each of them can be used by entering GRUB commandline mode and use the 'keymap' command, followed by the filename of the keymap you need, without the .gkb extension. 5. /etc/grub.d/4[01]_custom --------------------------- 5.1. 40_custom -------------- This file provides a very simple way to put custom entries or settings in the main /boot/grub/grub.cfg: except its two first lines, all the content of 40_custom is copied as is in grub.cfg. But it is needed to run 'update-grub' each time 40_custom is modified. 5.2. 41_custom -------------- This file provides another simple way to customize grub menu: the difference with 40_custom is that there is no need to modify this file. What is added to /boot/grub/grub.cfg just says: "if the file /boot/grub/custom.cfg exists, then load it". 6. /boot/grub/custom.cfg ------------------------ If this file exists (this is not the case by default), it will be loaded on the fly by /boot/grub/grub.cfg and its content will be merged to the content of grub.cfg. It is of the responsibility of the admin to create and maintain this file. The main differences between this 'custom' feature (provided by /etc/grub.d/41_custom) and the other (provided by /etc/grub.d/40_custom) are that the content of custom.cfg is not hard coded into grub.cfg, and so there is no need to run 'update-grub' when custom.cfg is modified. We give here an example of content of custom.cfg, knowing that the following lines could be put into /etc/grub.d/40_custom as well: # Enable the pager to ease the read of long files: set pager=1 # Enable custom keymap (needs GRUB_TERMINAL_INPUT="at_keyboard" in # /etc/default/grub): keymap fr 7. /boot/grub/unicode.pf2 ------------------------- Due to its design, it is highly recommended to install bilibop as a full encrypted system, or at least with an encrypted /home or /home/*user* directory (otherwise, what do you think it can happen if you loose or forget your USB stick somewhere?). And so, if the root filesystem is encrypted, grub can not access files elsewhere than in the boot partition. This means that if you need a font file, a background image or whatever you want, you have to copy them into /boot/grub. The unicode.pf2 is useful to render accented letters (french, german, spanish, italian and more) in the grub menu. It is provided by the grub-common package in /usr/share/grub. Just copy it into /boot/grub, and 'update-grub' will do the rest. bilibop-0.4.20/usr/share/doc/bilibop-common/misc/udev.txt0000644000000000000000000000607512165414757020154 0ustar The goal of this document is to give some tips and tricks about the UDEV configuration for systems installed on external media. 1. /etc/udev/rules.d/70-persistent-*.rules ------------------------------------------ As said by their names, 70-persistent-cd.rules and 70-persistent-net.rules store persistent informations about cd/dvd drives and network interfaces. These files are cumulative. It means that each time you run your system on a new computer, some informations are collected and appended to the content of these files. For example: 70-persistent-net.rules When a network interface is discovered by the system, and its MAC address don't match those stored in the existing rules, a new rule is created and appended to the file. A new name is created for this interface, by incrementation: if 'eth0' and 'eth1' already exist in the file, then the new name will be 'eth2' (the most common names being 'eth*', 'wlan*' and 'ath*'). Two months later, if the system has been used on ten different computers, it is possible this file contains rules for more or less twenty interfaces, from 'eth0' to 'eth13', 'wlan0' to 'wlan3', 'ath0' and 'ath1', with as many MAC addresses able to proof which computers your system was plugged on. And some network managers cannot easily deal with that: the problem is that the interface name to use for a wired connection can be hard coded in a configuration file, etc. So, a good thing is to make these persistent data unpersistent, by replacing the files by symlinks to files in temporary directories (as /run or /tmp). This works as expected, except udev complaints about this situation during the second stage of the boot process (the initramfs being the first stage). It is possible to avoid udev trouble by creating the (non empty) target of the symlink before udev initscript runs. This is what bilibop-rules initramfs script does. 2. /dev/sd?* ------------ When the operating system is running from a removable media, the udev rules file /lib/udev/rules.d/91-permissions.rules set this media and all its partitions as owned by the 'floppy' group (unlike internal drives and their partitions, that are owned by the 'disk' group). See bug #645466. The main difference between these two groups is that a lot of users are members of the floppy group, to allow them to do what they want with their floppies, USB keys, and others. 'What they want' includes low-level writes. So, only privileged users should be members of the 'disk' group, to avoid this low-level write access on drives which the system is installed on. In conclusion, on systems embedded on USB keys, a unprivileged user can erase all (blank the entire disk) with one of the following commands: $ shred -zn0 /dev/sdb $ cat /dev/zero >/dev/sdb $ dd if=/dev/zero of=/dev/sdb Knowing that, one of the first things to do when the system is on a removable media, is to override 91-permissions.rules, and set the drive hosting the system and all its partitions (including the extended one) to be owned by the 'disk' group. This is what bilibop-rules is mainly designed to do, and the only one thing bilibop-udev does. bilibop-0.4.20/usr/share/doc/bilibop-common/misc/keymap.txt0000644000000000000000000000421412236272332020456 0ustar The goal of this document is to give some tips and tricks about the KEYMAP configuration for systems installed on external media. 1. /boot/grub/layouts/*.gkb --------------------------- It may be convenient, especially with an interactive bootloader like GRUB, to be able to use keyboard settings corresponding to the keyboard of the machine, or relative to the natural language of the user. first, you have to know that it is possible, and not too complicated. Then, refer to the document named 'grub2.txt' to know how to do. 2. /etc/default/keyboard ------------------------ This file is used to set the keyboard for both console and X. It is composed of XKB* variables assignments and some others. This file is created and maintained by the 'keyboard-configuration' package. In most cases, it can be modified with 'dpkg-reconfigure keyboard-configuration', but debconf can not do all. So, there are cases where /etc/default/keyboard must be modified by hand. Here is an example: _________________________________ XKBMODEL="pc105" XKBLAYOUT="fr-latin9,en_US" XKBOPTIONS="grp:alt_shift_toggle" _________________________________ The result is the same than if you run (under X): setxkbmap -layout fr-latin9,en_US -model pc105 -option grp:alt_shift_toggle except that with keyboard-configuration, the keymap is shared between X and the console. In the previous example, the 'fr-latin9' layout is the default, and 'en_US' is a secondary layout. Type allows to toggle between them. This toggle action only applies on the current/active console (or X if you do it under X). Note that: _________________________________ XKBMODEL="pc105" XKBLAYOUT="fr,us" XKBVARIANT="latin9,intl" XKBOPTIONS="grp:alt_shift_toggle" _________________________________ does the same. This kind of settings may be very convenient for a system intended to be used on different computers, with different keyboards. It can also be useful for people who need to translate documents between languages using different alphabets: russian, greek, arabian, hebrew, japanese, etc. See setxkbmap(1) and play with it will help you to win time if you think you need a complex keyboard configuration. bilibop-0.4.20/usr/share/doc/bilibop-common/misc/swap.txt0000644000000000000000000001513712236272332020150 0ustar The goal of this document is to give some tips and tricks about the SWAP configuration for systems installed on external media. 1. Systems on Flash memory -------------------------- By "flash memory", we say USB keys, MMC or SD/SDHC cards, SSDs and all what is not a rotating Hard Disk Drive. Due to the low limits of write-cycles allowed on such devices (commonly some tens of thousands, sometimes even less), it seems to not be a very good idea to setup and enable swap areas (block devices or regular files) on them. If you do it, you have to know that it can dramatically decrease the lifetime of your drive. If you have performed an automated install and a swap device is enabled on your system, you can disable it by at least two ways: 1.1. /etc/fstab and /etc/crypttab You can delete (or comment) the lines concerning swap devices, or add the 'noauto' option. 1.2. boot commandline You can add the 'noswap' kernel parameter to your bootloader configuration file (see grub2.txt). 2. Systems on External HDDs --------------------------- Such devices have the same write-cycles limits than the Internal HDDs. So you can enable swap areas on them without restriction in terms of lifetime of your drive. That said, you have to take care about the swap device name in your configuration files. A good practice is to name devices by the UUID of the filesystem they content; but it seems some programs don't affect an UUID to swap filesystems when they create them. Partman, the partitionning tool used by the Debian Installer, is one of them (it is based on parted). To affect an UUID to a swap device, you can use swaplabel(8) with uuidgen(1), or just recreate the swap filesystem with mkswap(8) after it has been disabled with swapoff(8). 2.1. Plain text or clear swap (not recommended) In /etc/fstab, you should have something like: UUID=12345678-9abc-def0-1234-56789abcdef0 none swap sw 0 0 2.2. Encrypted swap (random key) * In /etc/crypttab, you should have something like: crypt_swap UUID=12345678-9abc-def0-1234-56789abcdef0 /dev/random swap,offset=8 The "offset=8" option is added to not modify the height first sectors of the filesystem: 512*8=4096 is the size of the first page of the swap fs, where the UUID and LABEL are stored. The string 'SWAPSPACE2' is at the end of this first page. So, with this offset, the UUID is protected, and can be used from a session to another. Install the 'haveged' package or any other hardware-based Random Number Generator (rng-tools, randomsound), and set it to be started before the cryptdisks* initscripts if you want to use /dev/random as the key; otherwise, use /dev/urandom, or you'll probably have to fill the random pool by hand (i.e. by 'randomly' pressing keys on the keyboard). * In /etc/fstab, you should have something like: /dev/mapper/crypt_swap none swap sw 0 0 NOTE that with a single-use swap area, you cannot benefit of the hibernate features (suspend-to-disk), even if your session manager or login manager can propose it to you. See [1]. 2.3. Encrypted swap (persistent) Here, the swap area uses dm-crypt/LUKS with a fixed passphrase. Even if it is possible to set an encrypted device only for the swap space, separatly from the system, the common usage is to set an encrypted device and use LVM on the top of the decrypted device: the same passphrase is used to simultaneously decrypt the root filesystem, the swap area and sometimes more (/home, shared and miscellaneous data, etc.) * In /etc/crypttab, you should have something like: crypt UUID=12345678-9abc-def0-1234-56789abcdef0 none luks * In /etc/fstab, you should have something like: /dev/mapper/vg00-root / ext4 noatime,errors=remount-ro 0 1 /dev/mapper/vg00-swap none swap sw 0 0 NOTE that with these settings, your system can hibernate and be resumed on the same computer (and probably only if plugged on the same USB/Firewire/etc. port). 3. Use the swap partition of the host computer ---------------------------------------------- It can be useful to set an existing swap partition of the host computer. For example, if the running system is on a USB stick without swap device on it, and you absolutely need additional memory for a certain task (unsquashfs a big file always fails with only 512MB of RAM). In a such case, the policy should be the following: A - Use an encrypted swap device to not let easily readable traces of your activity on the host computer. B - Don't modify the swap device in a way that it will be unusable by the system installed on the computer. In the following example, we assume /dev/sda and /dev/sdb are internal HDD, and /dev/sdc is your pendrive: 1. Find your drive: # drivemap -d / /dev/sdc 2. List swap filesystems: # blkid -t TYPE=swap -o device /dev/sdb5 3. Be sure it is a swap partition: # sfdisk --print-id /dev/sdb 5 82 4. Verify that is is 'free' (i.e. does not contain a 'suspended' image of the memory; in that case the following command shhould output the string 'SWAPSPACE2S1SUSPEND'): # dd if=/dev/sdb5 bs=1 skip=4076 count=20 2>/dev/null | cat -v; echo SWAPSPACE2SWAPSPACE2 5. Fill the partition with random data; don't erase the first 4096 bits: # dd if=/dev/urandom of=/dev/sdb5 bs=512 seek=8 dd: writing `/dev/sdb5': No space left on device 3906243+0 records in 3906242+0 records out 1999995904 bytes (2.0 GB) 1276.3 s, 1.6 MB/s 6. Map the partition to an encrypted device; again, don't forget to skip the 8x512=4096 first bits: # cryptsetup --key-file=/dev/random --offset=8 create encswap /dev/sdb5 7. Create a swap filesystem: # mkswap -f /dev/mapper/encswap Setting up swapspace version 1, size = 1953116 KiB no label, UUID=0154016f-1fba-4961-a471-0856d06e6c0a 8. And finally enable the encrypted swap area: # swapon /dev/mapper/encswap To properly disable the swap device: # swapoff /dev/mapper/encswap # cryptsetup remove encswap Don't forget the 'seek=8' and '--offset=8' options with dd and cryptsetup respectively, otherwise the first sectors will be overwritten, the UUID deleted, and if this UUID is used in a configuration file of a system installed on the computer, errors will occur during the boot of this system. NOTE that when you use a swap device on the fly, your session logout manager can propose you a 'hibernate' button. If you use it, your session will be recorded on the swap space, but you will not recover it. See [1]. [1]: if your system has no swap device that can be used to resume a session after a hibernation, you should if possible disable the 'hibernate' button of your session logout manager. For Xfce4, run: $ xfconf-query --channel xfce4-session --create \ --property /shutdown/ShowHibernate \ --type bool --set false bilibop-0.4.20/usr/share/doc/bilibop-common/misc/blkid.txt0000644000000000000000000000527212165414757020274 0ustar The goal of this document is to give some tips and tricks about the BLKID configuration for systems installed on external media. 1. /etc/blkid.tab ----------------- This file is updated each time the blkid command is run without '-c' or '-p' options. If it already exists, then the existing table is saved in the same directory with the name 'blkid.tab.old', after what the table is updated. Maybe it should be placed somewhere in /var instead. And for systems running from an external media, maybe this file should be placed somewhere in /run, to not collect informations that will surely be obsolete after next boot. Additionally, the blkid tables could be used to track people, by easily controling that the removable drive hosting the system was plugged on an already identified computer the last time the system has run: the UUIDs of the computer's disks match the blkid table on the removable system. Arggh! Note that /etc/blkid.tab and /etc/blkid.tab.old cannot just be replaced by symlinks to files located in a temporary directory, because the blkid program has the following behaviour: - If the table don't already exists, it is just written. This means if /etc/blkid.tab is a broken symlink to /tmp/blkid.tab, the program will create /tmp/blkid.tab by writing into /etc/blkid.tab - If the table already exists, it is removed before to be rewritten. This means if /etc/blkid.tab is a symlink to /tmp/blkid.tab, which exists, /etc/blkid.tab will be removed and then rewritten: the symlink is replaced by a regular file the second time the command is run during a session. So, use 'CACHE_FILE' or 'BLKID_FILE' settings instead (see below). 2. CACHE_FILE ------------- /etc/blkid.conf is the blkid configuration file. By default, it don't exist on Debian systems. This file can contain the 'CACHE_FILE' variable assignment, allowing the admin to write new and old blkid tables elsewhere. On a bilibop system, you can have: CACHE_FILE=/run/bilibop/blkid.tab 3. BLKID_FILE ------------- If set in /etc/environment, this variable will override the 'CACHE_FILE' variable, if set in /etc/blkid.conf. On a bilibop system, you can have: BLKID_FILE=/run/bilibop/blkid.tab 4. IMPORTANT ------------ You should not use /run/bilibop as a location for the blkid tables in the following cases: - bilibop-rules package is not installed (and then /run/bilibop is not created by the bilibop-rules initramfs script). - bilibop-lockfs is not enabled (and then /run/bilibop is not created by the bilibop-lockfs initramfs script). - the value of BILIBOP_COMMON_BASENAME has been modified in bilibop.conf(5). (and the directory created by one of the initramfs scripts is not /run/bilibop, but /run/${BILIBOP_COMMON_BASENAME}) bilibop-0.4.20/usr/share/doc/bilibop-rules/0000755000000000000000000000000012165414757015347 5ustar bilibop-0.4.20/usr/share/doc/bilibop-rules/examples/0000755000000000000000000000000012244312341017145 5ustar bilibop-0.4.20/usr/share/doc/bilibop-rules/examples/bilibop.conf0000644000000000000000000000760712236272332021454 0ustar # This is a sample configuration file for bilibop-rules. # Here is a partition scheme: # # /dev/sdc : USB HDD hosting the running system (250GB) # /dev/sdc1 : Physical Volume (20GB) # vg0 : Volume Group with only one PV (/dev/sdc1) # /dev/vg0/boot : Logical Volume mounted on /boot (1GB) # /dev/vg0/root : Logical Volume mounted on / (10GB) # /dev/vg0/home : Logical Volume mounted on /home (7GB) # /dev/vg0/swap : Logical Volume used as swap device (2GB) # /dev/sdc2 : FAT32 partition with portable applications for Windows, # no mountpoint (10GB) # /dev/sdc3 : Ext4 partition mounted on /var/spool/apt-mirror (100GB) # /dev/sdc4 : Primary extended partition # /dev/sdc5 : FAT32 logical partition with sorted public data, # no mountpoint (50GB) # /dev/sdc6 : FAT32 logical partition with unsorted public data, # no mountpoint (50GB) # /dev/sdc7 : LUKS logical partition with private data, # no mountpoint (20GB) # # Bilibop rules, by default and by using Udisks capabilities, hide all # volumes, and make them all 'system internal'. So I (unprivileged user) # can't access /dev/sdc2, /dev/sdc5, /dev/sdc6 and /dev/sdc7 contents from # the desktop applications based on Udisks (as file-managers Thunar, # Nautilus or PCManFM). They are not automatically mounted (even not # listed in /etc/fstab) and I can't mount them by just clicking on their # icons on the desktop, because those icons are missing. Argh! This is not # what I want. # # Knowing that (by running blkid): # /dev/sdc2: LABEL="PortableApps" UUID="FE34-55C2" TYPE="vfat" # /dev/sdc5: LABEL="public_data" UUID="7B50-DC7E" TYPE="vfat" # /dev/sdc6: LABEL="unsorted" UUID="BDD1-9A36" TYPE="vfat" # /dev/sdc7: UUID="7ef316ac-f92c-44a5-d9a2-837c1ee23f3bd" TYPE="crypto_LUKS" # # it is possible to whitelist the devices I want access from the desktop by # making them visible: BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST="TYPE=vfat UUID=7ef316ac-f92c-44a5-d9a2-837c1ee23f3bd" # # In addition, if I want to be able to mount/unmount them without prompt for # a su/sudo password: BILIBOP_RULES_SYSTEM_INTERNAL_WHITELIST="${BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST}" # # But if I want to keep default behaviour for the partition containing apps # for Windows, and additionally I want to avoid mistakes on the partition # containing sorted data, and I need to access apt-mirror partition from the # desktop, I have to detail the whitelists and other settings (for the last # one, we assume the filesystem contained into the LUKS partition is labeled # 'Unlocked'): BILIBOP_RULES_SYSTEM_INTERNAL_WHITELIST="LABEL=unsorted UUID=7ef316ac-f92c-44a5-d9a2-837c1ee23f3bd" BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST="${BILIBOP_RULES_SYSTEM_INTERNAL_WHITELIST} LABEL=public_data LABEL=apt-mirror" BILIBOP_RULES_PRESENTATION_ICON="LABEL=apt-mirror:debian-logo" BILIBOP_RULES_PRESENTATION_NAME="UUID=7ef316ac-f92c-44a5-d9a2-837c1ee23f3bd:Locked" # # This makes: # /dev/sdc2: hidden and system internal (default unchanged) # /dev/sdc3: shown on the desktop with 'debian-logo' icon, system internal # /dev/sdc5: visible, but prompt for su/sudo password to be mounted # /dev/sdc6: visible and mountable without admin rights # /dev/sdc7: shown with a label reflecting its actual status (Locked/Unlocked) # and mountable without admin rights # If you often download .iso images and want to see them as CDs on the desktop # when they are mounted: BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST="TYPE=iso9660" BILIBOP_RULES_PRESENTATION_ICON="TYPE=iso9660:media-cdrom" # After what it is possible to update udev database referring to bilibop # devices with: 'lsbilibop -c' (see lsbilibop(8)). # XXX: the Udisks capabilities only apply on some desktop applications, and # must not be considered as a real security layer. The use of pmount(1) can # bypass all udisks/bilibop-rules settings. bilibop-0.4.20/usr/share/doc/bilibop-rules/examples/rlvm0000644000000000000000000000232612173760220020057 0ustar #!/bin/bash set -e # rlvm: restricted lvm; allow the admin to run lvm commands in a safe way: # - local PV and LV are filtered (hidden); there is no risk to modify them # by mistake. # - /etc/lvm/lvm.conf is not modified to filter local PV; there is no risk # to compromise next boot process if the initramdisk is rebuild during the # session. [ -x /usr/share/bilibop/physical_volumes_filter ] || exit 9 pvfilter() { /usr/share/bilibop/physical_volumes_filter "$@"; } export LVM_SYSTEM_DIR="/tmp/lvm2" mkdir -p ${LVM_SYSTEM_DIR} LVMCONF="${LVM_SYSTEM_DIR}/lvm.conf" clear cat <' /proc/cmdline", RUN+="/sbin/blockdev --setro $tempnode" # B. Uncomment the following line if you want the disk and its partitions # to be hidden to the user (works only for udisks-based applications): #ATTR{partition}=="?*", ENV{UDISKS_PRESENTATION_HIDE}="1" # C. Uncomment the following line if you want that the user be able to # mount the partitions without prompt for su/sudo password. # Dangerous: use with care. #ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_SYSTEM_INTERNAL}="0" # # This is a variant using a boot parameter (insidev): #ENV{ID_FS_USAGE}=="filesystem", PROGRAM=="/bin/grep -q '\' /proc/cmdline", ENV{UDISKS_SYSTEM_INTERNAL}="0" # D. Uncomment the following lines if you want to automatically setup # encrypted swap devices from internal partitions. Experimental: use # with care. #ACTION=="add", \ # PROGRAM!="/bin/grep -q '\' /proc/cmdline", \ # ENV{ID_FS_TYPE}=="swap", ENV{ID_PART_ENTRY_TYPE}=="0x82", \ # PROGRAM=="/sbin/blockdev --setrw $tempnode", \ # TEST!="%r/mapper/encswap_%k", \ # PROGRAM=="/sbin/cryptsetup --key-file=%r/urandom --offset=8 create encswap_%k $tempnode", \ # RUN+="/sbin/mkswap -f -L encswap_%k %r/mapper/encswap_%k", \ # RUN+="/sbin/swapon %r/mapper/encswap_%k" # # The same can be done *manually* by beginning the rule with # ACTION=="change", and run 'udevadm trigger --tag-match="INSIDEV" # during a session; 'urandom' should probably be replaced by 'random', # especially if 'haveged', 'rng-tools' or 'randomsound' is installed. LABEL="insidev_end" bilibop-0.4.20/usr/share/doc/bilibop-rules/examples/90-internal-drives.rules0000644000000000000000000000764012165414757023604 0ustar # /usr/share/doc/bilibop-rules/examples/90-internal-drives.rules ┌───────────────────────────────────────────────────────────────┐ │ THIS FILE IS NOW OUT OF DATE. SEE 90-insidev.rules INSTEAD. │ └───────────────────────────────────────────────────────────────┘ # ============================================================================== # 1. Filters: # ======== SUBSYSTEM!="block", GOTO="end_internal-drives_rules" KERNEL!="sd*", GOTO="end_internal-drives_rules" SUBSYSTEMS=="usb|firewire", GOTO="end_internal-drives_rules" # At this step, following rules should be applied only on block devices # hosted by internal drives of the computer. # Those internal drives cannot be removed: KERNEL=="sd?", ACTION=="remove", GOTO="end_internal-drives_rules" # If this rules file is orphaned, go away: TEST!="/lib/udev/bilibop_disk", GOTO="end_internal-drives_rules" # If bilibop-rules is installed on an internal drive, skip it too: PROGRAM=="bilibop_disk --test $tempnode", GOTO="end_internal-drives_rules" # ============================================================================== # 2. Tag the device: # =============== # This is a convenient way to update its udev properties with: # 'udevadm trigger --tag-match=INTERNAL --action=add' # 'udevadm trigger --tag-match=INTERNAL --action=change' # after this file has been modified. TAG+="INTERNAL" # ============================================================================== # 3. Examples: # ========= # Here are some examples of actions to perform, or properties to set. # A. Uncomment the following line if you want to set the whole disk and # each of its partitions as read-only. This can avoid big mistakes # on your friend's computer. #ACTION=="add|change", RUN+="/sbin/blockdev --setro $tempnode" # # This is a variant using a boot parameter: diskaccess. If this keyword # IS NOT present in the boot commandline, devices are set readonly: #ACTION=="add|change", PROGRAM!="/bin/grep -q '\sdiskaccess\(\s\|$$\)' /proc/cmdline", RUN+="/sbin/blockdev --setro $tempnode" # # This is a variant using a boot parameter: nodiskaccess. If this keyword # IS present in the boot commandline, devices are set readonly: #ACTION=="add|change", PROGRAM=="/bin/grep -q '\snodiskaccess\(\s\|$$\)' /proc/cmdline", RUN+="/sbin/blockdev --setro $tempnode" # B. Uncomment the following line if you want the disk and its partitions # to be hidden to the user (works only for udisks-based applications): #ACTION=="add|change", TEST=="/lib/udev/rules.d/80-udisks.rules", ENV{UDISKS_PRESENTATION_HIDE}:="1" # C. Uncomment the following line if you want that the user be able to # mount the partitions. Dangerous: use with care. #ACTION=="add|change", ATTR{partition}=="?*", TEST=="/lib/udev/rules.d/80-udisks.rules", ENV{UDISKS_SYSTEM_INTERNAL}:="0" # # This is a variant using a boot parameter (diskaccess): #ACTION=="add|change", ATTR{partition}=="?*", PROGRAM=="/bin/grep -q '\sdiskaccess\(\s\|$$\)' /proc/cmdline", TEST=="/lib/udev/rules.d/80-udisks.rules", ENV{UDISKS_SYSTEM_INTERNAL}:="0" # D. Uncomment the following lines if you want to automatically setup # encrypted swap devices from internal partitions. Experimental: use # with care. #ACTION=="add", \ # PROGRAM!="/bin/grep -q '\sno\(diskaccess\|swap\)\(\s\|$\)' /proc/cmdline", \ # ENV{ID_FS_TYPE}=="swap", ENV{ID_PART_ENTRY_TYPE}=="0x82", \ # PROGRAM=="/sbin/blockdev --setrw $tempnode", \ # TEST!="%r/mapper/encswap_%k", \ # PROGRAM=="/sbin/cryptsetup --key-file=%r/urandom --offset=8 create encswap_%k $tempnode", \ # RUN+="/sbin/mkswap -f %r/mapper/encswap_%k", \ # RUN+="/sbin/swapon %r/mapper/encswap_%k" LABEL="end_internal-drives_rules" bilibop-0.4.20/usr/share/doc/bilibop-lockfs/0000755000000000000000000000000012165414757015476 5ustar bilibop-0.4.20/usr/share/doc/bilibop-lockfs/examples/0000755000000000000000000000000012236272332017302 5ustar bilibop-0.4.20/usr/share/doc/bilibop-lockfs/examples/bilibop.conf0000644000000000000000000000762612236272332021604 0ustar # This is a sample configuration file for bilibop-lockfs. # Here is a partition scheme: # # /dev/sdc : USB HDD hosting the running system (250GB) # /dev/sdc1 : Physical Volume (20GB) # vg0 : Volume Group with only one PV (/dev/sdc1) # /dev/vg0/boot : Logical Volume mounted on /boot (1GB) # /dev/vg0/home : Logical Volume mounted on /home (7GB) # /dev/vg0/root : Logical Volume mounted on / (10GB) # /dev/vg0/swap : Logical Volume used as swap device (2GB) # /dev/sdc2 : FAT32 partition with portable applications for Windows, # no mountpoint (10GB) # /dev/sdc3 : Ext4 partition mounted on /var/spool/apt-mirror (100GB) # /dev/sdc4 : Primary extended partition # /dev/sdc5 : FAT32 logical partition with sorted public data, # no mountpoint (50GB) # /dev/sdc6 : FAT32 logical partition with unsorted public data, # no mountpoint (50GB) # /dev/sdc7 : LUKS logical partition with private data, # no mountpoint (20GB) # # If the lockfs feature is enabled (from the configuration file, from the boot # commandline or by a heuristic), then the root filesystem will be mounted as # a readonly branch of an aufs mounted on /. After what all filesystems listed # in /etc/fstab will be mounted as readonly branches of the corresponding aufs # mountpoints. For example, the line: # # UUID=12345678-9abc-def0-1234-56789abcdef0 /home ext4 nosuid,noatime,nodiratime 0 2 # # will be replaced by the following three lines: # # UUID=12345678-9abc-def0-1234-56789abcdef0 /aufs/ro/home ext4 nosuid,noatime,nodiratime,ro 0 0 # tmpfs /aufs/rw/home tmpfs nosuid,mode=0755 0 0 # none /home aufs br:/aufs/rw/home=rw:/aufs/ro/home=rr 0 0 # # And the block device with UUID=12345678-9abc-def0-1234-56789abcdef0 will # be set as read-only with blockdev(8). ## SETTINGS ## # /dev/sdc2 and /dev/sdc5 to /dev/sdc7 are not listed in /etc/fstab: so, # they are not managed by bilibop-lockfs. # Even when bilibop-lockfs is enabled, I want to be able to update the apt # repository (/dev/sdc3 mounted on /var/spool/apt-mirror) and so I have to # whitelist it: BILIBOP_LOCKFS_WHITELIST="/var/spool/apt-mirror" # or, after 'e2label /dev/sdc3 apt-mirror': BILIBOP_LOCKFS_WHITELIST="LABEL=apt-mirror" # The main advantage of the first format is that the filesystem can be # whitelisted by the initramfs script, because there is no need to query # metadata about it. But the main advantage of the second format is that # if you modify mountpoint in /etc/fstab, there is no need to update # bilibop.conf(5). But if you want the filesystem whitelisted by the # initramfs script with the second format (LABEL=*), you have to modify # /etc/fstab as follows: # LABEL=apt-mirror /var/spool/apt-mirror ext4 defaults 0 2 # Of course, this works with 'UUID=*' too, and of course, the whitelisted # device must match the fstab entry to be taken into account by the # initramfs script. # # XXX: common mountpoints that can be added in BILIBOP_LOCKFS_WHITELIST # are /home or /usr/local. Include some mountpoints such as /boot or /usr # or /var is this variable is a very bad idea. You have been warned. # By default, bilibop-lockfs disables swap devices if they are not set to # be encrypted. If I need swap, I have to set it to be encrypted (for that, # see crypttab(5)), or I have to bypass the default behaviour: BILIBOP_LOCKFS_SWAP_POLICY="soft" # If I need sometimes to remount /aufs/ro, /aufs/ro/boot or /aufs/ro/home # as writable to copy bookmarks in my browser account, modify bilibop.conf # itself, add some useful settings in /boot/grub/custom.cfg or whatever, # I have to bypass the 'hard' global policy (but this is not a good idea): BILIBOP_LOCKFS_POLICY="soft" # There is no need of a lot of space for /boot: BILIBOP_LOCKFS_SIZE="/boot=10M" # I know what I do, and I prefer to use 'df' to query information about # filesystem status: BILIBOP_LOCKFS_NOTIFY_POLICY="never" bilibop-0.4.20/usr/share/man/0000755000000000000000000000000012165414757012605 5ustar bilibop-0.4.20/usr/share/man/man7/0000755000000000000000000000000012236272332013435 5ustar bilibop-0.4.20/usr/share/man/man7/bilibop.fr.70000644000000000000000000002235212236272332015557 0ustar .TH BILIBOP 7 2013\-10\-26 bilibop "Bilibop Project" .SH NAME bilibop \- éxécuter Debian GNU/Linux depuis un support externe .SH DESCRIPTION Nombre de distributions GNU/Linux \(em au moins les plus populaires d'entre elles \(em fournissent en téléchargement gratuit des images de disque aux formats .I .iso ou .IR .img , qui peuvent être copiées sur une clé USB (parfois juste avec .BR cat (1) ou .BR dd (1), parfois par des méthodes plus complexes) et être immédiatement utilisables \(aqtelles quelles\(aq. .PP Mais de tels systèmes d'exploitation ne sont pas conçus pour être modifiés; Ils sont accessibles seulement en lecture, et même s'ils fournissent une fonctionnalité appelée \(aqpersistance\(aq, celle-ci est limitée. De plus, ces systèmes sont couramment impossibles à maintenir, dans le sens où reconstruire l'image complète du système de fichiers racine est le seul moyen de mettre à jour le système ou de modifier ses paramétrages en profondeur. C'est là souvent une tâche lourde et difficile qui ne peut pas être effectuée depuis le système lui-même: cela nécessite un espace de travail dédié, extérieur au système en cours d'éxécution, ce qui nécessite souvent de faire appel à un autre système d'exploitation pour remplacer l'image de disque par la nouvelle; et certaines de ces tâches ne peuvent être effectuées que par des utilisatrices avancées. Les autres doivent attendre la prochaine mise à jour officielle, si elle arrive un jour. .PP .B Bilibop signifie .RB \(aq B ilibop .BR I s .BR L ive .BR I nstall .BR B oot .BR O n .BR P endrive\(aq. Cet accronyme récursif est maintenant obsolète, mais le nom a été conservé. Le .B projet bilibop est né comme une alternative aux systèmes .BR LiveUSB . .PP En réalisant une installation standard de Debian directement sur un support amovible \(em généralement une clé USB ou un disque dur externe \(em il est possible de l'utiliser comme un système LiveUSB, avec cette différence qu'il se comporte comme n'importe quel système Debian installé: il peut être maintenu, modifié, mis à jour, ou même cassé par l'adminitratrice (root) à n'importe quel moment. En fait, sans un paramétrage spécifique, il peut être cassé n'importe quand par une utilisatrice sans privilèges; mais c'est aussi le cas des systèmes LiveUSB. .PP Ainsi, .B bilibop est un ensemble de scripts utilisant ou utilisés par d'autres programmes .RB ( initramfs\-tools (7), .BR udev (7), .BR aufs (5), ou .BR GRUB2 ) pour aider les administratrices à maintenir un système d'exploitation .B Debian GNU/Linux installé sur un support amovible et inscriptible, même si certains de ces scripts peuvent aussi être utilisés dans d'autres contextes. L'un de ses buts principaux est de répondre à des problèmes de sécurité ou de durcir des règles et des politiques standard pour rendre le système plus robuste dans cette situation particulière. Plutôt qu'une nouvelle distribution basée sur Debian, encore une, vivant vite et mourrant jeune, bilibop a été conçu comme un petit ensemble de paquets Debian. .B bilibop\-lockfs peut aussi être installé sur un ordinateur portable ou sur un ordinateur public comme une alternative à .B fsprotect ou .BR overlayroot , et .B bilibop\-udev (ou .BR bilibop\-rules ) .I devrait aussi être installé sur un LiveUSB. .SH PAQUETS BILIBOP .TP 2 .I bilibop C'est un métapaquet, dépendant de plusieurs autres paquets binaires issus du même paquet source .BR bilibop . .TP .I bilibop\-common Il founit principalement des fonctions shell et de la documentation. Voir .I README.Debian dans la documentation du paquet pour des détails sur ces fonctions. Il inclut aussi la commande .BR drivemap (1). .TP .I bilibop\-rules Ce paquet fournit des règles (rules) udev et des scripts d'aide. Son but premier est de fixer le disque hébergeant le système en cours d'éxécution, et toutes ses partitions, comme propriété du groupe .RI \(aq disk \(aq plutôt que .RI \(aq floppy \(aq, comme c'est le cas actuellement pour les supports amovibles. Il s'agit d'un contournement du bogue .BR #645466 . Les règles udev fournies par ce paquet s'appliquent même quand la racine du système est sur un périphérique .BR LUKS , un Volume Logique .BR LVM , un périphérique boucle .RB ( loop ) ou un point de montage .BR aufs (5). .B bilibop\-rules inclut aussi la commande .BR lsbilibop (8), et quelques scripts d'aide dans .IR /usr/share/bilibop , qui peuvent être éxécutés manuellement ou avec .RB \(aq dpkg\-reconfigure .BR bilibop\-rules \(aq. Voir .I README.Debian dans la documentation du paquet pour les détails. .TP .I bilibop\-udev Ce paquet est une sorte de sous-ensemble de .BR bilibop\-rules , et est plus adapté aux systèmes LiveUSB. Il fait juste en sorte que le disque hébergeant le système, et toutes ses partitions, appartiennent au groupe .RB \(aq disk \(aq plutôt que .RB \(aq floppy \(aq. Ses règles udev créent aussi un lien symbolique .BI ( /dev/bilibop ) pointant sur le nom du disque. Voir .I README.Debian dans la documentation du paquet pour les détails. .TP .I bilibop\-lockfs En utilisant un script initramfs et un programme d'aide à .BR mount (8), les systèmes de fichiers sont montés en lecture seule comme branches inférieures d'un point de montage .BR aufs (5), les branches inscriptibles correspondantes étant sur des systèmes de fichiers temporaires. De plus, les périphériques en mode bloc sont aussi paramétrés comme accessibles en lecture seule, évitant ainsi les accès en écriture de bas niveau, même par l'administratrice. Cela concourt à rendre le système d'exploitation incassable, sauf avec un marteau. Voir .I README.Debian dans la documentation du paquet pour les détails. .SH INSTALLATION .B Debian peut être installée sur un disque amovible comme elle le serait sur un disque interne, avec les restrictions suivantes: .IP \(bu 2 Il est hautement recommandé d'installer un système chiffré. Autrement, que peut-il se passer si la clé USB ou le DD externe a été perdu ou oublié quelque part, ou même volé ? Malheureusement (mais il y a des raisons de sécurité évidentes), cela ne peut pas être complètement automatisé. .IP \(bu En raison des limites du nombre de cycles d'écriture sur la mémoire flash, il n'est pas recommandé d'y installer un espace d'échange (swap): cela peut réduire considérablement la durée de vie du support. .IP \(bu Même si l'architecture .B amd64 est maintenant la plus commune sur les ordinateurs personnels modernes, l'installation d'un système compatible .B x86 le rendra plus versatile et capable de tourner autant sur une architecture amd64 que i386 (et même sur ia32, mais cela peut nécessiter un schéma de partitionnement spécifique). .IP \(bu Prenez garde, vers la fin de l'installation, que le chargeur de démarrage soit bien écrit sur le secteur d'amorçage principal (MBR) du disque sur lequel le système vient d'être installé: le choix par défaut, \(aqinstall on MBR\(aq l'installera sur le secteur d'amorçage principal du premier disque ! .IP \(bu En prenant en compte les recommandations précédentes, choisissez .RB \(aq Expert .BR Install \(aq ou .RB \(aq Expert .B Graphical .BR Install \(aq dans le menu de démarrage de l'installeur. Si vous devez installer Debian sur plusieurs périphériques, n'effectuez pas une installation automatique avec l'option .RB \(aq Auto .BR Install \(aq dans le menu de démarrage de l'installeur. Si vous avez vraiment besoin d'automatiser ce processus pour gagner du temps, utilisez plutôt un fichier .BR preseed . .SH PARAMÈTRES ET CONFIGURATION Le principal avantage d'une installation standard par rapport à un système Live est que le système installé peut répondre exactement à vos besoins: si les besoins évoluent, le système peut être facilement modifié. Il peut être installé et configuré pour être utilisé dans différents contextes: .PP \(bu usage quotidien (c'est mon cas) .br \(bu routeur et/ou pare-feu pour un réseau local .br \(bu serveur ftp et/ou http (c'est mon cas) .br \(bu récupération de données et analyse post-mortem (c'est mon cas) .br \(bu mirroir d'un dépôt de paquets Debian embarqué (c'est mon cas) .br \(bu système de test .br \(bu système à but pédagogique .br \(bu autres .PP Parce qu'un système d'exploitation tournant depuis un support externe est généralement utilisé sur des ordinateurs différents, avec des claviers, des architectures, des écrans, etc. potentiellement différents, il peut être nécessaire que certains paramétrages soient aussi flexibles que possible. Ce champ est sans doute trop large pour être couvert dans une seule page de manuel: voir .I /usr/share/doc/bilibop\-common/misc/* pour quelques trucs et astuces, détails et suggestions de paramètrages possibles. .SH FICHIERS /usr/share/bilibop\-common/README.Debian .br /usr/share/bilibop\-common/examples/bilibop.conf .br /usr/share/bilibop\-common/misc/* .br /usr/share/bilibop\-lockfs/README.Debian .br /usr/share/bilibop\-lockfs/examples/bilibop.conf .br /usr/share/bilibop\-rules/README.Debian .br /usr/share/bilibop\-rules/examples/bilibop.conf .SH VOIR AUSSI .BR bilibop.conf (5), .BR drivemap (1), .BR lsbilibop (8) .SH AUTEUR Cette page de manuel a été traduite de l'anglais par Alexandre Martin dans le cadre du projet bilibop. bilibop-0.4.20/usr/share/man/man7/bilibop.70000644000000000000000000001714412236272332015154 0ustar .TH BILIBOP 7 2013\-10\-26 bilibop "Bilibop Project" .SH NAME bilibop \- run Debian GNU/Linux from an external media .SH DESCRIPTION A lot of GNU/Linux distributions \- at least the most popular of them \- provide freely downloadable .I .iso or .I .img disk images that can be copied on a USB memory stick (sometimes with just .BR cat (1) or .BR dd (1), sometimes in a more complicated way) and immediatly usable \(aqas is\(aq. .PP But such operating systems are not designed to be modified; they are read-only, and even when they provide a \(aqpersistent\(aq feature, it is limited. Additionally, they are currently unmaintainable, in the sense that rebuild the complete image of the root filesystem is the only way to update the system or modify its settings in depth. This is often a hard or heavy task that cannot be done from the system itself: this needs a dedicated work space, outside of the running system, and this often needs another operating system to replace the disk image by the new one; and some of these tasks can be done only by experienced users. Others have to wait for the next release, if it comes a day. .PP .B Bilibop stands for .RB \(aq B ilibop .BR I s .BR L ive .BR I nstall .BR B oot .BR O n .BR P endrive\(aq. This recursive acronym is now obsolete, but the name has been kept. The .B bilibop project is born as an alternative to the .B LiveUSB systems. .PP By performing a standard installation of Debian directly on a removable media \(em currently a USB key or an external HDD \(em it is possible to use it as a LiveUSB system, with the big difference that it behaves like any installed Debian OS: it can be maintained, modified, updated, or even broken by the root user at any time. In fact, without specific settings, it can be broken by an unprivileged user at any time; but this is also the case of LiveUSB systems. .PP So, .B bilibop is a collection of scripts using or used by other programs .RB ( initramfs\-tools (7), .BR udev (7), .BR aufs (5), or .BR GRUB2 ) to help admins to maintain a .B Debian GNU/Linux operating system installed on a removable and writable media, even if some of these scripts may also be used in other contexts. One of its main goals is to fix security issues or harden standard rules and policies, to make the system more robust in this particular situation. Instead of yet another new, living fast and dying young, Debian based distribution, bilibop has been designed as a set of few debian packages. .B bilibop\-lockfs may also be installed on a laptop or on a public computer as an alternative to .B fsprotect or .BR overlayroot , and .B bilibop\-udev (or .BR bilibop\-rules ) .I should also be installed on a LiveUSB. .SH BILIBOP PACKAGES .TP 2 .I bilibop This is a meta package, depending on several other binary packages from the same .B bilibop source package. .TP .I bilibop\-common It mainly provides shell functions and documentation. See .I README.Debian in the documentation of the package for details about these functions. It also includes the .BR drivemap (1) command. .TP .I bilibop\-rules This package provides udev rules and helper scripts. Its main purpose is to fix the external drive hosting the running system, and all its partitions, as owned by the .RI \(aq disk \(aq group instead of .RI \(aq floppy \(aq, as done by the common udev rules applied to removable media. This is a workaround of the bug .BR #645466 . The udev rules provided by this package work even when the root filesystem is on a .B LUKS device, a .B LVM Logical Volume, a .B loop device or is an .BR aufs (5) mountpoint. .B bilibop\-rules also includes the .BR lsbilibop (8) command, and some helper scripts in .IR /usr/share/bilibop , that can be executed manually or with .RB \(aq dpkg\-reconfigure .BR bilibop\-rules \(aq. See .I README.Debian in the documentation of the package for details. .TP .I bilibop\-udev This package is a kind of subset of .BR bilibop\-rules , and is more suited for LiveUSB systems. It just makes that the drive hosting the running system, and all its partitions, belong to the .RB \(aq disk \(aq group instead of .RB \(aq floppy \(aq. Its udev rules also create a symlink .BI ( /dev/bilibop ) pointing to the drive name. See .I README.Debian in the documentation of the package for details. .TP .I bilibop\-lockfs By using an initramfs script and a .BR mount (8) helper script, filesystems are mounted as readonly branches of .BR aufs (5), the corresponding writable branches being on temporary filesystems. Additionally, block devices are set readonly too, avoiding low\-level write access on them, even by root. All this makes the operating system unbreakable, unless with a hammer. See .I README.Debian in the documentation of the package for details. .SH INSTALLATION .B Debian can be installed on a removable drive as it is on an internal one, except: .IP \(bu 2 It is highly recommended to install a full encrypted system. Otherwise, what can happen if the USB stick or the external HDD has been lost or forgotten somewhere, or even thieft ? Unfortunately (but there are evident security reasons), this can not be fully preseeded. .IP \(bu Due to write-cycles limits on flash memory, it is not recommended to use a swap area on them: this can dramatically decrease the lifetime of the drive. .IP \(bu Even if the .B amd64 is now the most common architecture on modern .BR P ersonal .BR C omputers, installation of a .B x86 system will make it more versatile and work both on amd64 and i386 architectures (and even on ia32, but this needs at least a specific partition scheme). .IP \(bu Take care, near the end of the installation, that the bootloader will be installed on the MBR of the drive where the system has been freshly installed: choosing the default \(aqinstall on MBR\(aq will install it on the Master Boot Record of the first disk ! .IP \(bu Taking previous recommendations into account, choose .RB \(aq Expert .BR Install \(aq or .RB \(aq Expert .B Graphical .BR Install \(aq in the installer boot menu. if you have to install Debian on several devices, don't perform an automated installation via the .RB \(aq Auto .BR Install \(aq option in the installer boot menu. If you really need to automate this process to win time, use a .B preseed file instead. .SH SETTINGS AND CONFIGURATION The main advantage of a standard installation over a Live system is that the installed one can exactly answer your needs: if the needs change, the system can be easily modified. It can be installed and configured to be used as/for: .PP \(bu daily usage (this is my case) .br \(bu router and/or firewall for a LAN .br \(bu ftp and/or http server (this is my case) .br \(bu forensics and rescue system (this is may case) .br \(bu embedded Debian repository (this is my case) .br \(bu testing system .br \(bu educational purposes .br \(bu others .PP Because an operating system running from an external device is generally used on different computers, with potentially different keyboards, architectures, monitors, and so on, it could need some special settings to be as versatile as possible. Maybe the field is too large to be covered into a single manual page: see .I /usr/share/doc/bilibop\-common/misc/* for some tips and tricks, details and suggestions about possible settings. .SH FILES /usr/share/bilibop\-common/README.Debian .br /usr/share/bilibop\-common/examples/bilibop.conf .br /usr/share/bilibop\-common/misc/* .br /usr/share/bilibop\-lockfs/README.Debian .br /usr/share/bilibop\-lockfs/examples/bilibop.conf .br /usr/share/bilibop\-rules/README.Debian .br /usr/share/bilibop\-rules/examples/bilibop.conf .SH SEE ALSO .BR bilibop.conf (5), .BR drivemap (1), .BR lsbilibop (8) .SH AUTHOR This manual page has been written by Bilibop Project . bilibop-0.4.20/usr/share/man/man1/0000755000000000000000000000000012173760220013425 5ustar bilibop-0.4.20/usr/share/man/man1/lockfs-notify.10000644000000000000000000000462212165414757016316 0ustar .TH LOCKFS\-NOTIFY 1 2012\-05\-22 bilibop "User Commands" .SH NAME lockfs\-notify \- notify user about temporary or permanent changes on fs .SH SYNOPSIS .B lockfs\-notify .RI [ \-a | \-\-always | \-l | \-\-lockfs | \-n | \-\-nolockfs ] .RI [ \-t .IR TIME | \-\-expire\-time = TIME ] .br .B lockfs\-notify .IR \-h | \-\-help .SH DESCRIPTION .B lockfs\-notify is a wrapper around .BR notify\-send (1). It is used to send a notification to users at the beginning of a session, to say if temporary or permanent changes are allowed on which filesystems (or more precisely on which mountpoints). .SH OPTIONS If several of the .IR \-a , .I \-l or .I \-n options are invoked (or their long forms, respectively .IR \-\-always , .I \-\-lockfs or .IR \-\-nolockfs ), the last overrides the previous ones. The invocation of these options also overrides the variable \(aqBILIBOP_LOCKFS_NOTIFY_POLICY\(aq that can be set in .BR bilibop.conf (5). .PP .BR \-a , .B \-\-always .RS Always send a notification: about filesystems on which permanent changes are allowed, and about filesystems on which temporary changes are allowed. So, if the .B bilibop\-lockfs feature is enabled, and one or more mountpoints have been whitelisted in .IR /etc/bilibop/bilibop.conf , then two notifications are send to the user. .RE .PP .BR \-h , .B \-\-help .RS Print a short help message on stdout and exit. .RE .PP .BR \-l , .B \-\-lockfs .RS Send a notification only about filesystems for which the \(aqlockfs\(aq feature has been enabled, i.e. about mountpoints for which only temporary changes are allowed. All these changes will be lost at next shutdown of the computer. .RE .PP .BR \-n , .B \-\-nolockfs .RS Send a notification only about filesystems for which the \(aqlockfs\(aq feature has been disabled, i.e. about mountpoints for which permanent changes are allowed. All these changes will be kept after the shutdown of the computer. .RE .PP .B \-t .IR TIME , .BI \-\-expire\-time= TIME .RS Specifies the timeout in milliseconds at which to expire the notification. Values of .I TIME less than .BI \(aq 1000 \(aq (1 second) make the timeout is disabled and the notification never expires. If .I TIME is not an integer, this option is silently ignored. .RE .SH FILES /etc/xdg/autostart/lockfs\-notify.desktop .SH SEE ALSO .BR bilibop (7), .BR bilibop.conf (5), .BR notify\-send (1) .SH AUTHOR This manual page has been written by Bilibop Project . bilibop-0.4.20/usr/share/man/man1/lockfs-notify.fr.10000644000000000000000000000600212165414757016716 0ustar .TH LOCKFS\-NOTIFY 1 2012\-05\-22 bilibop "Commandes de l'utilisatrice" .SH NOM lockfs\-notify \- notifier à l'utilisatrice les possibilités de modification des fs .SH SYNOPSIS .B lockfs\-notify .RI [ \-a | \-\-always | \-l | \-\-lockfs | \-n | \-\-nolockfs ] .RI [ \-t .IR TEMPS | \-\-expire\-time = TEMPS ] .br .B lockfs\-notify .IR \-h | \-\-help .SH DESCRIPTION .B lockfs\-notify est une enveloppe autour de .BR notify\-send (1). Il est utilisé pour envoyer une notification aux utilisatrices au démarrage d'une session, pour dire si des changements temporaires ou permanents sont permis sur quels systèmes de fichiers (ou plus précisément sur quels points de montage). .SH OPTIONS Si plusieurs des options .IR \-a , .I \-l ou .I \-n (ou leurs formes longues, respectivement .IR \-\-always , .I \-\-lockfs ou .IR \-\-nolockfs ), sont invoquées, la dernière écrase les précédentes. L'invocation de ces options écrase aussi la variable \(aqBILIBOP_LOCKFS_NOTIFY_POLICY\(aq qui peut être définie dans .BR bilibop.conf (5). .PP .BR \-a , .B \-\-always .RS Toujours envoyer une notification: à propos des systèmes de fichiers sur lesquels les modifications seront permanentes, et à propos des systèmes de fichiers sur lesquels les modifications seront temporaires. Donc, si la fonctionnalité .B bilibop\-lockfs est activée, et qu'un ou plusieurs points de montage ont été listés dans .I /etc/bilibop/bilibop.conf comme ne devant pas être verrouillés, deux notifications sont envoyées à l'utilisatrice. .RE .PP .BR \-h , .B \-\-help .RS Affiche un court message d'aide sur la sortie standard et quitte. .RE .PP .BR \-l , .B \-\-lockfs .RS Envoie une notification seulement à propos des systèmes de fichiers pour lesquels la fonction \(aqlockfs\(aq a été activée, c'est à dire à propos des points de montage pour lesquels les modifications ne peuvent être que temporaires. Toutes ces modifications seront perdues au prochain arrêt de l'ordinateur. .RE .PP .BR \-n , .B \-\-nolockfs .RS Envoie une notification seulement à propos des systèmes de fichiers pour lesquels la fonction \(aqlockfs\(aq a été désactivée, c'est à dire à propos des points de montage pour lesquels les modifications sont écrites sur le disque. Toutes ces modifications seront conservées après l'arrêt de l'ordinateur. .RE .PP .B \-t .IR TEMPS , .BI \-\-expire\-time= TEMPS .RS Spécifie le délai d'attente en millisecondes après lequel la notification arrive à expiration, c'est à dire disparaît du bureau. Les valeurs de .I TEMPS inférieures à .BI \(aq 1000 \(aq (1 seconde) désactivent le délai d'attente et la notification n'expire pas (reste indéfiniment visible sur le bureau). Si .I TEMPS n'est pas un nombre entier, cette option est silencieusement ignorée. .RE .SH FICHIERS /etc/xdg/autostart/lockfs\-notify.desktop .SH VOIR AUSSI .BR bilibop (7), .BR bilibop.conf (5), .BR notify\-send (1) .SH AUTEUR Cette page de manuel a été traduite de l'anglais par Christophe Blanc dans le cadre du projet bilibop. bilibop-0.4.20/usr/share/man/man1/drivemap.10000644000000000000000000001315112173760220015317 0ustar .TH DRIVEMAP 1 2012\-05\-22 bilibop "User commands" .SH NAME drivemap \- show block devices in a tree of dependencies .SH SYNOPSIS .BR drivemap .RI [ \-i | \-\-info .RI [ \-w | \-\-width .BR N ]] .RI [ \-d | \-\-drive ] .RI [ FILE ] .br .BR drivemap .RI [ \-i | \-\-info .RI [ \-w | \-\-width .BR N ]] .RI [ \-p | \-\-mountpoint ] .RI [ \-f | \-\-backing\-file ] .RI [ \-n | \-\-dm\-name ] .RI [ \-m | \-\-mark ] .RI [ FILE ] .PP .BR drivemap .IR \-h | \-\-help .br .BR drivemap .RI [ \-\-debug ] .RI [ \-x | \-\-set\-x ] .RI [ OPTIONS ] .RI [ FILE ] .SH DESCRIPTION .B drivemap is a shell script using the .IR proc , .I sysfs and .I udev databases to display block devices in a tree of dependencies. It is based on .B bilibop\-common shell functions and supports .B device\-mapper (including dm\-crypt and LVM) and .B loop devices, with some limitations. .B RAID devices and .B mhddfs filesystems are not supported. See the .B ENHANCEMENTS AND LIMITATIONS section below. .SH OPTIONS When no .I FILE argument is invoked, the command is applied to all drives. If a .I FILE is given as argument and exists, then the command applies to the drive hosting it. FILE can be a regular file, a directory or a block device. .PP .B \-\-debug .RS Display debug information on stderr. When this option is invoked, each called function prints its name. See also .RB \(aq \-\-set\-x \(aq. .RE .PP .BR \-d , .B \-\-drive .RS Only show the drive node instead of its tree. .RE .PP .BR \-f , .B \-\-backing\-file .RS Try to replace each loop device in the tree by its backing file. This can fail in some cases: for example on DebianLive systems, a loop device is associated to .I filesystem.squashfs from into the initramfs environment; the path of the backing file in .I /sys is not updated when the squashfs itself becomes the new root filesystem. And so the filename stored in .I backing_file is obsolete, and will not be displayed here. .RE .PP .BR \-h , .B \-\-help .RS Print a summary of options on stdout and exit. .RE .PP .BR \-i , .B \-\-info .RS Display additional information about block devices. For drives, this includes the ID (as found in .IR /dev/disk/by\-id ), and the size (human readable). For other devices (partitions and virtual block devices), this includes the filesystem type ant its size. .RE .PP .BR \-m , .B \-\-mark .RS If a .I FILE is given as argument, append a mark (a star between parenthesis: .IR (*) ) to the name of the device hosting this FILE. Otherwise, append a mark to the name of the device hosting the current working directory. .RE .PP .BR \-n , .B \-\-dm\-name .RS Replace device\-mapper nodes .RI ( /dev/dm\-* ) by device\-mapper names .RI ( /dev/mapper/* ), which are statically attributed and generally easier to understand. .RE .PP .BR \-p , .B \-\-mountpoint .RS Show the mountpoints of mounted devices, and show swap devices in use. .RE .PP .B \-w .BR N , .BR \-\-width = N .RS Format the output on .B N columns. Can be used with .RB \(aq \-\-info \(aq and/or .RB \(aq \-\-mountpoint \(aq. If N is not an integer or is greater than the number of columns of the screen, then the output will use the full width of the screen. If this option is not used, then the default is to display the result on 70 columns. .RE .PP .BR \-x , .B \-\-set\-x .RS Display debug information on stderr. When this option is invoked, the shell script is set as .BR \-x , for more debug details. See also .RB \(aq \-\-debug \(aq. .RE .SH ENHANCEMENTS AND LIMITATIONS .B drivemap is a part of the .BR bilibop (7) project. It has initially been written to be applied to the external drive hosting the running system. By design, it don't support .B RAID devices, and will never support them. Another design issue is that .BR lvm (8) Volume Groups should contain only one Physical Volume. We assume that there is no sense to use several Physical Volumes on the same drive for the same Volume Group. Adopting a parent/child mindview, we say that each device can have at most one parent but zero to several children. Since the script has been extended to be applied to all drives connected to the computer, this sounds like a bug. .PP Unlike the .BR lsblk (1) command, .B drivemap integrates loopback devices in the tree of dependencies. In fact, the question that can be asked is the following: .br " What will happen to the content of other physical or virtual block devices if I .BR dd (1), .BR shred (1) or .BR wipe (1) this one or this one ? " .br And then it appears that .I slaves and .I holders information in sysfs are not sufficient to organize block devices in a tree, or should be extended. For the same reason, logical partitions are shown as subdevices of primary extended partitions. .PP Only block devices whose contents is hosted by a physical disk are shown: this means if a loop device is associated to a file residing on a temporary filesystem (tmpfs, i.e. the RAM), this device will not be shown. This is .B NOT a bug: as said by its name, .B drivemap builts and displays a .RB \(aq map .B of .BR drive (s)\(aq. .SH EXAMPLES List the physical drives actually known by the kernel: .IP .B drivemap \-d .PP Find the drive hosting the running system, and display its ID and size: .IP .B drivemap \-id / .PP Show where is my current working directory on a disk with a complex partition scheme (LVM + LUKS + LVM): .IP .B drivemap \-min . .SH BUGS See the .B ENHANCEMENTS AND LIMITATIONS section above. .SH FILES /sys/class/block/*/holders .br /sys/class/block/*/slaves .br /sys/class/block/loop?*/loop/backing_file .SH SEE ALSO .BR bilibop (7), .BR lsbilibop (8), .BR lsblk (1), .BR lvm (8), .BR udev (7), .BR udevadm (8) .SH AUTHOR This manual page has been written by Bilibop Project . bilibop-0.4.20/usr/share/man/man1/drivemap.fr.10000644000000000000000000001565312165414757015752 0ustar .TH DRIVEMAP 1 2012\-05\-22 bilibop "Commandes de l'utilisatrice" .SH NOM drivemap \- montrer les périphériques bloc dans un arbre de dépendances .SH SYNOPSIS .BR drivemap .RI [ \-i | \-\-info .RI [ \-w | \-\-width .BR N ]] .RI [ \-d | \-\-drive ] .RI [ FILE ] .br .BR drivemap .RI [ \-i | \-\-info .RI [ \-w | \-\-width .BR N ]] .RI [ \-p | \-\-mountpoint ] .RI [ \-f | \-\-backing\-file ] .RI [ \-n | \-\-dm\-name ] .RI [ \-m | \-\-mark ] .RI [ FICHIER ] .PP .BR drivemap .IR \-h | \-\-help .br .BR drivemap .RI [ \-\-debug ] .RI [ \-x | \-\-set\-x ] .RI [ OPTIONS ] .RI [ FICHIER ] .SH DESCRIPTION .B drivemap est un script shell utilisant les informations de .IR proc , .I sysfs et .I udev pour afficher les périphériques bloc dans un arbre de dépendances. Il est basé sur les fonctions shell de .B bilibop\-common et supporte .B device\-mapper (dont dm\-crypt et LVM) et les périphériques boucle .RB ( loop ) avec quelques limitations. Les périphériques .B RAID et les systèmes de fichiers .B mhddfs ne sont pas supportés. Voir plus bas la section .B AMÉLIORATIONS ET .BR LIMITATIONS . .SH OPTIONS Quand aucun argument .I FICHIER n'est fourni, la commande est appliquée à tous les disques. Si un fichier .I FICHIER est donné comme argument et existe, alors la commande s'applique au disque contenant ce fichier. FICHIER peut être un fichier régulier, un répertoire ou un fichier spécial en mode bloc. .PP .B \-\-debug .RS Affiche des informations de débogage sur la sortie standard des erreurs. Quand cette option est invoquée, chaque fonction appelée affiche son nom. Voir aussi .RB \(aq \-\-set\-x \(aq. .RE .PP .BR \-d , .B \-\-drive .RS Montre uniquement les disques plutôt que leurs arbres. .RE .PP .BR \-f , .B \-\-backing\-file .RS Essaye de remplacer chaque périphérique boucle dans l'arbre par son fichier associé. Cela peut échouer dans certains cas: par exemple sur les systèmes DebianLive, un périphérique boucle est associé à .I filesystem.squashfs depuis l'environnement du disque initial chargé en mémoire (initramdisk); le chemin absolu du fichier n'est pas mis à jour dans .I /sys quand le système de fichiers squashfs devient lui\-même la nouvelle racine du système. Ainsi le nom de fichier stocké dans .I backing_file est obsolète, et ne sera donc pas affiché. .RE .PP .BR \-h , .B \-\-help .RS Affiche la liste des options sur la sortie standard et quitte. .RE .PP .BR \-i , .B \-\-info .RS Affiche des informations supplémentaires sur les périphériques. Pour les disques ou lecteurs de disques, cela inclut l'identifiant (ID, tel que donné dans .IR /dev/disk/by\-id ), et la taille (en format lisible par des humains). Pour les autres périphériques bloc (partitions et périphériques virtuels) cela inclut le type du système de fichiers et la taille. .RE .PP .BR \-m , .B \-\-mark .RS Si un .I FICHIER est donné en argument, ajoute une marque (un astérisque entre parenthèses: .IR (*) ) au nom du périphérique contenant ce FICHIER. Autrement, ajoute une marque au nom du périphérique contenant le répertoire de travail courant. .RE .PP .BR \-n , .B \-\-dm\-name .RS Remplace les noeuds device\-mapper .RI ( /dev/dm\-* ) par leurs noms .RI ( /dev/mapper/* ), qui sont attribués statiquement et généralement plus faciles à reconnaître. .RE .PP .BR \-p , .B \-\-mountpoint .RS Affiche les points de montage des périphériques montés, et montre les périphériques d'échange (swap) en cours d'utilisation. .RE .PP .B \-w .BR N , .BR \-\-width = N .RS Formate la sortie sur .B N colonnes. Peut être utilisé avec .RB \(aq \-\-info \(aq et/ou .RB \(aq \-\-mountpoint \(aq. Si N n'est pas un nombre entier, ou s'il est plus grand que le nombre de colonnes de l'écran, alors la sortie utilisera la pleine largeur de l'écran. Si cette option n'est pas utilisée, le comportement par défaut est d'afficher le résultat sur 70 colonnes. .RE .PP .BR \-x , .B \-\-set\-x .RS Affiche des informations de débogage sur la sortie standard des erreurs. Quand cette option est invoquée, le script shell est paramètré avec l'option .BR \-x , pour plus de détails de débogage. Voir aussi .RB \(aq \-\-debug \(aq. .RE .SH AMÉLIORATIONS ET LIMITATIONS .B drivemap fait partie du projet .BR bilibop (7). Cette commande a été initialement écrite pour être appliquée au périphérique externe hébergeant le système en cours d'éxécution. Par son design, elle ne supporte pas les périphériques .B RAID et ne les supportera jamais. Un autre problème de design est que les Groupes de Volumes .BR lvm (8) ne devraient contenir qu'un seul Volume Physique. Nous assumons qu'il n'y a pas de sens à utiliser plusieurs Volumes Physiques sur un même disque pour un même Groupe de Volumes. En adoptant une vue de l'esprit parent/enfant, nous disons que chaque périphérique peut avoir au plus un parent mais de zéro à plusieurs enfants. Depuis que le script a été étendu pour être appliqué à tous les disques connectés à l'ordinateur, cela sonne comme un bogue. .PP Contairement à la commande .BR lsblk (1), .B drivemap intègre les périphériques boucle (loop) dans l'arbre des dépendances. En fait, la question qui peut être posée est la suivante: .br " Qu'est\-ce qui se passera pour le contenu d'autres périphériques physiques ou virtuels si je lance une commande .BR dd (1), .BR shred (1) ou .BR wipe (1) sur celui\-ci ou celui\-là ? " .br Et alors il apparaît que les informations contenues dans les fichiers .I slaves et .I holders dans sysfs ne sont pas suffisantes pour organiser les périphériques bloc en arbre, ou devraient être étendues. Pour la même raison, les partitions logiques sont montrées comme des sous\-périphériques des partitions primaires étendues. .PP Seuls les périphériques bloc dont le contenu est hébergé par un disque physique sont affichés: cela signifie que si un périphérique boucle est associé à un fichier se trouvant sur un système de fichiers temporaire (tmpfs, c'est à dire la RAM), ce périphérique ne sera pas montré. Ce n'est .B PAS un bogue: comme annoncé par son nom, .B drivemap construit et affiche une .RB \(aq carte .B des .BR disques \(aq (map of drives). .SH EXEMPLES Lister les lecteurs de disques physiques actuellement reconnus par le noyau: .IP .B drivemap \-d .PP Trouver le disque hébergeant le système en cours d'éxécution, et afficher son identifiant et sa taille: .IP .B drivemap \-id / .PP Montrer où est mon répertoire de travail courant sur un disque avec un schéma de partitionnement complexe (LVM + LUKS + LVM): .IP .B drivemap \-min . .SH BOGUES Voir plus haut la section .B AMÉLIORATIONS ET .BR LIMITATIONS . .SH FICHIERS /sys/class/block/*/holders .br /sys/class/block/*/slaves .br /sys/class/block/loop?*/loop/backing_file .SH VOIR AUSSI .BR bilibop (7), .BR lsbilibop (8), .BR lsblk (1), .BR lvm (8), .BR udev (7), .BR udevadm (8) .SH AUTEUR Cette page de manuel a été traduite de l'anglais par Alexandre Martin dans le cadre du projet bilibop. bilibop-0.4.20/usr/share/man/man8/0000755000000000000000000000000012244305157013437 5ustar bilibop-0.4.20/usr/share/man/man8/lockfs_mount_helper.fr.80000644000000000000000000001021412165414757020207 0ustar .TH LOCKFS_MOUNT_HELPER 8 2012\-05\-29 bilibop "Administration système" .SH NOM mount.lockfs \- script d'aide pour la commande mount .SH SYNOPSIS .B mount.lockfs .I SYSTÈME_DE_FICHIERS .I POINT_DE_MONTAGE .B \-o .I OPTIONS_DE_MONTAGE .SH DESCRIPTION .B /sbin/mount.lockfs est un lien symbolique vers .IR /lib/bilibop/lockfs_mount_helper . Il est utilisé comme un programme d'aide par la commande .BR mount (8) pour le type de système de fichiers .RB \(aq lockfs \(aq dans les entrées de .IR /etc/fstab . Ce script ne peut pas être lancé manuellement, et échoue si la racine du système n'est pas déjà gérée par .BR bilibop-lockfs . Son usage correct et la manière dont il travaille sont les suivants: .IP 1. 3 Activer .BR bilibop\-lockfs : fixer la variable BILIBOP_LOCKFS à .I true dans .BR bilibop.conf (5) et redémarrer l'ordinateur; ou redémarrer l'ordinateur et ajouter le paramètre .RB \(aq lockfs \(aq à la ligne de commande du noyau. .IP 2. Une fois que la future racine \(aq/\(aq est paramètrée comme point de montage .BR aufs (5) depuis l'environnement du disque de démarrage en mémoire (initramdisk), le fichier temporaire .BR fstab (5), accessible en écriture, est modifié pour remplacer les types de certains systèmes de fichiers par .RB \(aq lockfs \(aq. Les options sont aussi modifiées pour se rappeler du type de système de fichiers d'origine. .IP 3. Une fois que le point de montage aufs est la nouvelle racine du système, les scripts d'initialisation sont éxécutés: .BR fstab (5) est parcouru par .RB \(aq mount .BR \-a \(aq, et la commande .BR mount (8) appelle .I mount.lockfs avec les arguments corrects quand un système de fichiers de type .RB \(aq lockfs \(aq est rencontré. .IP 4. .B mount.lockfs parcourt les arguments et vérifie si le système de fichiers a été mis de côté par .BR bilibop.conf (5), ou pas. Si c'est le cas, le système de fichiers est monté normalement et l'entrée de fstab est modifiée pour refléter l'appel réel à mount. Si ni le système de fichiers ni le point de montage n'ont été mis de côté, alors le système de fichiers est monté ailleurs et en lecture seule, un système de fichiers temporaire est monté avec ses propres options, taille, permissions et propriétés, et un système de fichiers aufs est monté sur le .I POINT_DE_MONTAGE donné en argument, avec les branches paramètrées précédemment. L'entrée dans fstab est remplacée par trois lignes reflétant les appels réels à mount. Si quelque chose échoue, .B mount.lockfs agit comme si le système de fichiers avait été mis de côté. Voir .I /usr/share/doc/bilibop\-lockfs/README.Debian pour plus de détails. .SH OPTIONS .B lockfs_mount_helper utilise les options et arguments tels que fournis par .BR mount (8) après que cette dernière ait analysé l'entrée correspondante dans .BR fstab (5). Ainsi, ces options et arguments sont obligatoires et sont fournis dans cet ordre: .TP .I SYSTÈME_DE_FICHIERS Correspondant au premier champ dans fstab. Ce doit être un périphérique en mode bloc ou un lien symbolique vers un tel périphérique. Si ce champ est donné dans l'un des formats .B UUID=* ou .BR LABEL=* , alors la commande mount le traduit en nom du périphérique correspondant avant d'appeler le programme d'aide. .TP .I POINT_DE_MONTAGE Correspondant au deuxième champ dans le fichier fstab. .TP .I \-o OPTIONS_DE_MONTAGE Correspondant au quatrième champ dans fstab. Les options de montage sont analysées par le script d'aide: si l'option .B fstype=* est rencontrée, elle est retirée des options et utilisée pour monter la branche inférieure (en lecture seule) avec ce type de système de fichiers. Si les options .BR ro , .BR noexec , .B nosuid ou .B nodev sont rencontrées, elles sont ajoutées à la liste des options de montage de la branche supérieure (accessible en écriture). .SH FICHIERS /etc/fstab .br /lib/bilibop/lockfs_mount_helper .br /usr/share/doc/bilibop\-lockfs/README.Debian .SH VOIR AUSSI .BR aufs (5), .BR bilibop (7), .BR bilibop.conf (5), .BR fstab (5), .BR mount (8) .SH AUTEUR Cette page de manuel a été traduite de l'anglais par Christophe Blanc dans le cadre du projet bilibop. bilibop-0.4.20/usr/share/man/man8/lsbilibop.80000644000000000000000000001074012244270401015502 0ustar .TH LSBILIBOP 8 2013\-11\-24 bilibop "System Administration" .SH NAME lsbilibop \- list BILIBOP tagged devices, display or update some of their udev properties .SH SYNOPSIS .B lsbilibop .RB [ \-l ] .br .B lsbilibop .RB [ \-a | \-c | \-i ] .RI [ DEVICE .RI [ DEVICE .RI [ ... ]]] .br .B lsbilibop \-h .SH DESCRIPTION .B lsbilibop is a simple shell script that ouputs the list of .I BILIBOP tagged block devices and some of their .BR udev (7) properties, or triggers uevents to update udev rules and properties that can be applied to these devices. .P If the operating system is running from an external and writable support (USB or SD Flash Memory, USB, Firewire or eSATA HDD), then the .I BILIBOP tagged devices are the block devices whose contents are on the same physical disk than the root filesystem. This includes .BR disk , .BR partitions , but also .B device\-mapper and .B loopback devices, and even block devices containing a filesystem used as lower/readonly branch of an .BR aufs (5) mountpoint. The rules file .I /lib/udev/rules.d/66\-bilibop.rules (or .IR /etc/udev/rules.d/66\-bilibop.rules ) is used to find and tag such devices. .SH OPTIONS Options must be invoked before arguments. When invoked without option, .B lsbilibop just outputs a list of the device(s) given as arguments (if they are .I BILIBOP tagged block devices), or of all .I BILIBOP tagged block devices if none is specified. Devices are listed in the same order than in .IR /proc/partitions , i.e. in the order they have been discovered by the kernel. Absolute or relative paths and symlinks can be used to specify a device. Shell wildcards are allowed. .TP 4 .B \-a Trigger \(aqdevice .BR add \(aq uevent for the device(s) given as arguments (if they are .I BILIBOP tagged block devices), or of all BILIBOP tagged block devices if none is specified, to update their properties. This can be used each time the corresponding BILIBOP_RULES_* variables are modified in .BR bilibop.conf (5), to apply the new settings without need to reboot the operating system. .TP .B \-c Trigger \(aqdevice .BR change\(aq uevent for the device(s) given as arguments (if they are .I BILIBOP tagged block devices), or of all BILIBOP tagged block devices if none is specified, to update their properties. This can be used each time the corresponding BILIBOP_RULES_* variables are modified in .BR bilibop.conf (5), to apply the new settings without need to reboot the operating system. .TP .B \-h Print a help page on standard output and exit. .TP .B \-i Display some useful .BR udev (7) properties of the device(s) given as arguments (if they are .I BILIBOP tagged block devices), or of all .I BILIBOP tagged block devices if none is specified. This option overrides \-a and \-c options. .IP The following properties are only informative. The two last ones are set if and only if .B udisks 1.x (ID_DRIVE_DETACHABLE) and/or .B udisks 2.x (UDISKS_CAN_POWER_OFF) are installed. .IP DEVNAME .br BILIBOP_DISK .br BILIBOP_PARTITION .br BILIBOP_UNDERLYING_PARTITION .br DEVLINKS .IP ID_DRIVE_DETACHABLE .br UDISKS_CAN_POWER_OFF .IP The following properties can be used to set BILIBOP_RULES_*_WHITELIST and other variables in .BR bilibop.conf (5): .IP ID_FS_LABEL .br ID_FS_TYPE .br ID_FS_USAGE .br ID_FS_UUID .IP The following properties can be modified by changing the corresponding BILIBOP_RULES_* variables in .BR bilibop.conf (5). They are set if and only if .B udisks 1.x (for the first set) and/or .B udisks 2.x (for the second set) are installed. .IP UDISKS_PRESENTATION_HIDE .br UDISKS_PRESENTATION_ICON_NAME .br UDISKS_PRESENTATION_NAME .br UDISKS_SYSTEM_INTERNAL .IP UDISKS_IGNORE .br UDISKS_ICON_NAME .br UDISKS_NAME .br UDISKS_SYSTEM .TP .B \-l Dont't rely on the \(aqBILIBOP\(aq tag to list the devices. This option is based on the .I bilibop\-common shell library. .SH ERRORS If the \(aqBILIBOP\(aq tag does not exist in the udev database, then .B lsbilibop displays a useful error message on stderr, and lists the device nodes whose content is supposed to be written on the same physical disk than the root filesystem (as does the \-l option). Exit code is 8. .SH FILES /etc/bilibop/bilibop.conf .br /usr/share/doc/bilibop\-rules/examples/bilibop.conf .br /usr/share/bilibop/bilibop_rules_generator .br /lib/udev/rules.d/66\-bilibop.rules .br /etc/udev/rules.d/66\-bilibop.rules .SH SEE ALSO .BR bilibop (7), .BR bilibop.conf (5), .BR drivemap (1), .BR udev (7), .BR udevadm (8), .BR udisks (7), .BR udisks (8) .SH AUTHOR This manual page has been written by Bilibop Project . bilibop-0.4.20/usr/share/man/man8/lsbilibop.fr.80000644000000000000000000001272712244304154016122 0ustar .TH LSBILIBOP 8 2013\-11\-24 bilibop "Administration système" .SH NOM lsbilibop \- lister les périphériques étiquetés BILIBOP, afficher ou mettre à jour certaines de leurs propriétés udev .SH SYNOPSIS .B lsbilibop .RB [ \-l ] .br .B lsbilibop .RB [ \-a | \-c | \-i ] .RI [ PÉRIPHÉRIQUE .RI [ PÉRIPHÉRIQUE .RI [ ... ]]] .br .B lsbilibop \-h .SH DESCRIPTION .B lsbilibop est un simple script shell qui affiche la liste des périphériques bloc marqués .I BILIBOP et certaines de leurs propriétés .BR udev (7), ou déclenche des évènements pour mettre à jour les règles udev et les propriétés qui peuvent être appliquées à ces périphériques. .P Si le système d'exploitation tourne depuis un support externe accessible en écriture (mémoire Flash USB ou SD, disque dur USB, Firewire ou eSATA), alors les périphériques étiquetés .I BILIBOP sont les périphériques de type bloc dont le contenu se trouve sur le même disque physique que le système de fichiers racine. Cela inclut le .BR disque , les .BR partitions , mais aussi les périphériques virtuels .B device\-mapper et .BR loopback , et même les périphériques contenant un système de fichiers utilisé comme branche inférieure (en lecture seule) d'un point de montage pour .BR aufs (5). Le fichier de règles .I /lib/udev/rules.d/66\-bilibop.rules (ou .IB /etc/udev/rules.d/66\-bilibop.rules ) est utilisé pour trouver et étiqueter ces périphériques. .SH OPTIONS Les options doivent précéder les arguments. Quand elle est invoquée sans option, .B lsbilibop renvoie seulement la liste des périphériques donnés comme arguments (s'il s'agit de périphériques en mode bloc étiquetés .IB BILIBOP ), ou de tous les périphériques étiquetés .I BILIBOP si aucun argument n'est fourni. Les périphériques sont listés dans le même ordre que dans le fichier .IR /proc/partitions , c'est à dire dans l'ordre de leur découverte par le noyau. Des chemins absolus ou relatifs et les liens symboliques peuvent être utilisés pour désigner un périphérique. Les caractères joker du shell sont acceptés. .TP 4 .B \-a Déclenche un évènement .RB \(aq ajout de périphérique\(aq pour le(s) périphérique(s) donné(s) en argument(s) (s'il est étiqueté .IR BILIBOP ), ou de tous les périphériques étiquetés .I BILIBOP si aucun argument n'est fourni, pour mettre à jour leurs propriétés udev. Cela peut être utilisé chaque fois que les variables BILIBOP_RULES_* correspondantes sont modifiées dans le fichier .BR bilibop.conf (5), pour appliquer les nouveaux paramètres sans avoir à redémarrer le système d'exploitation. .TP .B \-c Déclenche un évènement .RB \(aq modification de périphérique\(aq pour le(s) périphérique(s) donné(s) en argument(s) (s'il est étiqueté .IR BILIBOP ), ou de tous les périphériques étiquetés .I BILIBOP si aucun argument n'est fourni, pour mettre à jour leurs propriétés udev. Cela peut être utilisé chaque fois que les variables BILIBOP_RULES_* correspondantes sont modifiées dans le fichier .BR bilibop.conf (5), pour appliquer les nouveaux paramètres sans avoir à redémarrer le système d'exploitation. .TP .B \-h Affiche une page d'aide sur la sortie standard et quitte. .TP .B \-i Affiche certaines propriétés .BR udev (7) utiles de périphérique(s) donné(s) en argument(s) (s'ils sont étiquetés .IR BILIBOP ), ou de tous les périphériques étiquetés .I BILIBOP si aucun argument n'est fourni. Cette option écrase les options \-a et \-c. .IP Les propriétés suivantes sont données à titre d'information. Les deux dernières ne sont définies que si .B udisks 1.x (ID_DRIVE_DETACHABLE) et/ou .B udisks 2.x (UDISKS_CAN_POWER_OFF) sont installés. .IP DEVNAME .br BILIBOP_DISK .br BILIBOP_PARTITION .br BILIBOP_UNDERLYING_PARTITION .br DEVLINKS .IP ID_DRIVE_DETACHABLE .br UDISKS_CAN_POWER_OFF .IP Les propriétés suivantes peuvent être utilisées pour paramètrer les variables BILIBOP_RULES_*_WHITELIST et d'autres dans .BR bilibop.conf (5): .IP ID_FS_LABEL .br ID_FS_TYPE .br ID_FS_USAGE .br ID_FS_UUID .IP Les propriétés suivantes peuvent être modifiées en changeant la valeur des variables BILIBOP_RULES_* correspondantes dans .BR bilibop.conf (5). Elles ne sont définies que si .B udisks 1.x (pour le premier jeu) et/ou .B udisks 2.x (pour le second jeu) sont installés. .IP UDISKS_PRESENTATION_HIDE .br UDISKS_PRESENTATION_ICON_NAME .br UDISKS_PRESENTATION_NAME .br UDISKS_SYSTEM_INTERNAL .IP UDISKS_IGNORE .br UDISKS_ICON_NAME .br UDISKS_NAME .br UDISKS_SYSTEM .TP .B \-l Liste les périphériques sans se fier à l'étiquette \(aqBILIBOP\(aq. Cette option s'appuie sur la bibliothèque de fonctions shell du paquet .IR bilibop-common . .SH ERREURS Si l'étiquette \(aqBILIBOP\(aq n'existe pas dans la base de données de udev, alors .B lsbilibop affiche un message d'erreur pratique sur la sortie standard des erreurs, et liste les nœuds dont le contenu est supposé être écrit sur le même disque physique que la racine du système (comme avec l'option \-l). Le code de sortie est 8. .SH FICHIERS /etc/bilibop/bilibop.conf .br /usr/share/doc/bilibop\-rules/examples/bilibop.conf .br /usr/share/bilibop/bilibop_rules_generator .br /lib/udev/rules.d/66\-bilibop.rules .br /etc/udev/rules.d/66\-bilibop.rules .SH VOIR AUSSI .BR bilibop (7), .BR bilibop.conf (5), .BR drivemap (1), .BR udev (7), .BR udevadm (8), .BR udisks (7), .BR udisks (8) .SH AUTEUR Cette page de manuel a été traduite de l'anglais par Alexandre Martin dans le cadre du projet bilibop. bilibop-0.4.20/usr/share/man/man8/lockfs_mount_helper.80000644000000000000000000000665512165414757017617 0ustar .TH LOCKFS_MOUNT_HELPER 8 2012\-05\-29 bilibop "System Administration" .SH NAME mount.lockfs \- helper script for the mount command .SH SYNOPSIS .B mount.lockfs .I FILESYSTEM .I MOUNTPOINT .B \-o .I MOUNTOPTIONS .SH DESCRIPTION .B /sbin/mount.lockfs is a symlink to .IR /lib/bilibop/lockfs_mount_helper . It is used as an helper program by the .BR mount (8) command for the .RB \(aq lockfs \(aq filesystem type entries in .IR /etc/fstab . This script cannot be run manually, and fails if the root filesystem is not already managed by .BR bilibop-lockfs . The expected way to run it and how it does its job are the followings: .IP 1. 3 Enable .BR bilibop\-lockfs : set the BILIBOP_LOCKFS variable to .I true in .BR bilibop.conf (5) and reboot the computer; or reboot the computer and append the .RB \(aq lockfs \(aq kernel parameter to the boot commandline. .IP 2. One time the future \(aq/\(aq is set as an .BR aufs (5) mountpoint from into the initramfs environment, the temporary and writable .BR fstab (5) on it is modified to replace filesystem types of some entries by .RB \(aq lockfs \(aq. Options are also modified to remember the original fstype. .IP 3. One time the aufs mountpoint is the new root filesystem, initscripts are executed: .BR fstab (5) is parsed by .RB \(aq mount .BR \-a \(aq, and then .BR mount (8) calls .I mount.lockfs with the proper arguments when a .RB \(aq lockfs \(aq fstype is encountered. .IP 4. .B mount.lockfs parses arguments and checks if the filesystem has been whitelisted in .BR bilibop.conf (5), or not. If it is the case, the filesystem is mounted normally and the fstab entry is modified to reflect the actual mount call. If neither the filesystem nor the mountpoint have been whitelisted, then the filesystem is mounted elsewhere and readonly, a temporary filesystem is mounted with proper options, size, permissions and ownership, and an aufs is mounted on the .I MOUNTPOINT given as argument with the lower/readonly and upper/writable branches previously set. The fstab entry is replaced by three lines reflecting the actual mount calls. If something fails, .B mount.lockfs acts as if the filesystem was whitelisted. See .I /usr/share/doc/bilibop\-lockfs/README.Debian for details. .SH OPTIONS .B lockfs_mount_helper uses options and arguments as they are given by .BR mount (8) after it has parsed the corresponding .BR fstab (5) entry. So, options and arguments are mandatory and come in the following order: .TP .I FILESYSTEM Corresponding to the first field in fstab. This must be a block device, or a symlink to a block device. If this field is given with one of the .B UUID=* or .B LABEL=* formats, then the mount command translates it to the corresponding device name before to call the helper program. .TP .I MOUNTPOINT Corresponding to the second field in fstab. .TP .I \-o MOUNTOPTIONS Corresponding to the fourth field in fstab. The mount options are parsed by the helper script: if .B fstype=* is encountered, it is removed from the options and used to mount the readonly branch with this filesystem type. If .BR ro , .BR noexec , .B nosuid or .B nodev options are encountered, they are added to the list of mount options of the writable branch. .SH FILES /etc/fstab .br /lib/bilibop/lockfs_mount_helper .br /usr/share/doc/bilibop\-lockfs/README.Debian .SH SEE ALSO .BR aufs (5), .BR bilibop (7), .BR bilibop.conf (5), .BR fstab (5), .BR mount (8) .SH AUTHOR This manual page has been written by Bilibop Project . bilibop-0.4.20/usr/share/man/man5/0000755000000000000000000000000012244305157013434 5ustar bilibop-0.4.20/usr/share/man/man5/bilibop.conf.fr.50000644000000000000000000004745012244305143016501 0ustar .TH BILIBOP.CONF 5 2013\-11\-24 bilibop "Bilibop Project" .SH NOM bilibop.conf \- fichier de configuration des paquets bilibop .SH SYNOPSIS /etc/bilibop/bilibop.conf .SH DESCRIPTION .B bilibop.conf est le fichier de configuration des paquets .B bilibop\-* qui sont prévus pour être utilisés sur des systèmes tournant depuis un périphérique externe et modifiable (USB, FireWire, MMC, eSATA). Il est composé de paires .BR VARIABLE = VALEUR où .B VARIABLE est une chaîne commençant par .RI \(aq BILIBOP_ \(aq, et .B VALEUR doit être entourée de guillemets si elle contient des caractères d'espacement (espaces ou tabulations). Les espaces autour du signe égal (=) ne sont pas permis. Les lignes vides ou celles commençant par un signe dièse (#) sont ignorées. .PP Les options de configuration valides peuvent être divisées en sections \(aqcommune\(aq et \(aqspécifiques\(aq, comme suit: .SH VARIABLES COMMUNES .SS BILIBOP_COMMON_BASENAME Cette variable définit le nom des sous\-répertoires (ou d'un lien symbolique) propres à bilibop qui seront créés dans .I /dev et .I /run au moment du démarrage, depuis l'environnement du disque mémoire initial (initramdisk) ou depuis le système en cours d'éxécution. Si elle est vide ou non définie, sa valeur sera .RI \(aq bilibop \(aq. Si vous la modifiez, vous devez prendre garde que certains liens symboliques ou réglages personnels de votre système reflètent correctement cette nouvelle valeur. Au minimum, si .B bilibop\-rules est installé, vous devriez exécuter les scripts d'aide fournis par ce paquet, soit à la main, soit avec .RB \(aq dpkg\-reconfigure .BR bilibop\-rules \(aq. Donc ce n'est peut\-être pas une bonne idée de la modifier. .PP Par défaut, la valeur de cette variable n'est pas fixée. .SH VARIABLES SPÉCIFIQUES À BILIBOP\-LOCKFS .SS BILIBOP_LOCKFS Cette variable définit le comportement principal du script initramfs .IR bilibop\-lockfs . Sa valeur est de type booléen: .PP Si elle est fixée à .IR false , le système démarrera normalement, et les autres variables BILIBOP_LOCKFS_* seront ignorées, à l'exception de .BR BILIBOP_LOCKFS_NOTIFY_POLICY . Si elle est fixée à .IR true , le script initramfs déplacera le système de fichiers racine du système vers un point de montage utilisé comme branche inférieure et accessible en lecture seule d'un point de montage .BR aufs (5) utilisé lui\-même comme racine du système. Après quoi le fichier temporaire et accessible en écriture .I /etc/fstab sera modifié pour préparer les autres systèmes de fichiers à être montés comme branches non modifiables d'autres systèmes de fichiers aufs. .PP Si cette variable ne vaut rien ou vaut n'importe quoi d'autre, une heuristique sera utilisée pour la fixer à .I true ou .IR false , ceci dépendant de l'attribut \(aqremovable\(aq (amovible) du disque dans sysfs, sachant que généralement les clés USB sont vues comme media amovibles .RI ( true ), et les disques durs externes sont vus comme media non amovibles .RI ( false ). .PP Dans tous les cas, la valeur de cette variable peut être écrasée depuis la ligne de commande de démarrage en ajoutant .RB \(aq lockfs \(aq ou .RB \(aq nolockfs \(aq aux paramètres du noyau. Cependant, si le périphérique est verrouillé physiquement par un commutateur, cela sera detecté et les paramétrages précédents seront écrasés pour fixer .B BILIBOP_LOCKFS à .IR true . .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_LOCKFS_POLICY Cette variable definit un niveau additionnel de verrouillage (\(aqlock\(aq) à activer ou non. Sa valeur peut être écrasée depuis la ligne de commande de démarrage avec .RB \(aq lockfs=hard \(aq ou .RB \(aq lockfs=soft \(aq. .IP \(bu 2 .I soft .br Les branches inférieures des systèmes de fichiers .BR aufs (5) utiliseront l'option .RB \(aq ro \(aq (readonly). Ensuite, ces systèmes de fichiers accessibles en lecture seule peuvent être remontés manuellement comme accessibles en lecture\-écriture pour permettre à l'administratrice d'y sauvegarder certains changements. Ce genre d'action est fortement découragé ici, mais reste possible si vous savez VRAIMENT ce que vous faites; autrement, cela peut mener à des résultats inattendus, dont évidemment la perte de données. .IP \(bu 2 .I hard .br Les branches inférieures des points de montage aufs utiliseront l'option .RB \(aq rr \(aq (real readonly); aufs utilise cette option pour optimiser certaines opérations internes. De plus, les périphériques bloc correspondants seront eux aussi paramètrés comme accessibles en lecture seule en utilisant .B read_only_volume_list dans .BR lvm.conf (5) pour les Volumes Logiques, ou .BR blockdev (8) pour les autres périphériques bloc, évitant ainsi l'accès en écriture bas niveau (même par l'administratrice) sur ces périphériques, et rendant impossible un remontage ultérieur en lecture\-écriture. .PP Si cette variable ne vaut rien ou vaut n'importe quoi d'autre, sa valeur retombera à .IR hard . Cependant, si le périphérique est verrouillé physiquement, les paramétrages précédents seront écrasés et la politique .I hard sera automatiquement appliquée. .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_LOCKFS_WHITELIST Une fois que le système de fichiers racine est verrouillé comme branche inférieure accessible en lecture seule d'un point de montage pour aufs, le fichier .I /etc/fstab est modifié sur la branche supérieure et accessible en lecture\-écriture, pour verrouiller de la même façon tous les autres systèmes de fichiers locaux. Cette variable offre la possibilité d'éviter ce mécanisme pour certains points de montage: il s'agit d'une liste de points de montage ou de noms de périphériques (tels que connus dans .BR fstab (5)) ou encore de lexèmes (\(aqtokens\(aq) de la forme .BR UUID = fsuuid , .BR LABEL = fslabel ou .BR TYPE = fstype séparés par des espaces. Si l'étiquette (LABEL) d'un système de fichiers contient elle\-même des espaces, remplacez\-les par des tirets bas (_), comme donnés par la sortie des commandes .RB \(aq udevadm info \-\-query property \-\-name .IR PÉRIPHÉRIQUE \(aq ou .RB \(aq blkid \-o udev \-p .IR PÉRIPHÉRIQUE \(aq pour les variables .IR ID_FS_UUID , .I ID_FS_LABEL et .IR ID_FS_TYPE . Notez que lister ici un point de montage, un nom de périphérique ou n'importe quel lexème qui correspond littéralement à une entrée du fichier fstab fait que le périphérique est filtré au niveau du script initramfs, ce qui est plus rapide. Autrement, .BR mount.lockfs (8) cherchera à partir des métadonnées du périphérique s'il doit le sauter ou pas. .PP Notez aussi qu'il est possible d'écraser (et de vider) la valeur de cette variable en ajoutant .RB \(aq lockfs=all \(aq sur la ligne de commmande de démarrage. Cela est fait automatiquement quand le périphérique est verrouillé physiquement. Au contraire, pour ajouter des points de montage à cette liste blanche depuis la ligne de commande du démarrage, il est aussi possible d'utiliser une option de la forme .RB \(aq lockfs=\-/foobar \(aq, où .I /foobar est le point de montage à ne pas verrouiller; notez qu'il est précédé d'un signe moins .RB ( \- ). .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_LOCKFS_SIZE Par défaut, .B bilibop\-lockfs alloue la moitié de la taille de la mémoire vive (ou TPMFS_SIZE si cette variable est initialisée dans .IB /etc/default/tmpfs ) pour chaque branche supérieure d'un système de fichiers verrouillé. Il est possible d'écraser cette valeur pour certains points de montage dans une liste de paires .BR /point/de/montage = taille séparées par des espaces. Les tailles peuvent être absolues (suffixées par k, K, m, M, g ou G), ou relatives à la quantité totale de mémoire RAM (et suffixées par %). La taille allouée à la racine du système peut être fixée ici aussi, mais peut être écrasée depuis la ligne de commade de démarrage avec le paramètre .RB \(aq lockfs = taille \(aq. .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_LOCKFS_SWAP_POLICY Cette variable définit la politique d'utilisation des périphériques d'échange (swap) listés dans .I /etc/fstab (et optionnellement dans .IR /etc/crypttab ). Generalement, il n'y a pas de sens a paramètrer un espace d'échange sur de la mémoire flash, mais cela peut se faire sur des disques durs externes USB, FireWire ou eSATA. Cinq politiques sont disponibles: .IP \(bu 2 .I soft .br Rien n'est modifié: les lignes dans .BR fstab (5) et .BR crypttab (5) sont conservées telles quelles. .IP \(bu 2 .I hard .br Les entrées relatives aux périphériques \(aqswap\(aq sont désactivées (commentées) dans fstab et crypttab. .IP \(bu 2 .I noauto .br Le mot\-clé .RI \(aq noauto \(aq est ajouté à la liste des options relatives aux périphériques \(aqswap\(aq dans fstab et crypttab. Cela signifie que ces périphériques peuvent être activés manuellement avec .BR swapon (8). .IP \(bu 2 .I crypt .br Les entrées relatives aux périphériques \(aqswap\(aq chiffrés sont conservées, les autres sont désactivées. .BR ATTENTION : cette option ne fait pas de distinction entre les périphériques swap chiffrés avec une clef aléatoire (et dont le contenu est irrécupérable après l'arrêt du système) et ceux dont le contenu est écrit en clair sur un Volume Logique faisant lui-même partie d'un Groupe de Volumes chiffré. .IP \(bu 2 .I random .br Les entrées relatives aux périphériques \(aqswap\(aq chiffrés avec une clef aléatoire sont conservées, les autres sont désactivées. .PP Si BILIBOP_LOCKFS_SWAP_POLICY n'est pas fixée à une valeur connue, elle retombera à .I crypt ou .IR hard . Cela dépend de l'attribut \(aqremovable\(aq (amovible) du disque dans sysfs: pour les media vus comme amovibles (clés USB), la politique est de ne pas utiliser du tout de périphérique d'échange .RI ( hard policy). Notez que dans tous les cas, l'utilisation de \(aqswap\(aq peut être désactivée depuis la ligne de commande de démarrage avec le paramètre noyau .IR noswap , qui n'est pas une option de démarrage spécifique à .BR bilibop (7), mais fixe la valeur de BILIBOP_LOCKFS_SWAP_POLICY à .IR hard . C'est aussi le cas si le script détecte que le périphérique est verrouillé physiquement. .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_LOCKFS_NOTIFY_POLICY Cette variable définit à quelles conditions une notification doit être envoyée à l'utilisatrice pour lui signifier que des systèmes de fichiers sont ou non verrouillés. De telles notifications peuvent être envoyées aussi bien au démarrage du système (nécessite que le paquet .B plymounth soit installé) qu'au lancement d'une session de bureau (nécessite que le paquet .B libnotify\-bin soit installé). Ce qui suit décrit les notifications de bureau; les messages de .BR plymouth (8) sont moins bavards. Quatre politiques sont disponibles: .IP \(bu 2 .I always .br C'est la valeur de secours quand la variable vaut autre chose que .IR never , .I lockfs ou .IR nolockfs . Si la fonctionalité .B bilibop\-lockfs est désactivée, alors une notification sera envoyée pour dire que toutes les informations de la session peuvent être écrites sur le disque. Si la fonctionnalité est activée, une notification sera envoyée pour dire que toutes les modifications faites sous les points de montage aufs (listés) seront perdues à l'arrêt du système. Si des systèmes de fichiers ne sont pas verrouillés, une deuxième notification sera envoyée pour dire que leurs modifications seront conservées à l'arrêt du système. .IP \(bu 2 .I never .br Ne jamais envoyer de notification concernant le verrouillage ou non verrouillage des systèmes de fichiers. .IP \(bu 2 .I lockfs .br Si la fonctionnalité .B bilibop\-lockfs est activée, alors une notification sera envoyée pour dire que toutes les modifications faites sous les points de montage aufs (listés) seront perdues à l'arrêt du système. .IP \(bu 2 .I nolockfs .br Si la fonctionnalité .B bilibop\-lockfs est désactivée, fait la même chose que pour .IR always . Si la fonctionnalité est activée et que des systèmes de fichiers ne sont pas verrouillés, alors une notification sera envoyée pour dire que leurs modifications seront conservées après l'arrêt du système. .PP Dans tous les cas, n'importe quelle utilisatrice peut (pour sa propre session de bureau) écraser le règlage de l'administratrice en copiant .I lockfs\-notify.desktop (normalement dans .IR /etc/xdg/autostart ) dans son propre répertoire .I .config/autostart et en modifiant les lignes commençant par .B Exec= ou .BR Hidden= . Voir .BR lockfs\-notify (1) pour plus de détails. .PP Par défaut, la valeur de cette variable n'est pas fixée. .SH VARIABLES SPÉCIFIQUES À BILIBOP\-RULES Contrairement à la plupart des variables précédentes dont les modifications ne prennent effet qu'après le redémarrage du système, la plupart des variables BILIBOP_RULES_* suivantes, à l'exception notable de la première, peuvent être modifiées, et les changements immédiatement appliqués au cours de la même session en éxécutant .RB \(aq lsbilibop .BR \-c \(aq. Voir .BR lsbilibop (8). .SS BILIBOP_RULES_FAKE_DEVICE_MAP Par défaut, les règles .BR bilibop (7) construisent un fichier de style .I /boot/grub/device.map appelé .I grub\-device.map dans un sous\-répertoire de .I /run (et défini par la variable BILIBOP_COMMON_BASENAME). Le but est de mapper le périphérique amovible hébergeant le système en cours d'éxécution comme .BR (hd0) , c'est à dire comme premier disque dans la séquence de démarrage du BIOS. Pour rendre ce faux utilisable par .BR update\-grub (8), le fichier .I /boot/grub/device.map doit être remplacé par un lien symbolique pointant dessus. Si c'est le cas, mais que vous ne voulez pas construire ce faux, mais utiliser plutôt un fichier construit à la volée par .BR grub\-mkdevicemap (8), vous devez explicitement fixer cette variable à .I false (les autres valeurs n'ont aucun effet, c'est à dire ont le même effet que .IR true ). .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_RULES_SYSTEM_INTERNAL Par défaut, les règles bilibop utilisent les capacités de .B udisks (versions .B 1.x et .BR 2.x ) pour outrepasser la détection usuelle du type de bus permettant de détecter si un périphérique est considéré comme \(aqsystem internal\(aq, c'est à dire comme disque interne de l'ordinateur. Cela signifie que des privilèges d'administratrice sont nécessaires pour gérer les périphériques faisant partie du même disque que celui contenant la racine du système. Si vous n'avez pas besoin de ce comportement global, vous devez explicitement fixer cette variable à .I false (les autres valeurs n'ont aucun effet, c'est à dire ont le même effet que .IR true ). .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_RULES_SYSTEM_INTERNAL_WHITELIST Si BILIBOP_RULES_SYSTEM_INTERNAL n'est pas \(aqfalse\(aq, toutes les partitions hébergées par le même disque que la racine du système seront considérées comme \(aqsystem internal\(aq. Pour désactiver ce comportement pour certains périphériques \(em par exemple si vous voulez qu'une partition soit montable/démontable sans privilèges \(em vous pouvez les lister ici, séparés par des espaces. Pour chaque périphérique ou groupe de périphériques, vous devez spécifier au moins un lexème de la forme .BR UUID = fsuuid , .BR LABEL = fslabel , .BR TYPE = fstype ou .BR USAGE = fsusage . Si l'étiquette (LABEL) d'un système de fichiers contient elle\-même des espaces, remplacez\-les par des tirets bas (_), comme donnés par la sortie des commandes .RB \(aq udevadm info \-\-query property \-\-name .IR PÉRIPHÉRIQUE \(aq ou .RB \(aq blkid \-o udev \-p .IR PÉRIPHÉRIQUE \(aq pour les variables .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE et .IR ID_FS_USAGE . .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_RULES_PRESENTATION_HIDE Par défaut, les règles bilibop masquent (si possible) les systèmes de fichiers contenus sur le même disque physique que la racine du système. Cela s'applique aux applications de bureau basées sur .B udisks (versions .B 1.x et .BR 2.x ). Si vous ne voulez pas masquer les volumes bilibop, vous devez explicitement fixer cette variable à .I false (les autres valeurs n'ont aucun effet, c'est à dire ont le même effet que .IR true ). .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST Si BILIBOP_RULES_PRESENTATION_HIDE n'est pas \(aqfalse\(aq, tous les volumes hébergés sur le même disque que la racine du système seront cachés à l'utilisatrice. Pour désactiver ce comportement pour certains périphériques, vous pouvez les lister ici, séparés par des espaces. Pour chaque périphérique ou groupe de périphériques, vous devez spécifier au moins un lexème de la forme .BR UUID = fsuuid , .BR LABEL = fslabel , .BR TYPE = fstype ou .BR USAGE = fsusage . Si l'étiquette (LABEL) d'un système de fichiers contient elle\-même des espaces, remplacez\-les par des tirets bas (_), comme donnés par la sortie des commandes .RB \(aq udevadm info \-\-query property \-\-name .IR PÉRIPHÉRIQUE \(aq ou .RB \(aq blkid \-o udev \-p .IR PÉRIPHÉRIQUE \(aq pour les variables .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE et .IR ID_FS_USAGE . .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_RULES_PRESENTATION_ICON Si un périphérique n'est pas caché à l'utilisatrice, il peut être montré avec une autre icône que celle par défaut. Pour chaque périphérique ou groupe de périphériques auquel vous voulez associer une autre icône, vous devez spécifier au moins une valeur de la forme .BR UUID = fsuuid : icon , .BR LABEL = fslabel : icon , .BR TYPE = fstype : icon ou .BR USAGE = fsusage : icon . Le nom de l'icône doit suivre la spécification des thèmes d'icônes de freedesktop.org. Si l'étiquette (LABEL) d'un système de fichiers contient elle\-même des espaces, remplacez\-les par des tirets bas (_), comme donnés par la sortie des commandes .RB \(aq udevadm info \-\-query property \-\-name .IR PÉRIPHÉRIQUE \(aq ou .RB \(aq blkid \-o udev \-p .IR PÉRIPHÉRIQUE \(aq pour les variables .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE et .IR ID_FS_USAGE . .PP Par défaut, la valeur de cette variable n'est pas fixée. .SS BILIBOP_RULES_PRESENTATION_NAME Si un périphérique n'est pas caché à l'utilisatrice, il peut être montré avec un autre nom que celui par défaut (généralement l'étiquette du système de fichiers). Pour chaque périphérique ou groupe de périphériques dont vous voulez modifier le nom par défaut, vous devez spécifier au moins une valeur de la forme .BR UUID = fsuuid : name , .BR LABEL = fslabel : name , .BR TYPE = fstype : name ou .BR USAGE = fsusage : name . Si l'étiquette (LABEL) d'un système de fichiers contient elle\-même des espaces, remplacez\-les par des tirets bas (_), comme donnés par la sortie des commandes .RB \(aq udevadm info \-\-query property \-\-name .IR PÉRIPHÉRIQUE \(aq ou .RB \(aq blkid \-o udev \-p .IR PÉRIPHÉRIQUE \(aq pour les variables .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE et .IR ID_FS_USAGE . .PP Par défaut, la valeur de cette variable n'est pas fixée. .SH FICHIERS /etc/bilibop/bilibop.conf .br /usr/share/doc/bilibop\-common/examples/bilibop.conf .br /usr/share/doc/bilibop\-lockfs/examples/bilibop.conf .br /usr/share/doc/bilibop\-rules/examples/bilibop.conf .SH VOIR AUSSI .BR aufs (5), .BR bilibop (7), .BR blkid (8), .BR crypttab (5), .BR fstab (5), .BR lockfs\-notify (1), .BR lsbilibop (8), .BR mount (8), .BR mount.lockfs (8), .BR notify\-send (1), .BR plymouth (8), .BR proc (5), .BR udev (7), .BR udevadm (8), .BR udisks (7), .BR udisks (8) .SH AUTEUR Cette page de manuel a été traduite de l'anglais par Alexandre Martin dans le cadre du projet bilibop. bilibop-0.4.20/usr/share/man/man5/bilibop.conf.50000644000000000000000000003702012244270663016073 0ustar .TH BILIBOP.CONF 5 2013\-11\-24 bilibop "Bilibop Project" .SH NAME bilibop.conf \- configuration file of bilibop packages .SH SYNOPSIS /etc/bilibop/bilibop.conf .SH DESCRIPTION .B bilibop.conf is the configuration file of .B bilibop\-* packages, which are intended to be used on systems running from an external and writable media (USB, FireWire, MMC, eSATA). It is composed of .BR VARIABLE = VALUE pairs, where .B VARIABLE is a string beginning by .RI \(aq BILIBOP_ \(aq, and .B VALUE must be inserted between quotes if it contains blank characters (spaces or tabulations). Spaces around the equal sign (=) are not allowed. Empty lines or lines beginning by a hash sign (#) are ignored. .PP Valid configuration options can be divided in \(aqcommon\(aq and \(aqspecific\(aq sections, as follows: .SH COMMON VARIABLES .SS BILIBOP_COMMON_BASENAME This variable defines the basename of bilibop subdirectories (or symlink) that will be created in .I /dev and .I /run at boot time, from into the initramfs environment or from into the running system. If it is empty or unset, the value will fallback to .RI \(aq bilibop \(aq. If you modify it to anything else, you have to take care that some symlinks or custom settings of your system reflect the new location. At least, if .B bilibop\-rules is installed, you should execute the helper scripts provided by this package, either by hand or with .RB \(aq dpkg\-reconfigure .BR bilibop\-rules \(aq. So, maybe it is not a good idea to modify it. .PP Default is unset. .SH BILIBOP\-LOCKFS SPECIFIC VARIABLES .SS BILIBOP_LOCKFS This variable defines the main behaviour of the .I bilibop\-lockfs initramfs script. It is a boolean: .PP If set to .IR false , the system will boot normally, and other BILIBOP_LOCKFS_* variables will be ignored, except .BR BILIBOP_LOCKFS_NOTIFY_POLICY . If set to .IR true , the initramfs script will move the normal root filesystem to another mountpoint used as the lower/readonly branch of an .BR aufs (5) mountpoint used itself as the actual root filesystem. After what the temporary and writable .I /etc/fstab file will be modified to prepare other filesystems \(em if not whitelisted \(em to be mounted as readonly branches of aufs too. .PP If empty, unset, or set to anything else, then a heuristic will be used to set it to .I true or .IR false , depending on the removable flag of the disk in the sysfs attributes, knowing that generally USB keys are seen as removable devices .RI ( true ), and USB HDDs are seen as non removable devices .RI ( false ). .PP In all cases, the value of this variable can be overridden from the boot commandline by adding .RB \(aq lockfs \(aq or .RB \(aq nolockfs \(aq to the line of kernel parameters. However, if the drive is physically locked by a switch, this will be detected and all previous settings will be overridden to set .B BILIBOP_LOCKFS as .IR true . .PP Default is unset. .SS BILIBOP_LOCKFS_POLICY This variable defines an additional \(aqlock\(aq level to be enabled or not. Its value can be overridden from the boot commandline with .RB \(aq lockfs=hard \(aq or .RB \(aq lockfs=soft \(aq. .IP \(bu 2 .I soft .br The readonly branches of .BR aufs (5) mountpoints will be set to .RB \(aq ro \(aq (readonly). Later, these readonly filesystems can be remounted manually as writable to allow root to save some changes on them. This kind of action is highly discouraged here, but is possible if you REALLY know what you do; otherwise it can lead to unexpected results, including of course data loss. .IP \(bu 2 .I hard .br The readonly branches of aufs mountpoints will be set to .RB \(aq rr \(aq (real readonly); this is used by aufs to optimize some internal operations. Additionally, the corresponding block devices will be set as readonly too by using the .B read_only_volume_list variable in .BR lvm.conf (5) for Logical Volumes, or .BR blockdev (8) for other block devices, avoiding low\-level write access to them (even by root) and avoiding the filesystems to be remounted later as writable. .PP If empty, unset, or set to anything else, the value will fallback to .IR hard . However, if the drive is physically locked, previous settings will be overridden and the .I hard policy will be automatically applied. .PP Default is unset. .SS BILIBOP_LOCKFS_WHITELIST One time the root filesystem is locked as the readonly branch of an aufs, the .I /etc/fstab file is modified on the writable branch to lock all other local filesystems as readonly branches of aufs mountpoints. This variable gives the ability to avoid the .B lockfs mechanism for some mountpoints: this is a whitespace separated list of mountpoints or device names (as known in .BR fstab (5)) or tokens of the form .BR UUID = fsuuid , .BR LABEL = fslabel or .BR TYPE = fstype . If the LABEL of a device contains spaces, replace them by underscores (_), as given by the output of .RB \(aq udevadm info \-\-query property \-\-name .IR DEVICE \(aq or .RB \(aq blkid \-o udev \-p .IR DEVICE \(aq for .IR ID_FS_UUID , .I ID_FS_LABEL and .I ID_FS_TYPE variables. Note that whitelist a mountpoint, a device name or any token matching the corresponding fstab entry makes the device is whitelisted by the initramfs script, that is faster. Otherwise, .BR mount.lockfs (8) will query metadata about the device to check if it must skip it or not. .PP Also note that it is possible to override (and blank) the value of this variable by adding .RB \(aq lockfs=all \(aq on the boot commandline. This is also automatically done when the drive is physically locked. On the contrary, to append mountpoints to this whitelist from the boot commandline, it is also possible to use an option of the form .RB \(aq lockfs=\-/foobar \(aq, where .I /foobar is the mountpoint to not lock; not that it is preceded by a minus sign .RB ( \- ). .PP Default is unset. .SS BILIBOP_LOCKFS_SIZE By default, .B bilibop\-lockfs allocates half of RAM size (or TMPFS_SIZE if set in .IR /etc/default/tpmfs ) for each aufs writable branch of a locked filesystem. It is possible to override this value for some mountpoints in a whitespace separated list of .BR mountpoint = size pairs. Sizes can be absolute (suffixed with k, K, m, M, g or G), or relative to the total amount of RAM (and suffixed with %). The size allocated to the root filesystem can be fixed here too, but can be overridden from the boot commandline with a .RB \(aq lockfs = size \(aq kernel parameter. .PP Default is unset. .SS BILIBOP_LOCKFS_SWAP_POLICY This variable defines what to do with swap devices listed in .I /etc/fstab (and optionally in .IR /etc/crypttab ). Generally, there is no sense to setup a swap device on a flash memory stick, but this can be done on USB, FireWire or eSATA HDDs. Five policies are available: .IP \(bu 2 .I soft .br Nothing is changed: lines in .BR fstab (5) and .BR crypttab (5) are kept as is. .IP \(bu 2 .I hard .br Swap entries in fstab and crypttab are disabled (commented). .IP \(bu 2 .I noauto .br The .RI \(aq noauto \(aq keyword is appended to the list of options of swap entries in fstab and crypttab. This means swap devices can be enabled manually with .BR swapon (8). .IP \(bu 2 .I crypt .br Entries about encrypted swap devices are kept as is, others are disabled. .BR ATTENTION : this option makes no difference between swap devices encrypted with a random key (and whose the content is unrecoverable after system halt) and those whose the content is written in clear on a Logical Volume being itself included in an encrypted Volume Group. .IP \(bu 2 .I random .br Entries about swap devices encrypted with a random key are kept as is, others are disabled. .PP If BILIBOP_LOCKFS_SWAP_POLICY is not set to a known value, .I crypt or .I hard are the fallbacks, depending on the removable flag of the disk in the sysfs attributes: for devices seen as removable (USB sticks), the policy is to not use swap devices at all .RI ( hard policy). Note that in all cases, swap usage can be disabled from the boot commandline with the .I noswap kernel parameter, which is not a .BR bilibop (7) specific boot option, but leads to set BILIBOP_LOCKFS_SWAP_POLICY to .IR hard . This is also the case if the script detects that the drive is physically locked. .PP Default is unset. .SS BILIBOP_LOCKFS_NOTIFY_POLICY This variable defines when to notify the user that filesystems are locked or not. Such notifications can be sent at system boot (needs .B plymouth package installed to work) as well as desktop session startup (needs .B libnotify\-bin package installed to work). What follows describes desktop notifications; .BR plymouth (8) messages are less verbose. There are four available policies: .IP \(bu 2 .I always .br This is the fallback when the variable is unset or set to something else than .IR never , .I lockfs or .IR nolockfs . If the .B bilibop\-lockfs feature is disabled, then a notification will be send to say that all information of the session can be written on the disk. If the feature is enabled, a notification will be send to say that all changes under the (listed) aufs mountpoints will be lost at shutdown. If some mountpoints have been whitelisted, a second notification will be send to say that all changes under them will be kept at shutdown. .IP \(bu 2 .I never .br Never send notification about filesystems status. .IP \(bu 2 .I lockfs .br If the .B bilibop\-lockfs feature is enabled, then a notification will be send to say that all changes under aufs mountpoints will be lost at shutdown. .IP \(bu 2 .I nolockfs .br If the .B bilibop\-lockfs feature is disabled, does the same thing as for .IR always . If the feature is enabled and some mountpoints have been whitelisted, then a notification will be send to say that all changes under them will be kept at shutdown. .PP In all cases, any user can (for its own desktop session) override the admin settings by copying .I lockfs\-notify.desktop (normally in .IR /etc/xdg/autostart ) in its own .I .config/autostart directory and by modifying the lines beginning by .B Exec= or .BR Hidden= . See .BR lockfs\-notify (1) for details. .PP Default is unset. .SH BILIBOP\-RULES SPECIFIC VARIABLES Unlike the previous variables whose modifications take effect only after the system has been rebooted, most of the following BILIBOP_RULES_* variables \(em except the first one \(em can be modified, and the changes applied during a same session by running .RB \(aq lsbilibop .BR \-c \(aq. See .BR lsbilibop (8). .SS BILIBOP_RULES_FAKE_DEVICE_MAP By default, .BR bilibop (7) rules build a .I /boot/grub/device.map style\-file named .I grub\-device.map in the bilibop subdirectory in .I /run (defined by the BILIBOP_COMMON_BASENAME variable). The goal is to map the removable device hosting the running system as .BR (hd0) , i.e. as the first disk in the BIOS boot sequence. To make this faked map usable by .BR update\-grub (8), the file .I /boot/grub/device.map must be replaced by a symlink to it. If it is the case, but you don't want to build this map, and then use a real map built on the fly by .BR grub\-mkdevicemap (8), explicitly set this to .I false (all other values have no effect, i.e. have the same effect than .IR true ). .PP Default is unset. .SS BILIBOP_RULES_SYSTEM_INTERNAL By default, bilibop rules use .B udisks (both versions .B 1.x and .BR 2.x ) facilities to override the usual bus type detection of whether a device is considered \(aqsystem internal\(aq. This means root privileges will be needed to manage devices hosted by the same disk than the root filesystem. If you don't need this global behaviour, explicitly set this to .I false (all other values have no effect, i.e. have the same effect than .IR true ). .PP Default is unset. .SS BILIBOP_RULES_SYSTEM_INTERNAL_WHITELIST If BILIBOP_RULES_SYSTEM_INTERNAL is not \(aqfalse\(aq, all partitions hosted on the same disk than the root filesystem will be considered as \(aqsystem internal\(aq. To disable this behaviour for only some devices \(em for example if you want a partition mountable/unmountable without needs of root privileges \(em you can list them here, separated by spaces. For each device or group of devices, you must specify at least one token of the form .BR UUID = fsuuid , .BR LABEL = fslabel , .BR TYPE = fstype or .BR USAGE = fsusage . If the LABEL of a device contains spaces, replace them by underscores (_), as given by the output of .RB \(aq udevadm info \-\-query property \-\-name .IR DEVICE \(aq or .RB \(aq blkid \-o udev \-p .IR DEVICE \(aq for .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE and .I ID_FS_USAGE variables. .PP Default is unset. .SS BILIBOP_RULES_PRESENTATION_HIDE By default, bilibop rules hide (if possible) the filesystems contained on the same physical hard disk or memory stick than the root filesystem. This applies to desktop applications based on .B udisks (both versions .B 1.x and .BR 2.x ). If you don't want to hide the bilibop volumes, explicitly set this to .I false (all other values have no effect, i.e. have the same effect than .IR true ). .PP Default is unset. .SS BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST If BILIBOP_RULES_PRESENTATION_HIDE is not \(aqfalse\(aq, all volumes hosted on the same disk than the root filesystem will be hidden to the user. To disable this behaviour for only some devices, you can list them here, separated by spaces. For each device or group of devices, you must specify at least one token of the form .BR UUID = fsuuid , .BR LABEL = fslabel , .BR TYPE = fstype or .BR USAGE = fsusage . If the LABEL of a device contains spaces, replace them by underscores (_), as given by the output of .RB \(aq udevadm info \-\-query property \-\-name .IR DEVICE \(aq or .RB \(aq blkid \-o udev \-p .IR DEVICE \(aq for .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE and .I ID_FS_USAGE variables. .PP Default is unset. .SS BILIBOP_RULES_PRESENTATION_ICON If a device is not hidden, it can be shown to the user with another icon than the default one. For each device or group of devices you want to change the default icon, you must specify at least one token of the form .BR UUID = fsuuid : icon , .BR LABEL = fslabel : icon , .BR TYPE = fstype : icon or .BR USAGE = fsusage : icon . The icon name must follow the freedesktop.org icon theme specification. If the LABEL of a device contains spaces, replace them by underscores (_), as given by the output of .RB \(aq udevadm info \-\-query property \-\-name .IR DEVICE \(aq or .RB \(aq blkid \-o udev \-p .IR DEVICE \(aq for .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE and .I ID_FS_USAGE variables. .PP Default is unset. .SS BILIBOP_RULES_PRESENTATION_NAME If a device is not hidden, it can be shown to the user with another name than the default one (generally the label of the filesystem). For each device or group of devices you want to change the default name, you must specify at least one token of the form .BR UUID = fsuuid : name , .BR LABEL = fslabel : name , .BR TYPE = fstype : name or .BR USAGE = fsusage : name . If the LABEL of a device contains spaces, replace them by underscores (_), as given by the output of .RB \(aq udevadm info \-\-query property \-\-name .IR DEVICE \(aq or .RB \(aq blkid \-o udev \-p .IR DEVICE \(aq for .IR ID_FS_UUID , .IR ID_FS_LABEL , .I ID_FS_TYPE and .I ID_FS_USAGE variables. .PP Default is unset. .SH FILES /etc/bilibop/bilibop.conf .br /usr/share/doc/bilibop\-common/examples/bilibop.conf .br /usr/share/doc/bilibop\-lockfs/examples/bilibop.conf .br /usr/share/doc/bilibop\-rules/examples/bilibop.conf .SH SEE ALSO .BR aufs (5), .BR bilibop (7), .BR blkid (8), .BR crypttab (5), .BR fstab (5), .BR lockfs\-notify (1), .BR lsbilibop (8), .BR mount (8), .BR mount.lockfs (8), .BR notify\-send (1), .BR plymouth (8), .BR proc (5), .BR udev (7), .BR udevadm (8), .BR udisks (7), .BR udisks (8) .SH AUTHOR This manual page has been written by Bilibop Project . bilibop-0.4.20/usr/bin/0000755000000000000000000000000012244300427011462 5ustar bilibop-0.4.20/usr/bin/lockfs-notify0000644000000000000000000001165212165414757014217 0ustar #!/bin/sh # /usr/bin/lockfs-notify # # Notify the user that changes on filesystems are allowed or not. This script # should be called from /etc/xdg/autostart/bilibop-lockfs.desktop or something # like, but can be run manually too. # TODO: translations and gettext support. PATH="/bin:/usr/bin" short_usage() { cat <&2 exit 1 fi # This admin's defined behaviour can be overriden from the commandline. # This can be useful for the user (by copying lockfs-notify.desktop from # /etc/xdg/autostart to ~/.config/autostart, and modifying the 'Exec=' # line, or setting 'Hidden=true') while true do case "${1}" in -a|always) BILIBOP_LOCKFS_NOTIFY_POLICY="always" shift ;; -h|--help) usage exit 0 ;; -l|--lockfs) BILIBOP_LOCKFS_NOTIFY_POLICY="lockfs" shift ;; -n|--nolockfs) BILIBOP_LOCKFS_NOTIFY_POLICY="nolockfs" shift ;; -t|--expire-time) if echo "${2}" | grep -q '^[0-9]\+$' then EXPIRE_TIME="${2}" [ ${2} -lt 1000 ] && EXPIRE_TIME="0" else EXPIRE_TIME="-1" fi shift 2 ;; --) break ;; *) unknown_argument "${arg}" >&2 short_usage >&2 exit 1 ;; esac done # If this script is not called in a graphical environment, nothing to do: if [ -z "${DISPLAY}" ] then echo "${0##*/}: no DISPLAY found." >&2 exit 99 else case "$(tty)" in ${udev_root}/console|${udev_root}/tty?*) echo "${0##*/}: must be run from X." >&2 exit 99 ;; esac fi # If the tool to send notification is missing, nothing else to do: if [ ! -x /usr/bin/notify-send ] then echo "${0##*/}: '/usr/bin/notify-send' not found: you should install 'libnotify-bin'." >&2 exit 2 fi locked= unlocked= perm_or_temp_fs= this_fs= # 1. bilibop-lockfs is disabled: if ! is_aufs_mountpoint -q / && [ ! -f "${BILIBOP_RUNDIR}/lock" ] then case "${BILIBOP_LOCKFS_NOTIFY_POLICY}" in always|nolockfs) notify-send ${EXPIRE_TIME:+--expire-time=${EXPIRE_TIME}} \ --urgency="normal" \ --icon="changes-allow" \ "bilibop-lockfs is disabled" \ "All informations about the actual\nsession can be written on the disk." ;; esac # Nothing else to do: exit 0 fi # 2. bilibop-lockfs is enabled # 2.1. Send notification for locked fs: case "${BILIBOP_LOCKFS_NOTIFY_POLICY}" in always|lockfs) for fs in $(aufs_mountpoints) do locked="${locked:+${locked}, }'${fs}'" done if [ -z "${locked}" ] then notify-send \ --urgency="critical" \ --icon="error" \ "*** BILIBOP LOCKFS - ERROR ***" \ "Unknown error" exit 3 elif echo "${locked}" | grep -q ', ' then locked="$(echo ${locked} | sed "s;, \('/[^,' ]\+'\)$; and \1 are;")" perm_or_temp_fs="volatile filesystems" this_fs="these filesystems" else locked="${locked} is" perm_or_temp_fs="a volatile filesystem" this_fs="this filesystem" fi notify-send ${EXPIRE_TIME:+--expire-time=${EXPIRE_TIME}} \ --urgency="normal" \ --icon="changes-prevent" \ "bilibop-lockfs is enabled" \ "${locked} mounted as ${perm_or_temp_fs} (aufs).\nAll changes on ${this_fs} will be lost at shutdown." ;; esac # 2.1. Send notification for non-locked fs: case "${BILIBOP_LOCKFS_NOTIFY_POLICY}" in always|nolockfs) BILIBOP_DISK="$(physical_hard_disk /)" for fs in $(grep '^/' /proc/mounts | grep -v '^[^ ]\+\s/aufs/' | sed 's;^[^ ]\+\s\(/[^ ]*\)\s.*;\1;') do [ "$(physical_hard_disk ${fs})" = "${BILIBOP_DISK}" ] && unlocked="${unlocked:+${unlocked}, }'${fs}'" done if [ -z "${unlocked}" ] then exit 0 elif echo "${unlocked}" | grep -q ', ' then unlocked="$(echo ${unlocked} | sed "s;, \('/[^,' ]\+'\)$; and \1 are;")" perm_or_temp_fs="persistent filesystems" this_fs="these filesystems" else unlocked="${unlocked} is" perm_or_temp_fs="a persistent filesystem" this_fs="this filesystem" fi notify-send ${EXPIRE_TIME:+--expire-time=${EXPIRE_TIME}} \ --urgency="normal" \ --icon="changes-allow" \ "bilibop-lockfs whitelist" \ "${unlocked} mounted as ${perm_or_temp_fs}.\nAll changes on ${this_fs} will be kept at shutdown." esac bilibop-0.4.20/usr/bin/drivemap0000644000000000000000000001453612244300427013225 0ustar #!/bin/sh # /usr/bin/drivemap # Show block devices in a tree of dependencies. # Works fine with: #!/bin/bash #!/bin/dash #!/bin/busybox sh #!/usr/lib/klibc/bin/sh.shared # So, /bin/sh can be a link to /bin/bash, /bin/dash, /bin/busybox or even # /usr/lib/klibc/bin/sh.shared PATH="/bin:/usr/bin" PROG="${0##*/}" DEBUG="false" _drive_="false" _backing_file_="false" _info_="false" _mark_="false" _dm_name_="false" _mountpoint_="false" _set_x_="false" _width_="70" [ -z "${COLUMNS}" ] && COLUMNS="$(stty size | sed 's,.*\s\([[:digit:]]\+\)$,\1,')" && export COLUMNS FILE="" ALREADY_DONE="" _opts_="" . /lib/bilibop/drivemap.sh _drivemap_initial_indent short_usage() { cat <&2 exit 1 fi # Now we can analyse the result. Some options will be stored into the '_opts_' # variable, for the case we have to run this script from inside itself (this # will be the case if the -a or --all option is invoked; see below). while true do case "${1}" in --debug) DEBUG="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -d|--drive) _drive_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -f|--backing-file) _backing_file_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -h|--help) usage exit 0 ;; -i|--info) _info_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -m|--mark) _mark_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -n|--dm-name) _dm_name_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -p|--mountpoint) _mountpoint_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; -w|--width) echo "${2}" | grep -q '^[1-9][0-9]\+$' && _width_="${2}" || _width_="${COLUMNS}" [ ${_width_} -gt ${COLUMNS} ] && _width_="${COLUMNS}" _opts_="${_opts_:+${_opts_} }-w${_width_}" shift 2 ;; -x|--set-x) _set_x_="true" _opts_="${_opts_:+${_opts_} }${1}" shift ;; --) shift break ;; *) unknown_argument "${1}" >&2 short_usage >&2 exit 1 ;; esac done ${DEBUG} && echo "${ARGS}" >&2 ${_set_x_} && set -x # Now we can analyse argument(s) that are not options (not beginning with a # dash '-'). for arg do if [ -e "${arg}" ] then FILE="${arg}" [ -b "${DEVICE}" ] && break if [ -b "${FILE}" ] then DEVICE="$(readlink -f ${FILE})" else DEVICE="$(underlying_device_from_file ${FILE})" fi # We use the first existing argument. All others (previous # bad arguments and next arguments) are silently discarded break fi done # Now, if there was at least one argument but all were rejected as non # existing, display an error message about each bad argument and exit. if [ ! -e "${FILE}" -a -n "$*" ] then for arg do unknown_argument "${arg}" >&2 done echo "Nothing to do. Exit." >&2 exit 1 fi # If the --mark option is invoked but no FILE is given as argument, mark # the device of the current working directory: if [ "${_mark_}" = "true" ] then [ -e "${FILE}" ] || export DEVICE="$(underlying_device_from_file ${PWD})" fi # If the --mountpoint option is invoked, we need to know the length of # the longest mountpoint string; the shortest being / with length = 1. if [ "${_mountpoint_}" = "true" -a -z "${length}" ] then export length="$(_drivemap_max_mp_length)" fi # If no DEVICE, DIR or FILE has been given as argument, process on all known # disks: if [ ! -e "${FILE}" ] then for dev in /sys/block/* do node="${dev##*/}" case "${node}" in loop*|dm-*|ram*) # Avoid duplicates: all associated loop devices # and each dm device are underlyed by a disk # node in last instance. continue ;; esac # For each whole disk, run the same command with the same # options. ${0} ${_opts_} "${udev_root}/${node}" [ "${_drive_}" = "true" ] || echo done exit $? fi # Begin by finding the base device, i.e the disk hosting the file (or '/' if # $file is empty). readonly DRIVE="$(physical_hard_disk ${FILE})" [ -b "${DRIVE}" ] || exit 127 # Output the name of the disk hosting the file given as argument, and # optionally some extra information (disk identifier and size) on the # same line: _drivemap_whole_disk "${DRIVE}" # Otherwise, for the case there is a CD into the CD drive, and for the # case the whole disk is used as container for a filesystem, RAID array, # PhysicalVolume, etc. [ -n "${ID_FS_USAGE}" ] && _drivemap_whole_disk_fs "${DRIVE}" # If we have not explicitly asked to show how the disk is divided, nothing # else to do. [ "${_drive_}" = "true" ] && exit 0 # If the disk is associated to a loop device: _drivemap_loopback_device "${DRIVE##*/}" # Otherwise, verify if the whole disk is not a LUKS, RAID or LVM # container: _drivemap_dmdevice_holder "${DRIVE##*/}" # If the disk is not partitioned (this is the case for optical media, and # sometimes for USB sticks), nothing else to do: [ "$(echo ${DRIVE}?*)" != "${DRIVE}?*" ] || exit 0 # Now we can process with the primary partitions. If we encounter logical # partitions, they will be treated as subdevices of the extended one, and # so they can appear differently from their numerical order. This can give: # part1, part2(part5, part6, part7), part3... _drivemap_primary_partitions "${DRIVE}" # That's all bilibop-0.4.20/debian/0000755000000000000000000000000012252356421011327 5ustar bilibop-0.4.20/debian/bilibop-udev.postinst0000644000000000000000000000254512244114406015517 0ustar #!/bin/sh set -e belongs_to_floppy_group() { stat -c %G ${1}* | grep -q '^floppy$' } case "${1}" in configure) . /lib/bilibop/common.sh get_udev_root # Be sure the needed virtual filesystems are mounted, and udev is # running; or do nothing: if [ -h /proc/mounts -a -d /sys/block -a -c ${udev_root}/null ] && invoke-rc.d udev status >${udev_root}/null 2>&1 && BILIBOP_DISK="$(physical_hard_disk /)" && query_sysfs_attrs ${BILIBOP_DISK} | grep -Eq '^[[:blank:]]*SUBSYSTEMS=="(usb|firewire|memstick|mmc)"'; then # Trigger uevents for the disk hosting the root filesystem and its # partitions: udevadm trigger --sysname-match=${BILIBOP_DISK##*/}* udevadm settle # But it can happen that this doesn't work and new rules must be # explicitly loaded before triggering uevents: if belongs_to_floppy_group ${BILIBOP_DISK}; then udevadm control --reload-rules udevadm trigger --sysname-match=${BILIBOP_DISK##*/}* udevadm settle if belongs_to_floppy_group ${BILIBOP_DISK}; then [ -f /etc/udev/rules.d/66-bilibop.rules ] || exit 2 fi fi fi ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/bilibop-rules.postrm0000644000000000000000000000615212244746332015356 0ustar #!/bin/sh set -e # Source debconf library: . /usr/share/debconf/confmodule global_filter_is_supported() { local version="$(dpkg -l lvm2 | awk '/^ii/ {print $3}')" dpkg --compare-versions ${version} ge 2.02.98 } case "${1}" in purge) # Remove custom rules: rm -f /etc/udev/rules.d/66-bilibop.rules # Restore GRUB device.map DEVICE_MAP="/boot/grub/device.map" if [ -f "${DEVICE_MAP}.bak" -o -h "${DEVICE_MAP}.bak" ]; then rm -f ${DEVICE_MAP} mv ${DEVICE_MAP}.bak ${DEVICE_MAP} fi # Comment bilibop-rules specific configuration variables in # the common bilibop config file: CONFIGFILE="/etc/bilibop/bilibop.conf" if grep -Eqs '^[[:blank:]]*BILIBOP_RULES(_[A-Z]+)+=' ${CONFIGFILE}; then sed -Ei 's,^\s*BILIBOP_RULES(_[A-Z]+)+=,#&,' ${CONFIGFILE} fi # Reset some LVM settings to what they were before the installation of # this package, but if, and only if lvm.conf has been modified through # debconf (during installation or with 'dpkg-reconfigure bilibop-rules') LVMCONF="/etc/lvm/lvm.conf" lvm_variables="obtain_device_list_from_udev filter" global_filter_is_supported && lvm_variables="${lvm_variables} global_filter" db_get bilibop-rules/physical_volumes_filter/system-only if [ -f "${LVMCONF}" -a "${RET}" = "true" ]; then for lvmvar in ${lvm_variables}; do db_get bilibop-rules/physical_volumes_filter/${lvmvar} if [ -n "${RET}" ] && grep -q "^[[:blank:]]*${lvmvar}[[:blank:]]*=" ${LVMCONF}; then grep -Eq "^[[:blank:]]*${lvmvar}[[:blank:]]*=[[:blank:]]*${RET}[[:blank:]]*(#|$)" ${LVMCONF} || sed -Ei "s@^(\s*${lvmvar}\s*=).*@\1 ${RET}@" ${LVMCONF} fi done fi # And then purge the database: db_purge db_stop ;; esac case "${1}" in purge|remove) # Remove bilibop-rules script from the initramdisk: if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u fi # Trigger uevents for block devices owned by 'disk' group. if [ -f /etc/udev/udev.conf ]; then . /etc/udev/udev.conf fi udev_root="${udev_root:-/dev}" udev_root="${udev_root%/}" if [ -f /proc/partitions -a -d /sys/block -a -c ${udev_root}/null ] && invoke-rc.d udev status >${udev_root}/null 2>&1; then cd ${udev_root} for dev in $(find * -type b -group disk); do grep -q "[[:blank:]]${dev}$" /proc/partitions && opt="${opt} --sysname-match=${dev}" done udevadm trigger ${opt} udevadm settle cd ${OLDPWD} fi # Udev does not remove empty tag directories; so we do it here. for tag in BILIBOP INSIDEV; do if [ -d /run/udev/tags/${tag} ]; then rmdir --ignore-fail-on-non-empty /run/udev/tags/${tag} fi done ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/bilibop-lockfs.links0000644000000000000000000000033412165414757015302 0ustar lib/bilibop/lockfs_mount_helper sbin/mount.lockfs usr/share/man/man8/lockfs_mount_helper.8.gz usr/share/man/man8/mount.lockfs.8.gz usr/share/man/fr/man8/lockfs_mount_helper.8.gz usr/share/man/fr/man8/mount.lockfs.8.gz bilibop-0.4.20/debian/bilibop-lockfs.postrm0000644000000000000000000000120412244114417015467 0ustar #!/bin/sh set -e case "${1}" in purge) # Comment bilibop-lockfs specific configuration variables in # the common bilibop config file: CONFIGFILE="/etc/bilibop/bilibop.conf" if grep -qs '^[[:blank:]]*BILIBOP_LOCKFS\(_[A-Z]\+\)*=' ${CONFIGFILE}; then sed -i 's,^[[:blank:]]*BILIBOP_LOCKFS\(_[A-Z]\+\)*=,#&,' ${CONFIGFILE} fi ;; esac case "${1}" in purge|remove) # Remove bilibop-lockfs scripts from the initramdisk: if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u fi ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/bilibop-common.manpages0000644000000000000000000000030312165414757015760 0ustar usr/share/man/man1/drivemap.1 usr/share/man/man1/drivemap.fr.1 usr/share/man/man5/bilibop.conf.5 usr/share/man/man5/bilibop.conf.fr.5 usr/share/man/man7/bilibop.7 usr/share/man/man7/bilibop.fr.7 bilibop-0.4.20/debian/bilibop-common.docs0000644000000000000000000000004312165414757015116 0ustar usr/share/doc/bilibop-common/misc/ bilibop-0.4.20/debian/bilibop-rules.bilibop.udev0000644000000000000000000001242512244253426016411 0ustar # /lib/udev/rules.d/66-bilibop.rules # # Do not edit this file, it will be overwritten on updates. Instead, # you can run /usr/share/bilibop/bilibop_rules_generator to create a # (pre)customized sample /etc/udev/rules.d/66-bilibop.rules, and modify # it if necessary. # Process only on some block devices: SUBSYSTEM!="block", GOTO="bilibop_end" ACTION!="add|change", GOTO="bilibop_end" KERNEL=="dm-?*|loop?*", GOTO="bilibop_virtual_block" KERNEL!="sd?*|mmcblk?*|mspblk?*", GOTO="bilibop_end" # For the resulting block devices, skip all that is not USB, FireWire or Flash # Memory cards, and test if the device is hosted by the same disk than the root # filesystem. If yes, fix its group to 'disk' (this is mandatory), add a tag, # go to a xxx label to continue... SUBSYSTEMS=="usb|firewire|memstick|mmc", \ PROGRAM=="bilibop_disk --test %r/%k", \ GROUP:="disk", \ TAG+="BILIBOP", \ GOTO="bilibop_physical_block" # Tag internal physical block devices (disks and partitions) SUBSYSTEMS=="usb|firewire", GOTO="bilibop_end" KERNEL=="sd?*", TAG+="INSIDEV" GOTO="bilibop_end" LABEL="bilibop_physical_block" # The partitions - add an environment variable: ATTR{partition}=="?*", \ ENV{BILIBOP_PARTITION}="%r/%k", \ GOTO="bilibop_subdevice" # The disk - add a symlink and an environment variable: ATTR{removable}=="?*", \ PROGRAM=="bilibop_disk --disk %r/%k", \ SYMLINK+="%c", \ ENV{BILIBOP_DISK}="%r/%k" # The disk - say Udisks to not detach the drive from its bus, # and set it as 'system internal': ATTR{removable}=="?*", \ TEST=="/lib/udev/rules.d/80-udisks.rules", \ ENV{ID_DRIVE_DETACHABLE}:="0", \ ENV{UDISKS_SYSTEM_INTERNAL}:="1" # The disk - do the same for Udisks 2.x: ATTR{removable}=="?*", \ TEST=="/lib/udev/rules.d/80-udisks2.rules", \ ENV{UDISKS_CAN_POWER_OFF}:="0", \ ENV{UDISKS_SYSTEM}:="1" # Nothing else to do with the disk node, go away: ATTR{removable}=="?*", \ GOTO="bilibop_end" # Now process on loopback and mapped devices. If they are hosted by the same # disk than the root filesystem, add their parent partition's name to the # udev database: LABEL="bilibop_virtual_block" # Process only on associated loop devices KERNEL=="loop?*", \ TEST=="loop/backing_file", \ PROGRAM=="bilibop_disk --test %r/%k", \ PROGRAM=="bilibop_disk --part %r/%k", \ ENV{BILIBOP_UNDERLYING_PARTITION}="%c", \ TAG+="BILIBOP", \ GOTO="bilibop_subdevice" # When a dm device has been added from the initrd environment (and this is the # case for bilibop's encrypted LVM), the udev instance launched by init in the # system environment triggers a spurious 'add' event, leading udev to be out # of sync (see 55-dm.rules): it can happen that a dm device has no symlink at # all in the udev database, and symlinks existing in /dev are no more managed # by udev. Then 'update-grub' can fail; and bilibop's physical_volumes_filter # script needs at least one symlink, so we restore it here. KERNEL=="dm-?*", \ PROGRAM=="bilibop_disk --test %r/%k", \ PROGRAM=="bilibop_disk --part %r/%k", \ ENV{BILIBOP_UNDERLYING_PARTITION}="%c", \ SYMLINK+="mapper/$attr{dm/name}", \ TAG+="BILIBOP", \ GOTO="bilibop_subdevice" # Now we will process on the partitions and virtual block devices that have # been tagged 'BILIBOP'... GOTO="bilibop_end" LABEL="bilibop_subdevice" # Add two other symlinks: one targetting the root filesystem (root), # and the other targetting its underlying partition (part): PROGRAM=="bilibop_disk --root %r/%k", SYMLINK+="%c" # Do not perform direct access (with blkid -p) to suspended dm devices. ENV{DM_SUSPENDED}=="1", GOTO="bilibop_dm_end" # Due to the bilibop configuration file, based on ID_FS_* udev variables, we # need additional information here, and we want to be sure this information # is available for the next rules (udisks). Additionnaly, drivemap(1) and # lsbilibop(8) commands can need to query ID_FS_* values, even if udisks is # not installed. ENV{ID_FS_USAGE}=="", IMPORT{program}="/sbin/blkid -o udev -p %r/%k" # If the device is a Logical Volume, we *restore* /dev/vg_name/lv_name symlink # in udev database (see above). This overrides the *-dm.rules and *-lvm.rules. KERNEL!="dm-?*", GOTO="bilibop_dm_end" ATTR{dm/uuid}=="LVM-?*", ENV{DM_LV_NAME}=="", \ IMPORT{program}="/sbin/dmsetup splitname --nameprefixes --noheadings --rows $attr{dm/name}" ENV{DM_LV_NAME}=="?*", ENV{DM_VG_NAME}=="?*", ENV{DM_LV_LAYER}=="", \ SYMLINK+="$env{DM_VG_NAME}/$env{DM_LV_NAME}" LABEL="bilibop_dm_end" # The following rules are for the desktop environment; they make sense only if # udisks and/or udisks2 are installed: TEST!="/lib/udev/rules.d/80-udisks.rules", GOTO="bilibop_udisks_end" PROGRAM=="bilibop_disk --lock %r/%k", ENV{UDISKS_SYSTEM_INTERNAL}:="1" PROGRAM=="bilibop_disk --hide %r/%k", ENV{UDISKS_PRESENTATION_HIDE}:="1", GOTO="bilibop_udisks_end" PROGRAM=="bilibop_disk --icon %r/%k", ENV{UDISKS_PRESENTATION_ICON_NAME}:="%c" PROGRAM=="bilibop_disk --name %r/%k", ENV{UDISKS_PRESENTATION_NAME}:="%c" LABEL="bilibop_udisks_end" TEST!="/lib/udev/rules.d/80-udisks2.rules", GOTO="bilibop_udisks2_end" PROGRAM=="bilibop_disk --lock %r/%k", ENV{UDISKS_SYSTEM}:="1" PROGRAM=="bilibop_disk --hide %r/%k", ENV{UDISKS_IGNORE}:="1", GOTO="bilibop_udisks2_end" PROGRAM=="bilibop_disk --icon %r/%k", ENV{UDISKS_ICON_NAME}:="%c" PROGRAM=="bilibop_disk --name %r/%k", ENV{UDISKS_NAME}:="%c" LABEL="bilibop_udisks2_end" LABEL="bilibop_end" bilibop-0.4.20/debian/bilibop-rules.postinst0000644000000000000000000003702312251216373015711 0ustar #!/bin/sh set -e # Source debconf library: . /usr/share/debconf/confmodule # Source bilibop library: . /lib/bilibop/common.sh get_udev_root PATH="${PATH}:/usr/share/bilibop" ETC_RULES_DIR="/etc/udev/rules.d" belongs_to_floppy_group() { stat -c %G ${1}* | grep -q '^floppy$' } global_filter_is_supported() { local version="$(dpkg -l lvm2 | awk '/^ii/ {print $3}')" dpkg --compare-versions ${version} ge 2.02.98 } case "${1}" in configure|reconfigure) # GRUB device.map management # ========================== # Backup device.map; it will be restored when (if) the package will be # purged. DEVICE_MAP="/boot/grub/device.map" if [ -f "${DEVICE_MAP}" -a ! -f "${DEVICE_MAP}.bak" ]; then cp -a ${DEVICE_MAP} ${DEVICE_MAP}.bak fi # Debconf specific configuration # ============================== # At first, backup some values if this is not already done. HELPER="physical_volumes_filter" LVMCONF="/etc/lvm/lvm.conf" lvm_variables="obtain_device_list_from_udev filter" global_filter_is_supported && lvm_variables="${lvm_variables} global_filter" if [ -f "${LVMCONF}" ]; then for lvmvar in ${lvm_variables}; do db_fget bilibop-rules/${HELPER}/${lvmvar} seen [ "${RET}" = "true" ] && continue lvmval="$(grep "^[[:blank:]]*${lvmvar}[[:blank:]]*=" ${LVMCONF} | sed 's,^[^=]\+=\s*,,')" if [ -n "${lvmval}" ]; then db_set bilibop-rules/${HELPER}/${lvmvar} ${lvmval} db_fset bilibop-rules/${HELPER}/${lvmvar} seen true # Now the initial values of 'obtain_device_list_from_udev', # 'filter' and 'global_filter' are stored in the debconf # db. They will be restored if the package is purged. fi done fi # Modify system settings only if the package is not intended to be # installed on a Live System. db_get bilibop-rules/on-live-system if [ "${RET}" = "false" ]; then # make_unpersistent_rules # ----------------------- # Replace persistent rules files by symlinks in a per-file basis # (this can be useful if the external system travels with a PCMCIA # ethernet card or an external CD/DVD burner) HELPER="make_unpersistent_rules" db_get bilibop-rules/${HELPER} case "${RET}" in keep) ;; cd|net) ${HELPER} --only ${RET} ;; none) ${HELPER} --restore ;; all) ${HELPER} ;; esac # grub_device_map_manager # ----------------------- # Set GRUB device map only if GRUB is installed (both as package # and as bootloader): # This is for MBR/ms-dos partition tables: #GRUB="$(dd if=${BILIBOP_DISK} bs=1 skip=384 count=4 2>/dev/null)" HELPER="grub_device_map_manager" if [ -d "/boot/grub" -a -x "/usr/sbin/grub-mkdevicemap" ]; then db_get bilibop-rules/${HELPER} if [ "${RET}" != "keep" ]; then CONFIGFILE="/etc/bilibop/bilibop.conf" KEY="BILIBOP_RULES_FAKE_DEVICE_MAP" case "${RET}" in static) opt="--update" if [ -h "${DEVICE_MAP}" ]; then opt="--remove ${opt}" fi ;; fake) opt="--fake" if [ -h "${DEVICE_MAP}" ]; then opt="--remove ${opt}" fi ;; dynamic) opt="--link" if [ -f "${CONFIGFILE}" ]; then # Override the variable ? #echo "${KEY}=\"true\"" >>${CONFIGFILE} # Change the value ? #sed -i "s:^\(\s*${KEY}\)=\([\"\']\?\)false\2:\1=\2true\2:" ${CONFIGFILE} # Comment the line ? #sed -i "s:^\(\s*${KEY}\)=\([\"\']\?\)false\2:#&:" ${CONFIGFILE} # Delete the line ? sed -Ei "/^(\s*${KEY})=([\"\']?)false\2/d" ${CONFIGFILE} fi ;; ondemand) opt="--link --update" if grep -qs "^[[:blank:]]*${KEY}=" ${CONFIGFILE}; then grep -Eq "^[[:blank:]]*${KEY}=([\"\']?)false\1" ${CONFIGFILE} || sed -Ei "s:^(\s*${KEY})=.*:\1=\"false\":" ${CONFIGFILE} elif grep -Eqs "^[[:blank:]]*(#[[:blank:]]*)+${KEY}=([\"\']?)false\2" ${CONFIGFILE}; then sed -Ei "s:^(\s*)(#\s*)+(${KEY})=([\"\']?)false\4:\1\3=\"false\":" ${CONFIGFILE} else echo "${KEY}=\"false\"" >>${CONFIGFILE} fi ;; esac ${HELPER} ${opt} fi fi fi # Now we have to take care of the order of the processes: # 1. Ask the user if she wants to use a custom rules file # 2. Trigger uevents to apply bilibop (custom or generic) # udev rules # 3. Then ask the user if she wants to modify lvm.conf # (needs BILIBOP udev-tagged devices) # 4. Update initramfs by including the (modified or not) # lvm.conf if [ -h /proc/mounts -a -d /sys/block -a -c ${udev_root}/null ] && invoke-rc.d udev status >${udev_root}/null 2>&1 && BILIBOP_DISK="$(physical_hard_disk /)" && query_sysfs_attrs ${BILIBOP_DISK} | grep -Eq '^[[:blank:]]*SUBSYSTEMS=="(usb|firewire|memstick|mmc)"'; then db_get bilibop-rules/on-live-system if [ "${RET}" = "false" ]; then # bilibop_rules_generator # ----------------------- # Maybe build custom rules CUSTOM_RULES="false" HELPER="bilibop_rules_generator" if [ -f ${ETC_RULES_DIR}/66-bilibop.rules ]; then db_get bilibop-rules/${HELPER}/overwrite if [ "${RET}" = "rebuild" ]; then CUSTOM_RULES="true" elif [ "${RET}" = "remove" ]; then rm ${ETC_RULES_DIR}/66-bilibop.rules # Now that the custom rules file has been removed, # say to debconf the user does not want to build it. db_reset bilibop-rules/${HELPER}/customize db_fset bilibop-rules/${HELPER}/customize seen true # But also say to keep it if it is rebuilt manually. # We don't set the seen flag to true: if the custom # rules file has been built manually, the question # should be asked on next package upgrade. db_reset bilibop-rules/${HELPER}/overwrite fi else db_get bilibop-rules/${HELPER}/customize if [ "${RET}" = "true" ]; then CUSTOM_RULES="true" fi fi # Build the custom rules: if [ "${CUSTOM_RULES}" = "true" ]; then db_get bilibop-rules/${HELPER}/options if ${HELPER} ${RET} -t ${BILIBOP_DISK} 2>${udev_root}/null; then # Custom rules file has been successfully created; # so say debconf to keep it the next time the package # is configured: db_reset bilibop-rules/${HELPER}/overwrite db_fset bilibop-rules/${HELPER}/overwrite seen true else CUSTOM_RULES="false" fi fi fi # Udev specific configuration # =========================== # Trigger uevents for block devices owned by 'disk' group # or being on the same disk than the root filesystem. BILIBOP_LIST="$(lsbilibop -l)" opt="--sysname-match=${BILIBOP_DISK##*/}*" for dev in ${BILIBOP_LIST}; do case "${dev}" in ${BILIBOP_DISK}*) ;; *) opt="${opt} --sysname-match=${dev##*/}" ;; esac done udevadm trigger ${opt} udevadm settle # But it can happen that this doesn't work and new rules must be # explicitly loaded before triggering uevents: if belongs_to_floppy_group ${BILIBOP_DISK}; then udevadm control --reload-rules udevadm trigger ${opt} udevadm settle # Now do something if the drive and its partitions still belong # to the floppy group. if belongs_to_floppy_group ${BILIBOP_DISK}; then for dev in $(find ${BILIBOP_DISK}* -group floppy); do flop="${flop:+${flop} }${dev}" done if [ -f "${ETC_RULES_DIR}/66-bilibop.rules" -a "${CUSTOM_RULES}" != "true" ]; then # Custom rules file exists, but it has not been created # just before: db_subst bilibop-rules/belongs_to_floppy_group/custom_rules_error DEVICE "${flop}" db_input critical bilibop-rules/belongs_to_floppy_group/custom_rules_error || true db_go || true else # Custom rules file does not exist, or it has just been # created: db_subst bilibop-rules/belongs_to_floppy_group/internal_error DEVICE "${flop}" db_input critical bilibop-rules/belongs_to_floppy_group/internal_error || true db_go || true fi fi fi # Debconf stuff... again (because we need updated udev tags to do it) # ====================== db_get bilibop-rules/on-live-system if [ "${RET}" = "false" ]; then # physical_volumes_filter # ----------------------- HELPER="physical_volumes_filter" # The file copied into the initrd is always /etc/lvm/lvm.conf # (the hook does not care about LVM_SYSTEM_DIR); so we reset # LVM_SYSTEM_DIR to be sure the helper script will apply to # this file. export LVM_SYSTEM_DIR="/etc/lvm" LVMCONF_RECONFIGURE="0" if lsblk ${BILIBOP_DISK} --noheadings -o type,fstype | grep -Eq '\<(lvm|LVM2_member)\>'; then OLDPVFILTER="$(${HELPER})" || true db_get bilibop-rules/${HELPER}/system-only if [ "${RET}" = "true" ]; then unlinked= untagged= PV_LIST="$(lsblk --noheadings -o fstype,kname ${BILIBOP_DISK} | awk '/^LVM2_member/ {print $2}')" for dev in ${PV_LIST}; do linked="false" for symlink in $(udevadm info --query symlink --name ${dev}); do case "${symlink}" in disk/by-id/*|mapper/*) linked="true" break ;; esac done [ "${linked}" = "true" ] || unlinked="${unlinked:+${unlinked} }${udev_root}/${dev}" [ "$(lsbilibop ${udev_root}/${dev})" = "${udev_root}/${dev}" ] || untagged="${untagged:+${untagged} }${udev_root}/${dev}" done fi if [ "${RET}" = "true" -a -z "${untagged}" -a -z "${unlinked}" ]; then [ -f "${LVMCONF}" ] || ${HELPER} --init ${HELPER} --overwrite --udev --accept bilibop --reject all else if [ "${RET}" = "true" ]; then db_reset bilibop-rules/${HELPER}/system-only if global_filter_is_supported; then warning="with_global_filter/warning" db_get bilibop-rules/${HELPER}/global_filter db_subst bilibop-rules/${HELPER}/${warning} GLOBAL_FILTER "${RET}" else warning="without_global_filter/warning" fi db_subst bilibop-rules/${HELPER}/${warning} UNTAGGED "${untagged}" db_subst bilibop-rules/${HELPER}/${warning} UNLINKED "${unlinked}" db_get bilibop-rules/${HELPER}/obtain_device_list_from_udev db_subst bilibop-rules/${HELPER}/${warning} FROMUDEV "${RET}" db_get bilibop-rules/${HELPER}/filter db_subst bilibop-rules/${HELPER}/${warning} FILTER "${RET}" db_input critical bilibop-rules/${HELPER}/${warning} || true db_go || true fi for lvmvar in ${lvm_variables}; do db_get bilibop-rules/${HELPER}/${lvmvar} if [ -n "${RET}" ] && grep -qs "^[[:blank:]]*${lvmvar}[[:blank:]]*=" ${LVMCONF}; then grep -Eq "^[[:blank:]]*${lvmvar}[[:blank:]]*=[[:blank:]]*${RET}[[:blank:]]*(#|$)" ${LVMCONF} || sed -Ei "s@^(\s*${lvmvar}\s*=).*@\1 ${RET}@" ${LVMCONF} fi done fi NEWPVFILTER="$(${HELPER})" || true if [ "${NEWPVFILTER}" != "${OLDPVFILTER}" ]; then LVMCONF_RECONFIGURE="1" # Regenerate cache file: vgscan --ignorelockingfailure fi fi fi fi db_stop # Add a new script in the initramfs. And modify it also if LVM has # been reconfigured (see above): if [ -x /usr/sbin/update-initramfs ]; then if [ "${DEBCONF_RECONFIGURE}" = "1" ]; then if [ "${LVMCONF_RECONFIGURE}" = "1" ]; then update-initramfs -u fi else update-initramfs -u fi fi ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/substvars0000644000000000000000000000054512236272332013312 0ustar Description=Bilibop helps to maintain a Debian GNU/Linux operating system installed${Newline}on an external media (USB, FireWire, Flash memory, eSATA). It hardens${Newline}standard rules and policies to make the system more robust in this${Newline}particular situation. Requirement=Some features may require Linux kernel 2.6.37 or higher to work properly. bilibop-0.4.20/debian/bilibop-rules.config0000644000000000000000000000641012236272332015267 0ustar #!/bin/sh set -e # Source debconf library: . /usr/share/debconf/confmodule db_version 2.0 db_capb backup # Get udev root path . /lib/bilibop/common.sh get_udev_root # Do you intend to install this package on a live system ? # Ask it only once, please... db_fget bilibop-rules/on-live-system seen if [ "${RET}" != "true" ]; then db_input critical bilibop-rules/on-live-system || true db_go || true fi # If this package is intended to be installed on a Live System, # then skip other questions. db_get bilibop-rules/on-live-system if [ "${RET}" = "true" ]; then db_stop exit 0 fi # make_unpersistent_rules # ----------------------- if [ -d "/run/udev/rules.d" ]; then db_input high bilibop-rules/make_unpersistent_rules || true db_go || true fi # grub_device_map_manager # ----------------------- if [ -d "/boot/grub" -a -x "/usr/sbin/grub-mkdevicemap" ]; then db_input high bilibop-rules/grub_device_map_manager || true db_go || true fi # bilibop_rules_generator # ----------------------- # Next questions (in the loop) should have the same priority: prio="low" STATE=1 while true; do case "${STATE}" in 0) # Don't go back: STATE=1 continue ;; 1) if [ -f /etc/udev/rules.d/66-bilibop.rules ]; then db_input ${prio} bilibop-rules/bilibop_rules_generator/overwrite || true else db_input ${prio} bilibop-rules/bilibop_rules_generator/customize || true fi ;; 2) CUSTOM_RULES="false" if [ -f /etc/udev/rules.d/66-bilibop.rules ]; then db_get bilibop-rules/bilibop_rules_generator/overwrite if [ "${RET}" = "rebuild" ]; then CUSTOM_RULES="true" db_input ${prio} bilibop-rules/bilibop_rules_generator/options || true fi else db_get bilibop-rules/bilibop_rules_generator/customize if [ "${RET}" = "true" ]; then CUSTOM_RULES="true" db_input ${prio} bilibop-rules/bilibop_rules_generator/options || true fi fi ;; 3) if [ "${CUSTOM_RULES}" = "true" ]; then db_get bilibop-rules/bilibop_rules_generator/options /usr/share/bilibop/bilibop_rules_generator -o ${udev_root}/null ${RET} 2>${udev_root}/null || db_input ${prio} bilibop-rules/bilibop_rules_generator/bad_options fi ;; *) break ;; esac if db_go; then STATE=$((STATE+1)) else STATE=$((STATE-1)) fi done # physical_volumes_filter # ----------------------- if [ -h /proc/mounts -a -d /sys/block ]; then for blk in $(ls /sys/block | grep -Ev '^(loop|dm-)'); do if lsblk ${udev_root}/${blk} --noheadings -o mountpoint | grep -q '^/$'; then SYSTEM_DISK="${udev_root}/${blk}" break fi done if lsblk ${SYSTEM_DISK} --noheadings -o type,fstype | grep -Eq '\<(lvm|LVM2_member)\>'; then db_input low bilibop-rules/physical_volumes_filter/system-only || true db_go || true fi fi db_stop #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/compat0000644000000000000000000000000212165414757012537 0ustar 9 bilibop-0.4.20/debian/bilibop-rules.install0000644000000000000000000000075712165414757015512 0ustar bin/lsbilibop bin lib/bilibop/pvfilter.sh lib/bilibop lib/bilibop/rules.sh lib/bilibop lib/udev/bilibop_disk lib/udev usr/share/bilibop/bilibop_rules_generator usr/share/bilibop usr/share/bilibop/grub_device_map_manager usr/share/bilibop usr/share/bilibop/make_unpersistent_rules usr/share/bilibop usr/share/bilibop/physical_volumes_filter usr/share/bilibop usr/share/initramfs-tools/scripts/local-bottom/bilibop-rules usr/share/initramfs-tools/scripts/local-bottom bilibop-0.4.20/debian/changelog0000644000000000000000000010247112251231137013201 0ustar bilibop (0.4.20) unstable; urgency=low * bilibop-common: * Modify common.sh: replace '/sbin/udevadm' by just 'udevadm', and declare a udevadm() function if the command itself is not in the PATH. This should work with all versions of udev. * Modify device_node_from_major_minor(): rely on the contents of /dev/block (as these symlinks are not created by udev). * Modify drivemap.sh: add a missing debug command at the beginning of a function. * Modify lib/bilibop/disk: set -e * Fix a typo in drivemap.sh and the drivemap command: rename function _drivemap_max_mp_lenght() -> _drivemap_max_mp_length(), and also fix the same spelling error for the variable lenght -> length. * Update bilibop(7) and bilibop.conf(5) manpages (and also the french translations). * Update documentation (README.Debian, examples/bilibop.conf, misc/*.txt). * bilibop-rules: * Add translations for the debconf templates: + Italian: thanks to Beatrice Torracca Closes: #727755. + Portuguese: thanks to Américo Monteiro Closes: #730000. * Modify the config maintscript and the initramfs script: as the --run option no more works for 'udevadm info', use the hardcoded /run/udev instead. * Modify the udev rules file: rely on the 'removable' attribute to know that a device is a disk (as for the 'partition' attribute to know that a device is a partition); also do not set unconditionally Udisks ENV variables for the disk; reorder some rules, rename LABELs, + other cosmetics. * Update bilibop_rules_generator helper script for consistency. * Fix management of errors in physical_volumes_filter and pvfilter.sh * Remove a reference to a non-existent manpage in pvfilter.sh * Fix a spelling error in the help page of physical_volumes_filter. * Modify _pvfilter_find_dev_links(): use a best 'find' commandline, and simplify its output filter (grep). * Modify postinst to regenerate the cache file if the filter value has been modified in lvm.conf * Add support for the LVM 'global_filter' variable (lvm2 >= 2.02.98): + Add '_pvfilter_has_global()' function in pvfilter.sh: just tests if the 'global_filter' variable is supported by the version of lvm2 actually installed on the system. + Modify _pvfilter_init_lvm_configfile(). + Modify _pvfilter_init_device_filters(). + Add --global and --noglobal options to the helper script. + Rename debconf template: 'bilibop-rules/physical_volumes_filter/warning' -> 'bilibop-rules/physical_volumes_filter/without_global_filter/warning' + Add 'bilibop-rules/physical_volumes_filter/with_global_filter/warning' debconf template. + Update maintscripts. * Add support for Udisks 2.x (udisks2 package): + Modify the udev rules file to set udisks2 variables as well as udisks variables. + Update bilibop_rules_generator helper script for consistency. + Modify lsbilibop script: grep also udisks2 variables. * Replace all occurences of 'eval ${foo}' by [ "${foo}" = "true" ] (as eval ${foo} is true if ${foo} is empty). * Replace all occurences of '\s' by the POSIX class '[[:blank:]]' in grep commands (see bug #729581/#730146). * Update lsbilibop(8) manpage (and also the french translation). * Update documentation (README.Debian, examples/bilibop.conf). * bilibop-lockfs: * Add 'random' as a possible value for BILIBOP_LOCKFS_SWAP_POLICY: this allows one to specify to use a swap device only if it is encrypted with a random key. + Add new function is_randomly_encrypted() in lockfs.sh + Modify get_swap_policy() and apply_swap_policy() in lockfs.sh * Add a new boot option 'lockfs=default', used to reset bilibop-lockfs variables to their default values, i.e. empty strings (but BILIBOP_LOCKFS itself, which is then set to 'true'); modify lockfs_mount_helper and the initramfs scripts accordingly. * Modify lockfs_mount_helper and local-bottom initramfs script to also accept boot options of the form 'lockfs=-/foobar', where /foobar is a mountpoint to whitelist. * Remove unneeded code about 'crypto_LUKS' filesystem types in the mount helper script: the mount.crypt command (libpam-mount) already manages permissions of children virtual devices (loop and dm) when the 'ro' option is encountered in the fstab entry. * Add new function get_device_node() in lockfs.sh: if LABEL=* is used in fstab, translate '/' characters to their hex value to be sure to find the symlink in /dev/disk/by-label/; modify unlock_logical_volume() and is_encrypted() to call it. * Add support for LVM 'global_filter' variable in lockfs.sh: modify initialize_lvm_conf() and blacklist_bilibop_devices(); so 'global_filter' is unconditionally set to the same value than 'filter'. * Modify local-bottom initramfs script: when calling 'is_removable()', don't call 'physical_hard_disk()' again, as BILIBOP_DISK has already been computed. * Replace all occurences of '\s' by the POSIX class '[[:blank:]]' in grep commands. * Update documentation (README.Debian, TODO, examples/bilibop.conf). * bilibop-udev: * Modify the udev rules file: rely on the 'removable' attribute to know that a device is a disk. * Replace all occurences of '\s' by the POSIX class '[[:blank:]]' in grep commands. * debian/control: * Update bilibop-lockfs and bilibop-rules extended descriptions. * Move aufs-tools from Recommends: to Suggests: for bilibop-lockfs. * Add udisks2 as an alternative to udisks in Recommends: for bilibop-rules. * Bump Standards-Version: to 3.9.5; no changes. * Update debian/po/templates.pot and debian/po/*.po * Add debian/source.lintian-overrides (newer-standards-version 3.9.5), as lintian (2.5.19) is not yet updated (see #729096). * Add debian/bilibop-rules.lintian-overrides (unused-debconf-template): the postinst script embeds the ${HELPER} variable in template names. -- Yann Amar Mon, 09 Dec 2013 02:58:24 +0000 bilibop (0.4.19) unstable; urgency=high * bilibop-lockfs: - Modify parse_and_modify_fstab() in lockfs.sh: skip 'rbind' mounts as well as 'bind' mounts. - Modify lockfs_mount_helper script: set -e. - Simplify lockfs_mount_helper; especially, rewrite the mount_fallback() function to parse the arguments provided by the parent process (mount) 'as is', and do not 'exec mount', but just 'mount' instead, to be able to exit with a code != 0 when mount_fallback() is called. - Modify lockfs_mount_helper and the local-bottom initramfs script to parse options (BILIBOP_LOCKFS_SIZE and boot commandline) and set the size of the tmpfs in a better and more reliable way (use regex instead of glob patterns). - Add new function 'is_write_protected()' in lockfs.sh (takes into account sd, mmcblk and mspblk devices) and call it from the local-bottom initramfs script. - Modify init-top initramfs script: in the case any drive is physically locked, override BILIBOP_LOCKFS and BILIBOP_LOCKFS_POLICY. * bilibop-rules: Fix a bug in lsbilibop: since udev is now a part of systemd, 'udevadm info --root' no more works to query the udev_root value; so query it directly from udev.conf instead. (Closes: #727682) -- Yann Amar Fri, 25 Oct 2013 13:46:29 +0000 bilibop (0.4.18) unstable; urgency=low * Add japanese translation for the debconf templates; thanks to (closes: #726975). * debian/copyright: fix my name also here. -- Yann Amar Wed, 23 Oct 2013 18:11:08 +0000 bilibop (0.4.17) unstable; urgency=low * bilibop-lockfs: modify local-bottom initramfs script and lockfs_mount_helper to override configuration variables and even boot parameters when the drive is physically locked (write protected by a switch). * bilibop-rules: fix typos in debconf templates; update po files. * debian/control: fix my name, and remove "Uploaders:" field. -- Yann Amar Fri, 11 Oct 2013 00:30:15 +0000 bilibop (0.4.16) unstable; urgency=low * bilibop-rules: move db_reset and db_fset commands from config to postinst script; this should improve the behavior of the scripts during package upgrade if a custom rules file has been built manually. Add comments. * debian/substvars: remove trailing ${Newline} in the "Description" variable. It had been added to work around bug #659814 (dpkg-dev), which has been recently fixed. -- bilibop project Tue, 17 Sep 2013 11:46:55 +0000 bilibop (0.4.15) unstable; urgency=low * bilibop-rules: modify bilibop-rules.bilibop.udev to avoid direct access (with blkid -p) to suspended dm devices; then create the symlink (as mapper/dm_name) earlier; update bilibop_rules_generator for consistency. -- bilibop project Fri, 09 Aug 2013 20:19:40 +0200 bilibop (0.4.14) unstable; urgency=low * bilibop-common: fix spelling errors in manpages. * bilibop-rules: - Modify postrm script: fix an error about udev tags directory path. - Include missing 'rlvm' sample script in the package. - Modify 'rlvm' sample (rely on $SHELL environment variable). -- bilibop project Sat, 20 Jul 2013 00:28:48 +0200 bilibop (0.4.13) unstable; urgency=low * bilibop-common: update bilibop.conf(5) manual pages. * bilibop-rules: - Modify maintainer scripts: fix syntax errors; keep variable names consistency between scripts; backup GRUB device.map in postinst, and restore it in postrm (purge); do not create a fake device.map in prerm, just a broken symlink. - Add a sample script (in the doc) to ease the use of the physical_volumes_filter helper script. - Update README.Debian - Remove the TODO -- bilibop project Thu, 04 Jul 2013 15:17:21 +0200 bilibop (0.4.12) experimental; urgency=low * bilibop-common: - Modify 'underlying_device_from_aufs()'; take into account that an aufs branch is not necessarly the mountpoint of a device. - Update the copyright date of the shell library (common.sh). - Update main function's dependency tree in common.sh - Fix a typo in the french bilibop.conf manpage. - Update README.Debian * bilibop-lockfs: - In the local-bottom initramfs script, follow BILIBOP_LOCKFS_NOTIFY_POLICY to display non-error messages in plymouth. - debian/control: add plymouth in the 'Suggests:' field. * bilibop-rules: - Modify bilibop_rules_generator to ease the build of rules that can be applied to dual port devices (especially USB and MMC/MSP/SD). - Modify sysfs_attrs_rule() in bilibop_rules_generator: replace occurences of double quotes (") by a question mark (?) in values of attributes (as " means inch) instead of removing these attributes. - Modify make_unpersistent_rules and the initramfs script to fix a design error in the 'unpersistent rules' feature. This mainly affected the cd rules (symlinks to /dev/sr* were not always created or updated). - Make the package debconf-configurable: rewrite existing maintscripts; add bilibop-rules.config and bilibop-rules.templates; add debian/po/ and populate it; modify debian/control and debian/rules. - Add french translation for debconf. - Update README.Debian * bilibop-udev: - Modify postinst script: if the disk hosting the system (or one of its partitions) still belong to 'floppy' group, then exit with error, unless a custom rules file exists. - modify postrm script: be sure /sys/block exists before doing things; use ERE instead of BRE in grep commands. - Update README.Debian * debian/control: update Homepage: and Vcs-Git: fields. * debian/copyright: remove the 'Source: ' field and update copyright dates. * debian/substvars: replace the strict requirement by something more soft, as an advice. -- bilibop project Wed, 03 Jul 2013 20:58:40 +0200 bilibop (0.4.11) experimental; urgency=low * bilibop-common: modify /lib/bilibop/test to output the value of BILIBOP_COMMON_BASENAME, unless the -q option is used. * bilibop-udev: - Modify the udev rules file to create a symlink with the output of /lib/bilibop/test. - Rewrite postinst script to not fail when the package is installed in a chrooted or debootstraped environment, and explicitly load the udev rules before triggering uevents. * bilibop-rules: fix an error (typo) about -x option in the physical_volumes_filter script. -- bilibop project Mon, 13 May 2013 01:21:57 +0200 bilibop (0.4.10) experimental; urgency=low * debian/compat: bump to compatibility level 9. * debian/control: down libnotify-bin from Recommends: to Suggests: for the bilibop-lockfs binary package. * bilibop-common: modify is_aufs_mountpoint() and physical_hard_disk(): set some local variables to an empty string to fix shell-dependant behaviours with the 'local' built-in command. * bilibop-rules: - Modify helper scripts in /usr/share/bilibop: set -e; reformat syntax (spaces, neawlines, indents); fix minor errors and cosmetics. - make_unpersistent_rules: replace the --skip option by the more explicit --only; remove the confusing --reverse option; allow to always handle the two files in the same command line. - bilibop_rules_generator: fix printf errors and output redirection, and manage minor failures to not abort immediately. - grub_device_map_manager: add link_device_map() function; do not automatically and stupidly remove the existing devive map when the --link option is used; fix typos. - lsbilibop: add -l option to not rely on BILIBOP udev tags; query the ID_DRIVE_DETACHABE value. - Update documentation. * bilibop-udev: add a new udev rule (to create a 'bootdisk' symlink). -- bilibop project Sat, 04 May 2013 01:57:21 +0200 bilibop (0.4.9) experimental; urgency=low * bilibop-rules: modify debian/bilibop-rules.bilibop-udev and bilibop_rules_generator to unconditionally set UDISKS_SYSTEM_INTERNAL to 1 for the main drive. * bilibop-lockfs: add 'activate_bilibop_lv()' in lockfs.sh functions, and call it from bilibop-lockfs local-bottom initramfs script. This is needed to be sure all Logical Volumes needed by the system (listed in /etc/fstab and/or /etc/crypttab) are active at this step. * Fix typos: replace all occurences of \' by \(aq in manual pages. -- bilibop project Sun, 31 Mar 2013 18:47:41 +0200 bilibop (0.4.8) experimental; urgency=low * bilibop-udev: rewrite postinst script. -- bilibop project Mon, 25 Mar 2013 06:41:23 +0100 bilibop (0.4.7) experimental; urgency=low * bilibop-udev: fix a bux in the udev rules (a matching rule as KERNEL=="$result*" is not supported by udev). * bilibop-common: add /lib/bilibop/test (to be used by new bilibop-udev udev rule); as the 'proof of concept' /lib/bilibop/disk is no more needed by bilibop-udev, modify it to output the full path of the disk. * debian/control: move versioned dependency on initscripts from bilibop-common to bilibop-lockfs and bilibop-rules. * Remove debian/source.lintian-overrides (current version of the Debian policy is now 3.9.4). -- bilibop project Mon, 25 Mar 2013 04:59:17 +0100 bilibop (0.4.6) experimental; urgency=low * bilibop-lockfs: - Add support for plymouth: send a message from local-bottom initramfs script when bilibop-lockfs is enabled, disabled or has failed. - Allow to override/blank BILIBOP_LOCKFS_WHITELIST with 'lockfs=all' boot parameter. - Update documentation. * bilibop-rules: - Add a new helper script: physical_volumes_filter, and its shell functions: pvfilter.sh; the script is used to modify the variables 'obtain_device_list_from_udev' and 'filter' in lvm.conf. - Rewrite udev rules and bilibop_rules_generator to tag internal drives and partitions, and restore some dm-* related symlinks in the udev database (needed by the new script). - Update documentation. * debian/control: update bilibop-rules extended description. * Rewrite maintainer scripts. -- bilibop project Thu, 20 Dec 2012 12:45:39 +0100 bilibop (0.4.5) experimental; urgency=low * bilibop-lockfs: modify bilibop-lockfs initramfs scripts, lockfs.sh and lockfs_mount_helper: - 'noswap' boot parameter overrides BILIBOP_LOCKFS_SWAP_POLICY and set it to "hard". - parse /proc/cmdline in a more portable and robust way: take into account that the last runlevel (0 to 6, S and single) overrides all the previous ones; allow the general format 'lockfs[=opt1[,opt2[,opt3]]]' with options 'hard', 'soft', 'force' and an arbitrary string matching a regex for the size of the tmpfs used for /. * Update bilibop-lockfs documentation (README.Debian). * Update bilibop.conf(5) manual page for bilibop-lockfs related variables that can be overridden from boot commandline. -- bilibop project Wed, 28 Nov 2012 03:37:16 +0100 bilibop (0.4.4) experimental; urgency=low * Fix inconsistent variable name in the lockfs_mount_helper script. * Modify lockfs_mount_helper script: allow devices with 'crypto' ID_FS_USAGE (instead of only 'filesystem') to be listed in the BILIBOP_LOCKFS_WHITELIST variable. * Update bilibop.conf(5) manual pages (en & fr), and fix a translation error in the french version. -- bilibop project Tue, 27 Nov 2012 01:40:01 +0100 bilibop (0.4.3) experimental; urgency=low * bilibop-common: - Add lib/bilibop/disk (outputs the name of the disk hosting the root filesystem, or hosting a file, device or directory given as argument); - Update documentation (README.Debian and bugs.txt). * bilibop-lockfs: - Fix error due to invalid lvm.conf settings (read_only_volume_list should not be set if empty): modify 'bilibop-lockfs' initramfs scripts, and the functions 'parse_and_modify_fstab()', 'initialize_lvm_conf()', 'blacklist_bilibop_devices()', 'set_readonly_lvm_settings()' and 'unlock_logical_volume()'. - Improve support for loop devices (take into account that the first field in fstab can be a regular file instead of a block device): modify lockfs_mount_helper script and 'parse_and_modify_fstab()' function in lockfs.sh. * bilibop-udev: modify udev rules file (now based on lib/bilibop/disk; runs faster). Add postinst and postrm maintscripts to trigger spurious uevents. Update README.Debian. * debian/control: change Section of bilibop binary package (from misc to metapackages); change Depends of the same package (replace dependency on bilibop-device-policy virtual package by a versioned dependency on bilibop-rules). -- bilibop project Tue, 20 Nov 2012 15:22:57 +0100 bilibop (0.4.2) experimental; urgency=low * Update debian/bilibop-lockfs.dirs * Update debian/bilibop-lockfs.install * Add missing call to 'get_udev_root' in the bilibop_disk (bilibop-udev) script. -- bilibop project Fri, 16 Nov 2012 03:14:23 +0100 bilibop (0.4.1) experimental; urgency=low * Modify lockfs.sh: - add new functions: 'set_readonly_lvm_settings()', to modify 'locking_type', 'metadata_read_only' and 'read_only_volume_list'; and 'unlock_logical_volume()', to not lock (set read-only) whitelisted Logical Volumes. - rewrite 'initialize_lvm_conf()' to also initialize 'locking_type', 'metadata_read_only' and 'read_only_volume_list' LVM variables. - rewrite 'blacklist_bilibop_devices()'. - modify 'parse_and_modify_fstab()' to use 'unlock_logical_volumes()'. * bilibop-lockfs: - modify local-bottom initramfs script (call 'set_readonly_lvm_settings()' when lockfs policy is 'hard'). - modify initramfs hook to include a list of Logical Volumes in the initramdisk; this list is used by 'set_readonly_lvm_settings()'. - new init-top initramfs script, to call 'set_readonly_lvm_settings()' very early in the boot process, unless the 'nolockfs' parameter is used in the boot commandline. * Update documentation (debian/bilibop-lockfs.README.Debian). * Modify lockfs-notify script: replace 'permanent' by 'persistent' and 'temporary' by 'volatile'. * Modify bilibop.conf(5) manual pages: use the '.SS' tag, and replace \' by \(aq. * debian/control: update bilibop-lockfs description; since bilibop depends on bilibop-device-policy, remove 'all' from 'install all other BILIBOP packages'. For bilibop-udev, replace versioned suggestion on bilibop-lockfs by unversioned one. -- bilibop project Fri, 16 Nov 2012 00:46:57 +0100 bilibop (0.4.0) experimental; urgency=low * Add new binary package: bilibop-udev, as a minimal subset of bilibop-rules. There is a conflict between bilibop-udev and bilibop-rules, and each of them provides the 'bilibop-device-policy' virtual package. * bilibop-lockfs: the mount_fallback() function being the only one in lockfs.sh that can be used by the lockfs_mount_helper script, move it from lockfs.sh to lockfs_mount_helper, and source common.sh directly instead of lockfs.sh from lockfs_mount_helper. * bilibop-common: update documentation: - add a reference to bilibop-udev in misc/udev.txt - update misc/bugs.txt (new bug reported against udisks) - give additional information about encrypted swap devices (misc/swap.txt) - add a NOTE about hibernation, and explain how to hide the 'hibernate' button of xfce4-session-logout (misc/swap.txt) - give more info about the LVM 'filter' settings and how to use it from OS on external media (misc/lvm2.txt) - give detailed info on how to build and use non-default keymap in GRUB (misc/grub2.txt) * debian/changelog: fix a debchangelog syntax error in the Initial Release entry (add the missing colon after 'Closes'). * debian/control: update dependency relationships and description of the binary packages: - bilibop: modify the Depends: field; now bilibop depends on the virtual package 'bilibop-device-policy' instead of 'bilibop-rules (= version)'. - bilibop-common: modify the Suggests: field; now suggests the virtual package 'bilibop-device-policy' as above and remove (= version) for bilibop-lockfs. - bilibop-lockfs: modify the Recommends: and Suggests: fields in the same manner. Move 'aufs-tools' and 'libnotify-bin' from Suggests: to Recommends: field. Add some details in the long description. - bilibop-rules: add 'grub-common' and 'lvm2' in Recommends: and move 'udisks' from Suggests: to Recommends: field. Update short description. Add some details in the long description. * Update debian/bilibop-rules.dirs (remove unneeded initramfs-tools/hooks directory). -- bilibop project Mon, 22 Oct 2012 00:20:33 +0200 bilibop (0.3.6) experimental; urgency=low * bilibop-common: modify common.sh for portability: - device_node_from_major_minor(): replace local path= by dev= (path is an environment variable of zsh, as PATH, but with spaces as separators instead of colons). - underlying_device_from_aufs(): escape equal sign (\=) in a variable subtitution (for compatibility with zsh again). * bilibop-common: modify common.sh to be sure DEBUG is 'true' or 'false'. * bilibop-common: modify physical_hard_disk(). Base the loop on /sys/block/* instead of the content of /proc/partitions. Runs a little bit faster. * bilibop-common: Add support for aufs module parameter 'brs=0'; add aufs_dirs_if_brs0() function, and modify aufs_readonly_branch(), aufs_writable_branch() and aufs_dirs() to use the new one. * bilibop-common: modify _drivemap_volume_size() to use 10 instead of 8 as a limit to display sizes in MB). * bilibop-common: add FSF address in the licence header of common.sh * bilibop-lockfs: use device_nodes() in blacklist_bilibop_devices(). * bilibop-rules: fix typo in lsbilibop(8) french manual page. * Update documentation for bilibop-common (README.Debian, bugs.txt and lvm2.txt), bilibop-lockfs (README.Debian) and bilibop-rules (README.Debian). * debian/control: replace debhelper (>= 9.0.0) by debhelper (>= 9) in the Build-Depends: field. Add "GNU/Linux" in the short description of the bilibop metapackage. * debian/substvars: replace 'Debian' by 'Debian GNU/Linux'; add 'eSATA' in the list of external media. -- bilibop project Tue, 16 Oct 2012 15:58:14 +0200 bilibop (0.3.5) experimental; urgency=low * Fix typos in manpages and add french translations of the manpages. * bilibop-rules: Remove loopback udev rules file and modify bilibop rules file and bilibop_rules_generator to not depend on the BACKING_FILE variable. * bilibop-rules: Rewrite lsbilibop to allow to trigger uevents in a per-action and per-device basis: split -u option (update) to -a (action=add) and -c (action=change) options. Add a short help message in the case BILIBOP udev tag does not exist. Add the DEVLINKS udev property in the info (-i option) output. Relative paths, symlinks and wildcards are now supported in the commandline. * bilibop-rules: Modify lsbilibop manpage to be consistent with the new lsbilibop script. * bilibop-lockfs: Be less restrictive in blacklist_bilibop_devices() when building the 'reject' patterns for lvm.conf filter array: only apply on bilibop Physical Volumes and their symlinks instead of all bilibop block devices and parent directories of their symlinks. Modify and rename overwrite_lvm_conf() to initialize_lvm_conf(). Add BILIBOP_PART variable in the initramfs script. * bilibop-common: Fix drivemap output errors: remove annoying trailing spaces, fix width issues that occured with the -p option. Define the PROG variable and replace all occurencies of ${0##*/} by ${PROG} Fix a missing redirection to stderr when --debug is invoked. * bilibop-common: add device_nodes() function, which is used now in physical_hard_disk() and in lsbilibop script. Fix indentations (expand tabs) in common.sh. * bilibop-common: Add Copyright and Licence as header of lib/bilibop/common.sh, which can be used standalone. * debian/control: fix typo in bilibop-common description. * Remove unneeded executable bit of maintainer scripts and file intended to be installed in /bin and /usr/bin. * Add debian/source.lintian-overrides to override lintian warning message W: bilibop source: newer-standards-version 3.9.4 (current is 3.9.3) -- bilibop project Tue, 09 Oct 2012 00:06:50 +0200 bilibop (0.3.4) experimental; urgency=low * debian/control: bump Standards-Version to 3.9.4; add dependency on initscripts (>= 2.88dfs-13.3) for bilibop-common. Replace versioned dependencies on udev and initramfs-tools by unversioned dependencies; remove versioned dependency on base-files. Replace Vcs-Browser: field by Vcs-Git: field. * lib/bilibop/common.sh: add a test in physical_hard_disk() to avoid possible failures with some partition schemes. Allow parent_device_from_dm() to accept a device basename or its absolute path as argument. * lib/bilibop/lockfs.sh: allow is_encrypted() to treat devices called by their UUID or LABEL as well as their filename. -- bilibop project Sun, 23 Sep 2012 22:58:27 +0200 bilibop (0.3.3) unstable; urgency=low * debian/control: add Vcs-Browser: field. -- bilibop project Tue, 03 Jul 2012 02:59:38 +0200 bilibop (0.3.2) unstable; urgency=low * debian/control: fix indentation errors in bilibop-lockfs description. * bilibop-rules: - postinst: fix an error in the 'udev trigger --sysname-match' argument. - postrm: trigger uevents for block devices owned by the 'disk' group. - prerm: remove custom 66-bilibop.rules when package is purged. -- bilibop project Thu, 21 Jun 2012 00:16:26 +0200 bilibop (0.3.1) unstable; urgency=low * debian/control: in the Suggests: field of bilibop-rules, replace the too specific 'grub2' by a list of alternatives (grub-coreboot, grub-efi-amd64, grub-efi-ia32, grub-ieee1275 and grub-pc). * Add a TODO in bilibop-common, bilibop-rules and bilibop-lockfs. * Include /etc/bilibop/bilibop.conf in the bilibop-common binary package. * Modify scripts and documentation to take into account that there can be more than height loopback devices. * bilibop-rules: - Fix errors on tests in the initramfs script. - Modify grub_device_map_manager to exit with code 0. * bilibop-rules.postinst: trigger uevents for block devices. * bilibop-rules.bilibop.udev and bilibop_rules_generator: import ID_FS_* properties of dm devices in udev database even if udisks is not installed. * bilibop_rules_generator: include a new rule for the case the generated custom rules file is orphaned. -- bilibop project Wed, 20 Jun 2012 01:47:55 +0200 bilibop (0.3.0) unstable; urgency=low * debian/control: - Update Build-depends from debhelper (>= 8.0.0) to debhelper (>= 9.0.0). - Change some dependencies of binary packages to versioned dependencies: udev (>= 167), initramfs-tools (>= 0.99). As for base-files (>= 6.4), this is needed by the use of the /run temporary directory in bilibop functions or scripts. * bilibop-lockfs: modify the initramfs hook: busybox providing its own blockdev builtin, don't add /sbin/blockdev in the initramfs if busybox is added. * extended_partition(): rewrite to avoid direct access on devices (now based on udev instead of blkid), move it from lockfs.sh to common.sh * lockdev_rootdev_tree(): - Rewrite it to avoid direct access on devices. - Rename it blockdev_root_subtree(). * lockfs_mount_helper: - When the fstype registered in /etc/fstab is 'crypt', 'crypt_LUKS' or 'crypto_LUKS', set the mounted mapped device as readonly too (and not only the underlying device) if asked by BILIBOP_LOCKFS_POLICY != soft. - Use LC_ALL=C before the verbose chmod and chown to not depend on the locale and simplify the regexp in sed. * Put the loop used in the initramfs script to parse and modify fstab in the parse_and_modify_fstab() function in lockfs.sh, and call this function in the initramfs script. * Because LVM tools can bypass 'readonly' settings of block devices and reset them as writable, add new functions in lockfs.sh: - blacklist_bilibop_devices(): called from the initramfs script. - overwrite_lvm_conf(): called from the previous one. They are used to disallow management of bilibop (physical and virtual) devices by the lvm commands by filtering them in the temporary lvm.conf. This avoids breakage of bilibop-lockfs 'hard' policy, at least for the root filesystem and its parent devices. * Add a new part (3.1.g) in README.Debian to explain what is done, and why. * bilibop-common: add a reference to http://wiki.debian.org/AdvancedStartupShutdownWithMultilayeredBlockDevices in the documentation. * Add misc/bugs.txt and misc/lvm2.txt in the documentation. * common.sh: remove unneeded command substitution (echo) in the undelying_device_from_loop() function. * New available options in usr/bin/drivemap: - Split --debug to --debug and -x or --set-x - Add -p or --mountpoint to explicitly ask to display mountpoints. - Add -w or --width to control the width of the output. * drivemap.sh: modify _dotline() and _print_line() to include new options. * drivemap.1: add the new options in the manpage. * _drivemap_primary_partitions(): rewrite to use extended_partition(). * Fix some typos, unclear sentences and language errors in debian/control, in the documentation and in the comments of scripts and functions. -- bilibop project Sat, 16 Jun 2012 01:53:41 +0200 bilibop (0.2) unstable; urgency=low * New OpenPGP key. * debian/control: change 'Achitecture: all' to 'Architecture: linux-any' for all binaries. * debian/control: more precise description of the packages, their purposes and features. Add a statement about the required kernel version. * debian/copyright: modify Format field to: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ (Fixes lintian pedantic message). * debian/copyright: change copyright date from 2012 to 2011-2012 for all files except debian/*. * Clean debian/rules. * Add debian/substvars. * bilibop-common: modify functions relative to loop devices and aufs to improve compatibility with LiveUSB systems. * bilibop-lockfs: set the primary extended partition as readonly when the root filesystem is contained into a logical partition that has been set readonly. * bilibop-rules: rewrite initramfs-tools script to not depend on bilibop-common functions. * Rewrite unclear or ambiguous parts of the documentation, and fix typos. * Remove unneeded files from the source. -- bilibop project Fri, 08 Jun 2012 01:48:59 +0200 bilibop (0.1) unstable; urgency=low * Initial Release (Closes: #675467). -- bilibop project Fri, 01 Jun 2012 00:06:51 +0200 bilibop-0.4.20/debian/rules0000755000000000000000000000127012165414757012421 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ # This is mandatory; see po-debconf(7). override_dh_clean: debconf-updatepo --msgid-bugs-address="quidame@poivron.org" dh_clean # bilibop rules must be triggered after 60-persistent-storage*.rules. override_dh_installudev: dh_installudev --noscripts --priority=66 --name=bilibop # We need to manage some debconf stuff ourselves in the postrm script. override_dh_installdebconf: dh_installdebconf --noscripts # Include the same text at the beginning of the extended description of # each package, and the same requirement at the end. override_dh_gencontrol: dh_gencontrol -- -Tdebian/substvars bilibop-0.4.20/debian/bilibop-udev.postrm0000644000000000000000000000175112244114406015156 0ustar #!/bin/sh set -e case "${1}" in purge|remove) # Trigger uevents for external, physical block devices owned by # 'disk' group. if [ -f /etc/udev/udev.conf ]; then . /etc/udev/udev.conf fi udev_root="${udev_root:-/dev}" udev_root="${udev_root%/}" if [ -d /sys/block -a -c ${udev_root}/null ] && invoke-rc.d udev status >${udev_root}/null 2>&1; then opt= for dev in $(ls /sys/block | grep -Ev '^(loop|dm-)'); do udevadm info --attribute-walk --name ${dev} | grep -Eq '^[[:blank:]]*SUBSYSTEMS=="(usb|firewire|memstick|mmc)"' || continue ls -l ${udev_root}/${dev} | grep -Eq '^([^[:blank:]]+[[:blank:]]+){3}disk\s' || continue opt="${opt} --sysname-match=${dev}*" done [ -z "${opt}" ] || udevadm trigger ${opt} fi ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/bilibop-lockfs.dirs0000644000000000000000000000023012165414757015116 0ustar etc/xdg/autostart lib/bilibop usr/share/initramfs-tools/hooks usr/share/initramfs-tools/scripts/init-top usr/share/initramfs-tools/scripts/local-bottom bilibop-0.4.20/debian/po/0000755000000000000000000000000012252356421011745 5ustar bilibop-0.4.20/debian/po/ja.po0000644000000000000000000004057212244077751012716 0ustar # Japanese translation of bilibop's debconf templates. # This file is distributed under the same license as the bilibop package. # victory , 2013. # msgid "" msgstr "" "Project-Id-Version: bilibop 0.4.17\n" "Report-Msgid-Bugs-To: quidame@poivron.org\n" "POT-Creation-Date: 2013-11-23 10:14+0000\n" "PO-Revision-Date: 2013-10-10 22:37+0900\n" "Last-Translator: victory \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "Do you intend to install bilibop-rules on a Live System ?" msgstr "bilibop-rules を Live システムにインストールしようとしていますか?" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "Some bilibop-rules settings can be useful on non-volatile Operating Systems, " "when running from a removable and writable media (USB sticks, external HDD " "or SD cards); but they are currently useless or even harmful for LiveCD or " "LiveUSB systems." msgstr "" "一部の bilibop-rules 設定は不揮発性のオペレーティングシステム上で、脱着可能で" "書き込み可能なメディア (USB メモリや外部 HDD、SD カード等) から実行した場合に" "有用ですが、現在 LiveCD や LiveUSB システムでは無意味、あるいは有害でさえある" "かもしれません。" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "If you choose this option, no other question will be asked; bilibop udev " "rules will be applied but nothing else will be modified on your system. Note " "that in that case, this package is overkill and you should probably replace " "it by the lighter but as much as efficient bilibop-udev package." msgstr "" "このオプションを選択した場合、他の質問は行われません。bilibop udev 規則が適用" "されますが、他には一切システムを変更しません。その場合このパッケージを使うの" "はやりすぎで、もっと軽く効率的な bilibop-udev パッケージに恐らく置き換えるべ" "きだということに注意してください。" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "Do you want to use custom bilibop rules and build them now ?" msgstr "独自の bilibop 規則を使ってここでビルドしますか?" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "If tens of removable media are plugged on the computer your system boots " "from, bilibop udev rules can significantly increase boot time. This can be " "avoided by using custom udev rules, which are specific to the device your " "system is installed on." msgstr "" "システムをブートするコンピュータに多くの脱着可能メディアが接続されている場" "合、bilibop udev 規則が原因でブートにかかる時間が著しく増加する可能性がありま" "す。これはシステムがインストールされている機器について専用の udev 規則を使っ" "て避けることができます。" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "That said, if this device can boot from different hardware port types (as " "USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), you should check the resulting " "rules by booting your system on the alternative port type, and if necessary " "by running 'dpkg-reconfigure bilibop-rules' again with proper options, or " "even by editing '/etc/udev/rules.d/66-bilibop.rules'." msgstr "" "これはこの機器が異なる種類のハードウェアポート (USB/Firewire や USB/eSATA、" "USB/MMC/SD 等) からブートできる場合、別のポートからシステムをブートしてできた" "規則を、必要であれば適切なオプションを付けて「dpkg-reconfigure bilibop-" "rules」を再び実行、あるいは「/etc/udev/rules.d/66-bilibop.rules」を編集するこ" "とで確認すべきだということです。" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "keep existing custom rules" msgstr "既存の独自規則を維持" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "rebuild custom rules" msgstr "独自規則を再ビルド" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "remove custom rules" msgstr "独自規則を削除" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "What do you want to do with your custom rules ?" msgstr "独自規則をどうしますか?" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "The file '/etc/udev/rules.d/66-bilibop.rules' exists. It is specific to the " "drive on which your system is installed and overrides the one, more generic, " "that is provided by the bilibop-rules package (in '/lib/udev/rules.d')." msgstr "" "ファイル「/etc/udev/rules.d/66-bilibop.rules」が存在します。これはシステムが" "インストールされているドライブに特有の規則で、bilibop-rules パッケージにより" "提供される、(「/lib/udev/rules.d」にある) もっと一般的なものを上書きします。" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "If the device hosting the running system is able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD-card, etc.), you " "should boot it from the alternative port type and check if your custom rules " "work fine in all cases. In the doubt, you should remove the custom rules " "file." msgstr "" "実行しているシステムのホストとなっている機器が異なる種類のハードウェアポート " "(USB/Firewire や USB/eSATA、USB/MMC/SDカード等) からブートできる場合、別の種" "類のポートからブートして、作成した独自規則があらゆる状況でうまく動作するか確" "認すべきです。疑わしい場合は独自規則を削除すべきです。" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "Options to pass to the bilibop rules generator:" msgstr "bilibop 規則生成器に渡すオプション:" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "Possible options you can pass to the bilibop rules generator are the " "followings:" msgstr "bilibop 規則生成器に渡せるオプションは以下の通りです:" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "The two first ones cannot be mixed; for example, '-a model,serial' is not a " "valid option; use '-a model -e ID_SERIAL' instead. In the doubt, you should " "probably set it to an empty string (defaults to '-a manufacturer,product," "serial')." msgstr "" "最初の2つを1つに合わせることはできません。例えば「-a model,serial」は正しいオ" "プションではありません。代わりに「-a model -e ID_SERIAL」とします。迷ったとき" "は恐らく空白文字列をセットすべきです (デフォルトは「-a manufacturer,product," "serial」です)。" #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "Options given to the bilibop rules generator seem to be invalid." msgstr "bilibop 規則生成器に渡したオプションが正しくないようです。" #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "" "You can go back by hitting the key and then modify the options. " "Otherwise, the custom rules file '/etc/udev/rules.d/66-bilibop.rules' will " "not be written." msgstr "" " キーを押して戻り、オプションを変更してください。変更しない場合は独自規" "則ファイル「/etc/udev/rules.d/66-bilibop.rules」は書き込まれません。" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:6001 ../bilibop-rules.templates:7001 msgid "The following device(s) still belong to floppy group:" msgstr "以下の機器はまだフロッピーグループに属しています:" #. Type: error #. Description #: ../bilibop-rules.templates:6001 msgid "You should rewrite or remove your custom rules file:" msgstr "以下の独自規則ファイルを書き換えるか削除すべきです:" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "Internal error" msgstr "内部エラー" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "You should send a bug report to the maintainer of the package." msgstr "パッケージのメンテナにバグ報告を送ってください。" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "the existing one" msgstr "既存のデバイスマップを選択" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static device map (not recommended)" msgstr "静的デバイスマップ (非推奨)" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static fake device map" msgstr "静的、偽デバイスマップ" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamic fake device map" msgstr "動的、偽デバイスマップ" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamically updated device map" msgstr "動的に更新したデバイスマップ" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "What kind of GRUB device map do you want to use ?" msgstr "どの種類の GRUB デバイスマップを使いますか?" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "The '/boot/grub/device.map' file can store obsolete information. In some " "cases, this can lead to failures when the GRUB bootloader menu is updated. " "To avoid that, it is possible to replace the device map by a fake one, " "mapping only the physical drive hosting your system; or by a link to a " "temporary file, which may be created either at boot time with a fake " "content, or on demand with an updated content." msgstr "" "「/boot/grub/device.map」ファイルには古くなった情報を残しておくことができま" "す。状況によってはこれが GRUB ブートローダのメニュー更新時の失敗につながる可" "能性があります。それを避けるため、システムのホストとなっている実際のドライブ" "の割り当てだけを記述した、偽のデバイスマップに置き換える、あるいは一時ファイ" "ルをブート時に偽の内容によりまたは更新した内容をオンデマンドにより作成し、そ" "の一時ファイルへのリンクを作成することができます。" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "If your external system is embedded on a device able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), it is not " "recommended to use a static device map. The dynamic fake device map should " "work in all cases." msgstr "" "外部システムが異なる種類のハードウェアポート (USB/Firewire や USB/eSATA、USB/" "MMC/SD 等) からブートできるデバイスに組み込まれている場合、静的デバイスマップ" "を使うことは勧めません。どの場合でも動的な偽のデバイスマップが機能するはずで" "す。" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "keep them in their current state" msgstr "現在の状態を維持" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent cd rules only" msgstr "cd 規則だけを維持しないようにする" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent net rules only" msgstr "net 規則だけを維持しないようにする" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent rules for all (recommended)" msgstr "規則を全て維持しないようにする (推奨)" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make persistent rules for all" msgstr "規則を全て維持するようにする" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "What persistent rules do you want to make unpersistent ?" msgstr "どの規則を維持しないようにしますか?" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "Some udev rules files can store information about components of the computer " "your system is plugged on:" msgstr "" "udev 規則ファイルの一部には、システムが接続しているコンピュータの構成要素につ" "いての情報を残しておけるものがあります:" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "These files are cumulative and can store obsolete information, possibly " "leading to unexpected behaviour of your network manager or CD burner " "application. It is possible to replace them by symlinks to temporary files " "to keep them always up to date. Note that it is possible to do or undo that " "at any time by running" msgstr "" "こういった古くなった情報を残しておけるファイルが貯まっていくことで、ネット" "ワーク管理プログラムやCD書き込みアプリケーションの予期しない挙動につながる可" "能性があります。一時ファイルへのシンボリックリンクに置き換えることで常に最新" "を保つことができるようになります。以下を実行することでいつでも実行や差し戻し" "ができることに注意してください。" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "Do you want to hide Physical Volumes your system does not need ?" msgstr "システムに必要のない物理ボリュームを非表示にしますか?" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "It seems that the drive on which your system is installed contains Logical " "Volumes. It is possible to set LVM to activate only the Physical Volumes " "that your system needs. This can mainly avoid name conflicts between the " "Volumes used by your system and those that could be found on internal or " "external drives plugged on the same computer." msgstr "" "システムがインストールされているドライブには論理ボリュームが収録されているよ" "うです。システムに必要な物理ボリュームだけを有効化するように LVM を設定するこ" "とができます。これにより、システムがインストールされているドライブと、同一の" "コンピュータに接続した内部及び外部ドライブとの間で、利用しているボリュームの" "名前が競合することを主に避けられます。" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "If you choose to use this feature, this will overwrite '/etc/lvm/lvm.conf', " "and you should read 'README.Debian' in the documentation of the package. " "Otherwise, you can do it later with" msgstr "" "この機能の利用を選択すると「/etc/lvm/lvm.conf」を上書きします。パッケージ付属" "文書の「README.Debian」を読むようにしてください。後で読んでも構いません。" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "Physical Volumes Filter will not be applied." msgstr "物理ボリュームのフィルタは適用されません。" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "Probably due to an error in '66-bilibop.rules', the following device(s) have " "not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev:" msgstr "" "恐らく「66-bilibop.rules」中の誤りのため、以下のデバイスには udev により" "「BILIBOP」というタグが付けられていないか udev により管理される有効なシンボ" "リックリンクがありません:" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "This means some variables in '/etc/lvm/lvm.conf' will be left or reset to " "their initial values:" msgstr "" "これは「/etc/lvm/lvm.conf」中の設定値の一部がそのままにされるか初期値にリセッ" "トされるということです:" bilibop-0.4.20/debian/po/templates.pot0000644000000000000000000002272512244077751014506 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: quidame@poivron.org\n" "POT-Creation-Date: 2013-11-23 10:14+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "Do you intend to install bilibop-rules on a Live System ?" msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "Some bilibop-rules settings can be useful on non-volatile Operating Systems, " "when running from a removable and writable media (USB sticks, external HDD " "or SD cards); but they are currently useless or even harmful for LiveCD or " "LiveUSB systems." msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "If you choose this option, no other question will be asked; bilibop udev " "rules will be applied but nothing else will be modified on your system. Note " "that in that case, this package is overkill and you should probably replace " "it by the lighter but as much as efficient bilibop-udev package." msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "Do you want to use custom bilibop rules and build them now ?" msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "If tens of removable media are plugged on the computer your system boots " "from, bilibop udev rules can significantly increase boot time. This can be " "avoided by using custom udev rules, which are specific to the device your " "system is installed on." msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "That said, if this device can boot from different hardware port types (as " "USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), you should check the resulting " "rules by booting your system on the alternative port type, and if necessary " "by running 'dpkg-reconfigure bilibop-rules' again with proper options, or " "even by editing '/etc/udev/rules.d/66-bilibop.rules'." msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "keep existing custom rules" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "rebuild custom rules" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "remove custom rules" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "What do you want to do with your custom rules ?" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "The file '/etc/udev/rules.d/66-bilibop.rules' exists. It is specific to the " "drive on which your system is installed and overrides the one, more generic, " "that is provided by the bilibop-rules package (in '/lib/udev/rules.d')." msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "If the device hosting the running system is able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD-card, etc.), you " "should boot it from the alternative port type and check if your custom rules " "work fine in all cases. In the doubt, you should remove the custom rules " "file." msgstr "" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "Options to pass to the bilibop rules generator:" msgstr "" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "Possible options you can pass to the bilibop rules generator are the " "followings:" msgstr "" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "The two first ones cannot be mixed; for example, '-a model,serial' is not a " "valid option; use '-a model -e ID_SERIAL' instead. In the doubt, you should " "probably set it to an empty string (defaults to '-a manufacturer,product," "serial')." msgstr "" #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "Options given to the bilibop rules generator seem to be invalid." msgstr "" #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "" "You can go back by hitting the key and then modify the options. " "Otherwise, the custom rules file '/etc/udev/rules.d/66-bilibop.rules' will " "not be written." msgstr "" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:6001 ../bilibop-rules.templates:7001 msgid "The following device(s) still belong to floppy group:" msgstr "" #. Type: error #. Description #: ../bilibop-rules.templates:6001 msgid "You should rewrite or remove your custom rules file:" msgstr "" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "Internal error" msgstr "" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "You should send a bug report to the maintainer of the package." msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "the existing one" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static device map (not recommended)" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static fake device map" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamic fake device map" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamically updated device map" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "What kind of GRUB device map do you want to use ?" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "The '/boot/grub/device.map' file can store obsolete information. In some " "cases, this can lead to failures when the GRUB bootloader menu is updated. " "To avoid that, it is possible to replace the device map by a fake one, " "mapping only the physical drive hosting your system; or by a link to a " "temporary file, which may be created either at boot time with a fake " "content, or on demand with an updated content." msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "If your external system is embedded on a device able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), it is not " "recommended to use a static device map. The dynamic fake device map should " "work in all cases." msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "keep them in their current state" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent cd rules only" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent net rules only" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent rules for all (recommended)" msgstr "" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make persistent rules for all" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "What persistent rules do you want to make unpersistent ?" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "Some udev rules files can store information about components of the computer " "your system is plugged on:" msgstr "" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "These files are cumulative and can store obsolete information, possibly " "leading to unexpected behaviour of your network manager or CD burner " "application. It is possible to replace them by symlinks to temporary files " "to keep them always up to date. Note that it is possible to do or undo that " "at any time by running" msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "Do you want to hide Physical Volumes your system does not need ?" msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "It seems that the drive on which your system is installed contains Logical " "Volumes. It is possible to set LVM to activate only the Physical Volumes " "that your system needs. This can mainly avoid name conflicts between the " "Volumes used by your system and those that could be found on internal or " "external drives plugged on the same computer." msgstr "" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "If you choose to use this feature, this will overwrite '/etc/lvm/lvm.conf', " "and you should read 'README.Debian' in the documentation of the package. " "Otherwise, you can do it later with" msgstr "" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "Physical Volumes Filter will not be applied." msgstr "" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "Probably due to an error in '66-bilibop.rules', the following device(s) have " "not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev:" msgstr "" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "This means some variables in '/etc/lvm/lvm.conf' will be left or reset to " "their initial values:" msgstr "" bilibop-0.4.20/debian/po/pt.po0000644000000000000000000003702312244077751012744 0ustar # Translation of bilibop's debconf messages to european portuguese # This file is distributed under the same license as the bilibop package. # Américo Monteiro , 2013. # msgid "" msgstr "" "Project-Id-Version: bilibop 0.4.19\n" "Report-Msgid-Bugs-To: quidame@poivron.org\n" "POT-Creation-Date: 2013-11-23 10:14+0000\n" "PO-Revision-Date: 2013-11-20 00:19+0000\n" "Last-Translator: Américo Monteiro \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Lokalize 1.4\n" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "Do you intend to install bilibop-rules on a Live System ?" msgstr "Pretende instalar bilibop-rules num Sistema Live?" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "Some bilibop-rules settings can be useful on non-volatile Operating Systems, " "when running from a removable and writable media (USB sticks, external HDD " "or SD cards); but they are currently useless or even harmful for LiveCD or " "LiveUSB systems." msgstr "" "Algumas definições do bilibop-rules pode ser úteis em Sistemas Operativos " "não-voláteis, quando correm a partir de uma media amovível e possível de " "escrita (canetas USB, HDD externo ou cartões SD); mas são presentemente " "inúteis e até prejudiciais para sistemas LiveCD ou LiveUSB." #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "If you choose this option, no other question will be asked; bilibop udev " "rules will be applied but nothing else will be modified on your system. Note " "that in that case, this package is overkill and you should probably replace " "it by the lighter but as much as efficient bilibop-udev package." msgstr "" "Se escolher esta opção, não lhe serão feitas mais perguntas; as regras de " "udev do bilibop serão aplicadas mas mais nada será modificado no seu " "sistema. Note que nesse caso, este pacote é exagerado e você deverá " "provavelmente substituí-lo pelo mais leve mas também eficiente pacote " "bilibop-udev." #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "Do you want to use custom bilibop rules and build them now ?" msgstr "Deseja usar regras do bilibop personalizadas e construí-las agora?" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "If tens of removable media are plugged on the computer your system boots " "from, bilibop udev rules can significantly increase boot time. This can be " "avoided by using custom udev rules, which are specific to the device your " "system is installed on." msgstr "" "Se existirem itens de media amovível ligados ao computador de onde o seu " "sistema arranca, as regras udev do bilibop podem aumentar significativamente " "o tempo de arranque. Isto pode ser evitado ao usar regras udev " "personalizadas, as quais são específicas para o dispositivo onde o seu " "sistema está instalado." #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "That said, if this device can boot from different hardware port types (as " "USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), you should check the resulting " "rules by booting your system on the alternative port type, and if necessary " "by running 'dpkg-reconfigure bilibop-rules' again with proper options, or " "even by editing '/etc/udev/rules.d/66-bilibop.rules'." msgstr "" "Quer isto dizer, se este dispositivo poder arrancar a partir tipos de porto " "de hardware diferentes (como USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), " "você deve verificar as regras resultantes ao arrancar o seu sistema no tipo " "de porto alternativo, e se necessário ao correr de novo 'dpkg-reconfigure " "bilibop-rules' com as opções apropriadas, ou até mesmo editar '/etc/udev/" "rules.d/66-bilibop.rules'." #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "keep existing custom rules" msgstr "manter as regras personalizadas existentes" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "rebuild custom rules" msgstr "reconstruir regras personalizadas" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "remove custom rules" msgstr "remover as regras personalizadas" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "What do you want to do with your custom rules ?" msgstr "O que deseja fazer com as suas regras personalizadas?" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "The file '/etc/udev/rules.d/66-bilibop.rules' exists. It is specific to the " "drive on which your system is installed and overrides the one, more generic, " "that is provided by the bilibop-rules package (in '/lib/udev/rules.d')." msgstr "" "O ficheiro '/etc/udev/rules.d/66-bilibop.rules' existe. é específico para a " "drive no qual o seu sistema esta instalado e sobrepõe-se ao mais genérico " "que é fornecido pelo pacote bilibop-rules (em '/lib/udev/rules.d')." #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "If the device hosting the running system is able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD-card, etc.), you " "should boot it from the alternative port type and check if your custom rules " "work fine in all cases. In the doubt, you should remove the custom rules " "file." msgstr "" "Se o dispositivo que alberga o sistema que está em funcionamento é capaz de " "arrancar a partir de tipos de portos de hardware diferentes (USB/Firewire, " "USB/eSATA, USB/MMC/SD-card, etc.), você deve arrancá-lo a partir do tipo de " "porto alternativo e verificar se as suas regras personalizadas funcionam bem " "em todos os casos. Em caso de dúvidas, deverá remover o ficheiro de regras " "personalizadas." #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "Options to pass to the bilibop rules generator:" msgstr "Opções a passar ao gerador de regras do bilibop:" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "Possible options you can pass to the bilibop rules generator are the " "followings:" msgstr "" "As opções possíveis que você pode passar a gerador de regras do bilibop são " "as seguintes:" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "The two first ones cannot be mixed; for example, '-a model,serial' is not a " "valid option; use '-a model -e ID_SERIAL' instead. In the doubt, you should " "probably set it to an empty string (defaults to '-a manufacturer,product," "serial')." msgstr "" "As duas primeiras não podem ser misturadas; por exemplo, '-a model,serial' " "não é uma opção válida; ao invés use '-a model -e ID_SERIAL'. Em caso de " "dúvidas, deverá provavelmente definir uma string vazia (por predefinição " "fica '-a manufacturer,product,serial')." #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "Options given to the bilibop rules generator seem to be invalid." msgstr "" "As opções fornecidas ao gerador de regras do bilibop parecem ser inválidas." #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "" "You can go back by hitting the key and then modify the options. " "Otherwise, the custom rules file '/etc/udev/rules.d/66-bilibop.rules' will " "not be written." msgstr "" "Você pode regressar ao carregar na tecla e depois modificar as " "opções. Caso contrário, o ficheiro de regras personalizadas '/etc/udev/rules." "d/66-bilibop.rules' não será escrito." #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:6001 ../bilibop-rules.templates:7001 msgid "The following device(s) still belong to floppy group:" msgstr "Os seguintes dispositivo(s) ainda pertencem ao grupo floppy:" #. Type: error #. Description #: ../bilibop-rules.templates:6001 msgid "You should rewrite or remove your custom rules file:" msgstr "" "Você deve reescrever ou remover o seu ficheiro de regras personalizadas:" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "Internal error" msgstr "Erro interno" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "You should send a bug report to the maintainer of the package." msgstr "Você deve enviar um relatório de bug para o responsável do pacote." #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "the existing one" msgstr "o existente" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static device map (not recommended)" msgstr "um mapa de dispositivos estático (não recomendado)" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static fake device map" msgstr "um mapa de dispositivos falso estático" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamic fake device map" msgstr "um mapa de dispositivos falso dinâmico" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamically updated device map" msgstr "um mapa de dispositivos actualizado dinamicamente" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "What kind of GRUB device map do you want to use ?" msgstr "Que tipo de mapa de dispositivos do GRUB deseja usar?" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "The '/boot/grub/device.map' file can store obsolete information. In some " "cases, this can lead to failures when the GRUB bootloader menu is updated. " "To avoid that, it is possible to replace the device map by a fake one, " "mapping only the physical drive hosting your system; or by a link to a " "temporary file, which may be created either at boot time with a fake " "content, or on demand with an updated content." msgstr "" "O ficheiro '/boot/grub/device.map' pode armazenar informação obsoleta. Em " "alguns casos, isto pode levar a falhas quando o menu bootloader do GRUB é " "actualizado. Para evitar isso, é possível substituir o mapa de dispositivos " "por um outro falso, que mapeia apenas a drive física que alberga o seu " "sistema; ou por um link para um ficheiro temporário, o qual pode ser criado " "ou durante o arranque com um conteúdo falso, ou a pedido com um conteúdo " "actualizado." #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "If your external system is embedded on a device able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), it is not " "recommended to use a static device map. The dynamic fake device map should " "work in all cases." msgstr "" "Se o seu sistema externo está embebido num dispositivo capaz de arrancar a " "partir de diferentes tipos de portos de hardware (USB/Firewire, USB/eSATA, " "USB/MMC/SD, etc.), não é recomendado usar um mapa de dispositivos estático. " "O mapa de dispositivos falso e dinâmico deverá funcionar em todos os casos." #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "keep them in their current state" msgstr "manter-los no seu estado actual" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent cd rules only" msgstr "criar apenas regras de cd não persistentes" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent net rules only" msgstr "criar apenas regras de rede não persistentes" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent rules for all (recommended)" msgstr "criar regras não persistentes para todos (recomendado)" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make persistent rules for all" msgstr "criar regras persistentes para todos" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "What persistent rules do you want to make unpersistent ?" msgstr "Quais regras persistentes deseja tornar \"não persistentes\" ?" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "Some udev rules files can store information about components of the computer " "your system is plugged on:" msgstr "" "Alguns ficheiros de regras do udev podem armazenar informação acerca de " "componentes do computador onde o seu sistema está ligado:" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "These files are cumulative and can store obsolete information, possibly " "leading to unexpected behaviour of your network manager or CD burner " "application. It is possible to replace them by symlinks to temporary files " "to keep them always up to date. Note that it is possible to do or undo that " "at any time by running" msgstr "" "Estes ficheiros são cumulativos e podem armazenar informação obsoleta, " "levando possivelmente a comportamentos não esperados das suas aplicações de " "gestão de rede ou gravação de CD. É possível substituí-los por links " "simbólicos para ficheiros temporários para os manter sempre actualizados. " "Note que é possível fazê-lo ou desfazê-lo a qualquer altura ao correr" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "Do you want to hide Physical Volumes your system does not need ?" msgstr "Deseja esconder os Volumes Físicos que o seu sistema não precisa?" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "It seems that the drive on which your system is installed contains Logical " "Volumes. It is possible to set LVM to activate only the Physical Volumes " "that your system needs. This can mainly avoid name conflicts between the " "Volumes used by your system and those that could be found on internal or " "external drives plugged on the same computer." msgstr "" "Parece que a drive onde o seu sistema está instalado contem Volumes Lógicos. " "É possível configurar o LVM para activar apenas os Volumes Físicos de que o " "seu sistema precisa. Isto pode principalmente evitar conflitos de nomes " "entre os Volumes usados pelo seu sistema e aqueles que poderão ser " "encontrados em drives internas ou externas ligadas ao mesmo computador." #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "If you choose to use this feature, this will overwrite '/etc/lvm/lvm.conf', " "and you should read 'README.Debian' in the documentation of the package. " "Otherwise, you can do it later with" msgstr "" "Se escolher usar esta funcionalidade, isto vai sobrescrever '/etc/lvm/lvm." "conf', e você deve ler 'README.Debian' na documentação do pacote. Caso " "contrário, pode fazê-lo mais tarde com" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "Physical Volumes Filter will not be applied." msgstr "O Filtro de Volumes Físicos não será aplicado." #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "Probably due to an error in '66-bilibop.rules', the following device(s) have " "not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev:" msgstr "" "Provavelmente devido a um erro em '66-bilibop.rules', os seguintes " "dispositivo(s) não foram etiquetados 'BILIBOP' pelo udev, ou não têm um link " "simbólico utilizável gerido pelo udev:" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "This means some variables in '/etc/lvm/lvm.conf' will be left or reset to " "their initial values:" msgstr "" "Isto significa que algumas variáveis em '/etc/lvm/lvm.conf' serão " "abandonadas ou reiniciadas para os seus valores iniciais:" bilibop-0.4.20/debian/po/POTFILES.in0000644000000000000000000000006212165414757013532 0ustar [type: gettext/rfc822deb] bilibop-rules.templates bilibop-0.4.20/debian/po/it.po0000644000000000000000000003662612244077751012745 0ustar # Italian translation of bilibop debconf messages. # This file is distributed under the same license as the bilibop package. # Beatrice Torracca , 2013. # msgid "" msgstr "" "Project-Id-Version: bilibop 0.4.12\n" "Report-Msgid-Bugs-To: quidame@poivron.org\n" "POT-Creation-Date: 2013-11-23 10:14+0000\n" "PO-Revision-Date: 2013-10-19 18:47+0200\n" "Last-Translator: Beatrice Torracca \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Virtaal 0.7.1\n" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "Do you intend to install bilibop-rules on a Live System ?" msgstr "Si ha intenzione di installare bilibop-rules su un sistema Live?" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "Some bilibop-rules settings can be useful on non-volatile Operating Systems, " "when running from a removable and writable media (USB sticks, external HDD " "or SD cards); but they are currently useless or even harmful for LiveCD or " "LiveUSB systems." msgstr "" "Alcune impostazioni di bilibop-rules possono essere utili su sistemi " "operativi non volatili, quando in esecuzione da un supporto rimovibile e " "scrivibile (pennine USB, hard-disc esterni o schede SD); sono però " "attualmente inutili, o persino pericolose, per sistemi LiveCD o LiveUSB." #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "If you choose this option, no other question will be asked; bilibop udev " "rules will be applied but nothing else will be modified on your system. Note " "that in that case, this package is overkill and you should probably replace " "it by the lighter but as much as efficient bilibop-udev package." msgstr "" "Se si sceglie questa opzione, non verranno poste altre domande; le regole " "udev di bilibop saranno applicate, ma nient'altro sarà modificato sul " "sistema. Notare che in tale caso, questo pacchetto è sovradimensionato e si " "dovrebbe probabilmente sostituirlo con il pacchetto bilibop-udev, più " "leggero ma altrettanto efficiente." #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "Do you want to use custom bilibop rules and build them now ?" msgstr "Usare le regole bilipop personalizzate e crearle ora?" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "If tens of removable media are plugged on the computer your system boots " "from, bilibop udev rules can significantly increase boot time. This can be " "avoided by using custom udev rules, which are specific to the device your " "system is installed on." msgstr "" "Se nel computer da cui si avvia il sistema vengono inserite decine di " "supporti rimovibili, le regole udev di bilibop possono aumentare " "considerevolmente il tempo di avvio. Ciò può essere evitato usando regole " "udev personalizzate che sono specifiche per il dispositivo su cui è " "installato il proprio sistema." #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "That said, if this device can boot from different hardware port types (as " "USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), you should check the resulting " "rules by booting your system on the alternative port type, and if necessary " "by running 'dpkg-reconfigure bilibop-rules' again with proper options, or " "even by editing '/etc/udev/rules.d/66-bilibop.rules'." msgstr "" "Detto questo, se tale dispositivo può fare l'avvio da diversi tipi di porte " "hardware (come USB/Firewire, USB/eSATA, USB/MMC/SD, ecc.), controllare le " "regole risultanti avviando il sistema sul tipo alternativo di porta e, se " "necessario, eseguendo nuovamente «dpkg-reconfigure bilibop-rules» con le " "opzioni appropriate o anche modificando «/etc/udev/rules.d/66-bilibop.rules»." #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "keep existing custom rules" msgstr "mantenere le regole personalizzate esistenti" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "rebuild custom rules" msgstr "ricreare le regole personalizzate" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "remove custom rules" msgstr "rimuovere le regole personalizzate" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "What do you want to do with your custom rules ?" msgstr "Cosa si desidera fare con le regole personalizzate?" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "The file '/etc/udev/rules.d/66-bilibop.rules' exists. It is specific to the " "drive on which your system is installed and overrides the one, more generic, " "that is provided by the bilibop-rules package (in '/lib/udev/rules.d')." msgstr "" "Il file «/etc/udev/rules.d/66-bilibop.rules» esiste. È specifico per l'unità " "su cui è installato il sistema e sovrascrive quello, più generico, che è " "fornito dal pacchetto bilibop-rules (in «/lib/udev/rules.d»)." #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "If the device hosting the running system is able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD-card, etc.), you " "should boot it from the alternative port type and check if your custom rules " "work fine in all cases. In the doubt, you should remove the custom rules " "file." msgstr "" "Se il dispositivo che ospita il sistema in esecuzione è in grado di avviarsi " "da diversi tipi di porte hardware (USB/Firewire, USB/eSATA, USB/MMC/SD-card, " "ecc.), lo si dovrebbe avviare dal tipo di porta alternativo e controllare " "che le regole personalizzate funzionino bene in tutti i casi. Se in dubbio, " "rimuovere il file delle regole personalizzate." #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "Options to pass to the bilibop rules generator:" msgstr "Opzioni da passare al generatore di regole di bilipop:" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "Possible options you can pass to the bilibop rules generator are the " "followings:" msgstr "" "Le opzioni che è possibile passare al generatore di regole di bilibop sono " "le seguenti:" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "The two first ones cannot be mixed; for example, '-a model,serial' is not a " "valid option; use '-a model -e ID_SERIAL' instead. In the doubt, you should " "probably set it to an empty string (defaults to '-a manufacturer,product," "serial')." msgstr "" "Le prime due non possono essere usate insieme; per esempio, «-a model," "serial» non è un'opzione valida, usare invece «-a model -e ID_SERIAL». Se in " "dubbio, probabilmente si dovrebbe impostarla ad una stringa vuota (usa il " "valore predefinito «-a manufacturer,product,serial»)." #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "Options given to the bilibop rules generator seem to be invalid." msgstr "" "Le opzioni fornite al generatore di regole di bilibop sembrano essere non " "valide." #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "" "You can go back by hitting the key and then modify the options. " "Otherwise, the custom rules file '/etc/udev/rules.d/66-bilibop.rules' will " "not be written." msgstr "" "Si può tornare indietro premendo il tasto e poi modificare le opzioni. " "Altrimenti il file delle regole presonalizzate «/etc/udev/rules.d/66-bilibop." "rules» non verrà scritto." #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:6001 ../bilibop-rules.templates:7001 msgid "The following device(s) still belong to floppy group:" msgstr "I seguenti device appartengono ancora al gruppo floppy:" #. Type: error #. Description #: ../bilibop-rules.templates:6001 msgid "You should rewrite or remove your custom rules file:" msgstr "" "Si dovrebbe riscrivere o rimuovere il proprio file di regole personalizzate:" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "Internal error" msgstr "Errore interno" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "You should send a bug report to the maintainer of the package." msgstr "" "Si dovrebbe inviare una segnalazione di bug al manutentore del pacchetto." #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "the existing one" msgstr "quella esistente" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static device map (not recommended)" msgstr "una mappa di device statica (non raccomandato)" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static fake device map" msgstr "una falsa mappa di device statica" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamic fake device map" msgstr "una falsa mappa di device dinamica" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamically updated device map" msgstr "una mappa di device aggiornata dinamicamente" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "What kind of GRUB device map do you want to use ?" msgstr "Quale tipo di mappa di device di GRUB usare?" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "The '/boot/grub/device.map' file can store obsolete information. In some " "cases, this can lead to failures when the GRUB bootloader menu is updated. " "To avoid that, it is possible to replace the device map by a fake one, " "mapping only the physical drive hosting your system; or by a link to a " "temporary file, which may be created either at boot time with a fake " "content, or on demand with an updated content." msgstr "" "Il file «/boot/grub/device.map» può archiviare informazioni obsolete. In " "alcuni casi ciò può portare a problemi quando il menu del bootloader GRUB " "viene aggiornato. Per evitare ciò, è possibile sostituire la mappa di device " "con una falsa che mappa solo l'unità fisica che ospita il proprio sistema, " "oppure con un collegamento ad un file temporaneo che può essere creato " "all'avvio con un contenuto falso o a richiesta con un contenuto aggiornato." #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "If your external system is embedded on a device able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), it is not " "recommended to use a static device map. The dynamic fake device map should " "work in all cases." msgstr "" "Se il sistema esterno è incorporato in un dispositivo capace di avviarsi da " "diversi tipi di porte hardware (USB/Firewire, USB/eSATA, USB/MMC/SD, ecc.) " "l'uso di una mappa di device statica non è raccomandato. La falsa mappa di " "device dinamica dovrebbe funzionare in tutti i casi." #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "keep them in their current state" msgstr "mantenerle nel loro stato attuale" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent cd rules only" msgstr "creare regole non persistenti solo per i CD" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent net rules only" msgstr "creare regole non persistenti solo per la rete" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent rules for all (recommended)" msgstr "creare regole non persistenti per tutto (raccomandato)" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make persistent rules for all" msgstr "creare regole persistenti per tutto" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "What persistent rules do you want to make unpersistent ?" msgstr "Quali regole persistenti si desidera rendere non persistenti?" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "Some udev rules files can store information about components of the computer " "your system is plugged on:" msgstr "" "Alcuni file di regole di udev possono contenere informazioni su componenti " "del computer a cui è connesso il sistema:" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "These files are cumulative and can store obsolete information, possibly " "leading to unexpected behaviour of your network manager or CD burner " "application. It is possible to replace them by symlinks to temporary files " "to keep them always up to date. Note that it is possible to do or undo that " "at any time by running" msgstr "" "Questi file sono cumulativi e possono archiviare informazioni obsolete che " "possono portare a comportamenti inaspettati del gestore di rete o " "dell'applicazione per la masterizzazione. È possibile sostituirli con " "collegamenti simbolici a file temporanei per mantenerli sempre aggiornati. " "Notare che è possibile farlo o annullare ciò che si è fatto in ogni momento " "eseguendo" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "Do you want to hide Physical Volumes your system does not need ?" msgstr "Nascondere i volumi fisici che non sono necessari per il sistema?" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "It seems that the drive on which your system is installed contains Logical " "Volumes. It is possible to set LVM to activate only the Physical Volumes " "that your system needs. This can mainly avoid name conflicts between the " "Volumes used by your system and those that could be found on internal or " "external drives plugged on the same computer." msgstr "" "Sembra che l'unità in cui è installato il sistema contenga dei volumi " "logici. È possibile impostare LVM per attivare solo i volumi fisici che sono " "necessari al sistema. Ciò può in particolar modo evitare conflitti di nomi " "tra i volumi usati dal sistema e quelli che possono essere trovati su unità " "interne o esterne collegate allo stesso computer." #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "If you choose to use this feature, this will overwrite '/etc/lvm/lvm.conf', " "and you should read 'README.Debian' in the documentation of the package. " "Otherwise, you can do it later with" msgstr "" "Se si sceglie questa funzionalità, «/etc/lvm/lvm.conf» verrà sovrascritto e " "si dovrebbe leggere il file «README.Debian» nella documentazione del " "pacchetto. Altrimenti lo si può fare successivamente con" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "Physical Volumes Filter will not be applied." msgstr "I filtri dei volumi fisici non saranno applicati." #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "Probably due to an error in '66-bilibop.rules', the following device(s) have " "not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev:" msgstr "" "Probabilmente a causa di un errore in «66-bilibop.rules», i seguenti device " "non sono stati etichettati come «BILIBOP» da udev oppure non hanno un " "collegamento simbolico utilizzabile gestito da udev:" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "This means some variables in '/etc/lvm/lvm.conf' will be left or reset to " "their initial values:" msgstr "" "Ciò significa che alcune variabili in «/etc/lvm/lvm.conf» saranno lasciate o " "reimpostate ai loro valori iniziali:" bilibop-0.4.20/debian/po/fr.po0000644000000000000000000003721112244077751012727 0ustar # French translation of bilibop's debconf templates. # This file is distributed under the same license as the bilibop package. # Alexandre Martin , 2013. # msgid "" msgstr "" "Project-Id-Version: bilibop 0.4.17\n" "Report-Msgid-Bugs-To: quidame@poivron.org\n" "POT-Creation-Date: 2013-11-23 10:14+0000\n" "PO-Revision-Date: 2013-10-10 15:37+0200\n" "Last-Translator: Alexandre Martin \n" "Language-Team: \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "Do you intend to install bilibop-rules on a Live System ?" msgstr "Avez-vous l'intention d'installer bilibop-rules sur un système Live ?" #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "Some bilibop-rules settings can be useful on non-volatile Operating Systems, " "when running from a removable and writable media (USB sticks, external HDD " "or SD cards); but they are currently useless or even harmful for LiveCD or " "LiveUSB systems." msgstr "" "Certains paramètrages de bilibop-rules peuvent être utiles sur des systèmes " "non-voloatiles tournant depuis un périphérique amovible (clefs USB, Disques " "Durs externes ou cartes SD); mais ils sont généralement inutiles, voire " "nuisibles sur des systèmes LiveCD ou LiveUSB." #. Type: boolean #. Description #: ../bilibop-rules.templates:1001 msgid "" "If you choose this option, no other question will be asked; bilibop udev " "rules will be applied but nothing else will be modified on your system. Note " "that in that case, this package is overkill and you should probably replace " "it by the lighter but as much as efficient bilibop-udev package." msgstr "" "Si vous choisissez cette option, aucune autre question ne sera posée; les " "règles udev de bilibop seront appliquées mais rien d'autre ne sera modifié " "sur votre système. Notez que dans ce cas, ce paquet excède vos besoins et " "vous devriez probablement le remplacer par le paquet bilibop-udev, plus " "léger mais tout aussi efficace." #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "Do you want to use custom bilibop rules and build them now ?" msgstr "" "Voulez-vous utiliser des règles bilibop sur mesure et les construire " "maintenant ?" #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "If tens of removable media are plugged on the computer your system boots " "from, bilibop udev rules can significantly increase boot time. This can be " "avoided by using custom udev rules, which are specific to the device your " "system is installed on." msgstr "" "Si de nombreux périphériques amovibles sont connectés sur l'ordinateur " "depuis lequel votre système démarre, les règles udev de bilibop peuvent " "augmenter significativement la durée du démarrage. Cela peut être évité en " "utilisant des règles sur mesure, spécifiques au périphérique sur lequel " "votre système est installé." #. Type: boolean #. Description #: ../bilibop-rules.templates:2001 msgid "" "That said, if this device can boot from different hardware port types (as " "USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), you should check the resulting " "rules by booting your system on the alternative port type, and if necessary " "by running 'dpkg-reconfigure bilibop-rules' again with proper options, or " "even by editing '/etc/udev/rules.d/66-bilibop.rules'." msgstr "" "Cela dit, si ce périphérique peut être démarré depuis différents types de " "ports (USB/Firewire, USB/eSATA, USB/SD/MMC, etc), vous devriez plutôt " "construire ces règles manuellement (en éxécutant '/usr/share/bilibop/" "bilibop_rules_generator' avec les options adéquates, en vérifiant si elles " "fonctionnent en toutes situations, et en éditant '/etc/udev/rules.d/66-" "bilibop.rules' si nécessaire)." #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "keep existing custom rules" msgstr "conserver les règles personnelles existantes" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "rebuild custom rules" msgstr "reconstruire les règles personnelles" #. Type: select #. Choices #: ../bilibop-rules.templates:3001 msgid "remove custom rules" msgstr "supprimer les règles personnelles" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "What do you want to do with your custom rules ?" msgstr "Que voulez-vous faire de vos règles sur mesure ?" #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "The file '/etc/udev/rules.d/66-bilibop.rules' exists. It is specific to the " "drive on which your system is installed and overrides the one, more generic, " "that is provided by the bilibop-rules package (in '/lib/udev/rules.d')." msgstr "" "Le fichier '/etc/udev/rules.d/66-bilibop.rules' existe. Il est spécifique au " "périphérique sur lequel votre système est installé et surcharge celui, plus " "générique, qui est fourni par le paquet bilibop-rules (dans '/lib/udev/rules." "d')." #. Type: select #. Description #: ../bilibop-rules.templates:3002 msgid "" "If the device hosting the running system is able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD-card, etc.), you " "should boot it from the alternative port type and check if your custom rules " "work fine in all cases. In the doubt, you should remove the custom rules " "file." msgstr "" "Si le périphérique qui héberge le système en cours d'éxécution est capable " "de démarrer depuis différents types de ports (USB/Firewire, USB/eSATA, USB/" "SD, etc.), vous devriez le démarrer depuis le type de port alternatif et " "vérifier si vos règles sur mesure fonctionnent correctement dans tous les " "cas. Dans le doute, vous devriez supprimer le fichier de règles personnelles." #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "Options to pass to the bilibop rules generator:" msgstr "Options à passer au générateur de règles bilibop :" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "Possible options you can pass to the bilibop rules generator are the " "followings:" msgstr "" "Les options possibles à passer au générateur de règles bilibop sont les " "suivantes :" #. Type: string #. Description #: ../bilibop-rules.templates:4001 msgid "" "The two first ones cannot be mixed; for example, '-a model,serial' is not a " "valid option; use '-a model -e ID_SERIAL' instead. In the doubt, you should " "probably set it to an empty string (defaults to '-a manufacturer,product," "serial')." msgstr "" "Les deux premières ne peuvent pas être mixées; par exemple, '-a model," "serial' n'est pas une option valide; utilisez plutôt '-a model -e " "ID_SERIAL'. Dans le doute, vous devriez probablement laisser ce champ vide " "(qui équivaut à '-a manufacturer,product,serial')" #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "Options given to the bilibop rules generator seem to be invalid." msgstr "" "Les options données au générateur de règles bilibop semblent invalides." #. Type: error #. Description #: ../bilibop-rules.templates:5001 msgid "" "You can go back by hitting the key and then modify the options. " "Otherwise, the custom rules file '/etc/udev/rules.d/66-bilibop.rules' will " "not be written." msgstr "" "Vous pouvez revenir en arrière avec la touche et modifier les " "options. Autrement, le fichier de règles sur mesure '/etc/udev/rules.d/66-" "bilibop.rules' ne sera pas écrit." #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:6001 ../bilibop-rules.templates:7001 msgid "The following device(s) still belong to floppy group:" msgstr "" "Le(s) périphérique(s) suivant(s) appartiennent encore au groupe 'floppy' :" #. Type: error #. Description #: ../bilibop-rules.templates:6001 msgid "You should rewrite or remove your custom rules file:" msgstr "Vous devriez récrire ou supprimer votre fichier de règles sur mesure :" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "Internal error" msgstr "Erreur interne" #. Type: error #. Description #: ../bilibop-rules.templates:7001 msgid "You should send a bug report to the maintainer of the package." msgstr "Vous devriez envoyer un rapport de bogue au responsable du paquet." #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "the existing one" msgstr "le fichier existant" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static device map (not recommended)" msgstr "un fichier statique (non recommandé)" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a static fake device map" msgstr "un fichier statique avec un contenu falsifié" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamic fake device map" msgstr "un fichier dynamique avec un contenu falsifié" #. Type: select #. Choices #: ../bilibop-rules.templates:8001 msgid "a dynamically updated device map" msgstr "un fichier mis à jour dynamiquement" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "What kind of GRUB device map do you want to use ?" msgstr "Quel genre de carte des périphériques voulez-vous que GRUB utilise ?" #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "The '/boot/grub/device.map' file can store obsolete information. In some " "cases, this can lead to failures when the GRUB bootloader menu is updated. " "To avoid that, it is possible to replace the device map by a fake one, " "mapping only the physical drive hosting your system; or by a link to a " "temporary file, which may be created either at boot time with a fake " "content, or on demand with an updated content." msgstr "" "Le fichier '/boot/grub/device.map' peut stocker des informations obsolètes. " "Dans certains cas, cela peut conduire à des échecs lors de la mise à jour du " "menu du chargeur de démarrage GRUB. Pour éviter cela, il est possible de " "modifier la carte des périphériques (device map) en ne tenant compte que du " "disque physique hébergeant votre système; ou de la remplacer par un lien " "symbolique vers un fichier temporaire, lequel peut être créé au démarrage " "avec un contenu falsifié, ou à la demande avec un contenu à jour." #. Type: select #. Description #: ../bilibop-rules.templates:8002 msgid "" "If your external system is embedded on a device able to boot from different " "hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), it is not " "recommended to use a static device map. The dynamic fake device map should " "work in all cases." msgstr "" "Si votre système externe est embarqué sur un périphérique capable de " "démarrer depuis différents ports matériels (USB/Firewire, USB/eSATA, USB/MMC/" "SD, etc.), il n'est pas recommandé d'utiliser un plan statique. Le faux plan " "dynamique devrait fonctionner dans tous les cas." #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "keep them in their current state" msgstr "les conserver en l'état" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent cd rules only" msgstr "rendre volatiles uniquement les règles 'cd'" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent net rules only" msgstr "rendre volatiles uniquement les règles 'net'" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make unpersistent rules for all (recommended)" msgstr "rendre toutes les règles volatiles (recommandé)" #. Type: select #. Choices #: ../bilibop-rules.templates:9001 msgid "make persistent rules for all" msgstr "rendre toutes les règles persistantes" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "What persistent rules do you want to make unpersistent ?" msgstr "Quelles règles persistantes voulez-vous rendre volatiles ?" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "Some udev rules files can store information about components of the computer " "your system is plugged on:" msgstr "" "Certains fichiers de règles udev peuvent stocker des informations concernant " "le matériel de la machine sur laquelle votre système est connecté :" #. Type: select #. Description #: ../bilibop-rules.templates:9002 msgid "" "These files are cumulative and can store obsolete information, possibly " "leading to unexpected behaviour of your network manager or CD burner " "application. It is possible to replace them by symlinks to temporary files " "to keep them always up to date. Note that it is possible to do or undo that " "at any time by running" msgstr "" "Ces fichiers sont cumulatifs et peuvent contenir des informations obsolètes " "pouvant conduire à un comportement inattendu de votre gestionnaire de " "connexions ou de votre logiciel de gravure de CD. Il est possible de " "remplacer ces fichiers par des liens symboliques vers des fichiers " "temporaires pour les maintenir à jour. Notez qu'il est possible de le faire " "ou le défaire n'importe quand en lançant" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "Do you want to hide Physical Volumes your system does not need ?" msgstr "" "Voulez-vous masquer les Volumes Physiques dont votre système n'a pas besoin ?" #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "It seems that the drive on which your system is installed contains Logical " "Volumes. It is possible to set LVM to activate only the Physical Volumes " "that your system needs. This can mainly avoid name conflicts between the " "Volumes used by your system and those that could be found on internal or " "external drives plugged on the same computer." msgstr "" "Il semble que le disque sur lequel votre système est installé contient des " "Volumes Logiques. Il est possible de paramètrer LVM pour n'activer que les " "Volumes Physiques dont votre système a besoin. Cela a le principal avantage " "d'éviter des conflits de nom entre les Volumes utilisés par votre système et " "ceux qui pourraient se trouver sur d'autres disques connectés à la même " "machine hôte. " #. Type: boolean #. Description #: ../bilibop-rules.templates:10001 msgid "" "If you choose to use this feature, this will overwrite '/etc/lvm/lvm.conf', " "and you should read 'README.Debian' in the documentation of the package. " "Otherwise, you can do it later with" msgstr "" "Si vous choisissez d'utiliser cette fonctionnalité, cela modifiera '/etc/lvm/" "lvm.conf', et vous devriez lire 'README.Debian' dans la documentation du " "paquet. Autrement, vous pouvez le faire plus tard avec" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "Physical Volumes Filter will not be applied." msgstr "Le filtre des Volumes Physiques ne sera pas appliqué." #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "Probably due to an error in '66-bilibop.rules', the following device(s) have " "not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev:" msgstr "" "Probablement en raison d'une erreur dans '66-bilibop-rules', les " "périphériques suivants n'ont pas été étiquetés 'BILIBOP' par udev, ou n'ont " "pas de lien symbolique géré par udev :" #. Type: error #. Description #. Type: error #. Description #: ../bilibop-rules.templates:14001 ../bilibop-rules.templates:15001 msgid "" "This means some variables in '/etc/lvm/lvm.conf' will be left or reset to " "their initial values:" msgstr "" "Cela signifie que certaines variables dans '/etc/lvm/lvm.conf' seront " "conservées ou réinitialisées à leurs valeurs initiales :" bilibop-0.4.20/debian/bilibop-rules.triggers0000644000000000000000000000003212165414757015654 0ustar activate update-initramfs bilibop-0.4.20/debian/bilibop-lockfs.manpages0000644000000000000000000000023612165414757015756 0ustar usr/share/man/man1/lockfs-notify.1 usr/share/man/man1/lockfs-notify.fr.1 usr/share/man/man8/lockfs_mount_helper.8 usr/share/man/man8/lockfs_mount_helper.fr.8 bilibop-0.4.20/debian/bilibop-lockfs.install0000644000000000000000000000073212165414757015632 0ustar etc/xdg/autostart/lockfs-notify.desktop etc/xdg/autostart lib/bilibop/lockfs_mount_helper lib/bilibop lib/bilibop/lockfs.sh lib/bilibop usr/bin/lockfs-notify usr/bin usr/share/initramfs-tools/hooks/bilibop-lockfs usr/share/initramfs-tools/hooks usr/share/initramfs-tools/scripts/init-top/bilibop-lockfs usr/share/initramfs-tools/scripts/init-top usr/share/initramfs-tools/scripts/local-bottom/bilibop-lockfs usr/share/initramfs-tools/scripts/local-bottom bilibop-0.4.20/debian/bilibop-udev.README.Debian0000644000000000000000000000251412165414757015764 0ustar bilibop-udev ------------ This package only provides a udev rules file to be applied on operating systems running from external media (USB stick, USB HDD, FireWire, Flash Memory stick). It is based on bilibop-common shell functions with the same limitations; read the bilibop-common documentation for details. The running system being hosted on a removable device, the common udev rules (91-permissions.rules) will set it as owned by the 'floppy' group, allowing any member of this group to damage it, even by mistake, with at least one of the following commands: shred -zn0 /dev/sdb cat /dev/zero >/dev/sdb dd if=/dev/zero of=/dev/sdb So the bilibop-udev rule fixes the disk hosting the operating system and all its partitions as owned by the 'disk' group, as it was an internal disk. Additionally, it creates a symlink (by default /dev/bilibop) to the node of the disk hosting the system, making easy to find the boot device of a multilayered block devices root filesystem; for example, on a Debian LiveUSB with the fromiso=* boot method: disk > partition > file.iso > loop > file.squashfs > loop > aufs ro-branch > aufs (/) NOTE: there is currently no support for eSATA drives. -- bilibop project Wed, 17 Oct 2012 14:33:20 +0200 -- bilibop project Wed, 03 Jul 2013 16:34:48 +0200 bilibop-0.4.20/debian/bilibop-lockfs.README.Debian0000644000000000000000000004462312236272332016277 0ustar bilibop-lockfs -------------- 1. OVERVIEW =========== Bilibop-lockfs is a collection of shell scripts whose the main goal is to use the system without modify it in any way: high-level write access is disallowed by mounting filesystems as readonly branches of aufs(5), forcing all changes to be written on the temporary writable branches, i.e. in the RAM; additionally, low-level write access is also forbidden, by setting the block devices (including the whole disk itself) as readonly with the 'read_only_volume_list' setting in lvm.conf(5) for Logical Volumes, and with blockdev(8) for all others. There, 'without modify it in any way' means no log files, no cookies, no timestamp or data changes, but also no modification of the boot sectors or partition table, no changes of the LUKS headers, LVM metadata, and so on. This package was initially designed to be installed on operating systems embedded on removable and writable media. This includes Flash Memory sticks and external HDDs. Now, *bilibop-lockfs* can also be used on any internal disk (HDD or SSD), if the root filesystem is not hosted on more than one disk (by using LVM or RAID). It can be used: - to not decrease the lifetime of the flash media (USB stick, SD card, Solid State Disk) which the system is installed on (such media have limited write cycles). - to perform tests: all that is not the initramdisk can be temporarily modified at system or user level, and then tested without risk to affect original configurations: they will be active after the next boot. - as a tool in anti-forensics strategies, as explained above. NOTE that the bilibop-lockfs scripts depend on the bilibop-common functions, which may need Linux kernel 2.6.37 or higher to work properly. See bilbiop-common documentation for details. 2. CONFIGURATION ================ All available configuration options are described in the bilibop.conf(5) manual page. They allow to: - Enable/Disable 'lockfs' from the configuration file, from the boot commandline, or by physically locking the drive with a switch. In last instance, a heuristic is used to enable 'lockfs' on USB sticks. - Apply a hard policy (as described above; this is the default), or a soft policy allowing the admin to manually modify both high-level and low-level data or metadata. If the drive is physically locked, the hard policy is automatically applied; in fact, in such cases there is no choice, but this avoids some errors by avoiding write attempts on the drive by some low-level programs (e2fsck for example). - Disable 'lockfs' for only specified mountpoints or filesystems. This is a 'whitelist' based feature. Obviously, this is bypassed when the drive is physically locked. - Apply a specific policy for swap filesystems: use them as they are set; enable them manually; don't use them at all; enable only encrypted swap devices; or even, enable only swap devices encrypted with a random key. Here again, the settings will be overridden if the drive is physically locked. - Send a notification to the user about the 'lockfs' status. This can be done both during system boot and at desktop session startup. At boot time (through Plymouth), a message is sent to say that bilibop-locks is enabled (with hard|soft policy) or not, or if an error occurs. At desktop session startup, a notification is send to say that filesystems are locked or not. More exactly, the notifications say that changes under such or such directories will be kept or lost at shutdown. See the lockfs-notify(1) manpage for details. 3. BOOT OPTIONS =============== Several variables can be set or overridden from the boot commandline, with the following keywords/parameters (the last one given in the boot commandline overrides the previous ones): - 'nolockfs' - disable bilibop-lockfs features: BILIBOP_LOCKFS="false" - 'lockfs' - enable bilibop-lockfs features: BILIBOP_LOCKFS="true" - 'lockfs=force' - enable bilibop-lockfs features when system boots in single-user mode: BILIBOP_LOCKFS="true" - 'lockfs=hard' - enable bilibop-lockfs features, with restrictive policy: BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_POLICY="hard" - 'lockfs=soft' - enable bilibop-lockfs features, with permissive policy: BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_POLICY="soft" - 'lockfs=' - enable bilibop-lockfs features, and allocate SIZE of tmpfs for the root filesystem (/). SIZE must be digits (not beginning by zero) suffixed with 'k', 'K', 'm', 'M', 'g', 'G', or '%'. Default is 50% of the RAM. BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_SIZE="/= ${BILIBOP_LOCKFS_SIZE}" - 'lockfs=all' - enable bilibop-lockfs features and blank the list of devices to not lock: BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_WHITELIST="" - 'lockfs=default' - enable bilibop-lockfs features with their default values; all settings of the configuration file will be overridden: BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_POLICY="hard" BILIBOP_LOCKFS_WHITELIST="" BILIBOP_LOCKFS_SWAP_POLICY="" (fallbacks to 'hard' or 'crypt') BILIBOP_LOCKFS_SIZE="" (means '50%' for each tmpfs) BILIBOP_LOCKFS_NOTIFY_POLICY="" - 'lockfs=-/foobar' - enable bilibop-lockfs features and add /foobar to the list of whitelisted mountpoints: BILIBOP_LOCKFS="true" BILIBOP_LOCKFS_WHITELIST="${BILIBOP_LOCKFS_WHITELIST} /foobar" - 'noswap' - if bilibop-lockfs is enabled, then apply a more restrictive policy than does the checkroot.sh initscript: comment lines about swap in /etc/fstab and also /etc/crypttab if necessary. BILIBOP_LOCKFS_SWAP_POLICY="hard" Unknown keywords are silently ignored. Parameters can be used together, separated by comma; for examples: lockfs=soft,30%,all will apply a soft policy to all mountpoints, allocating 30% of the RAM to /. lockfs=default,-/var/spool/apt-mirror will reset all settings to their default values, and then whitelist the /var/spool/apt-mirror mountpoint. My favorite. 4. HOW IT WORKS =============== If: one of the devices registered in fstab(5) is a Logical Volume and if: the keyword 'nolockfs' is not used in the boot commandline or: a drive is physically locked (takes precedence over the 'nolockfs' boot option) then: a first initramfs script is used to modify lvm.conf(5) inside the initramfs BEFORE LV are activated; then they are activated read-only (their metadata are not updated, and block devices are set readonly). After what, when the root of the system has been discovered and mounted from the initramfs, another initramfs script (the main) is used to lock the root filesystem and all its (virtual or physical) parent block devices. Other mountpoints are managed by a mount helper script. Here is an example of a partition scheme on a USB stick of 16GB (those are the outputs of the drivemap(1) command, when bilibop-lockfs is disabled): $ drivemap -m / /dev/sdb /dev/sdb1 /dev/dm-0 /dev/dm-1 /dev/dm-2 /dev/dm-3(*) /dev/dm-4 /dev/sdb2 $ drivemap -pin / /dev/sdb [ usb-_Xporter_Memory_07B3100100182DD2-0:0 | 16GB ] /dev/sdb1 ............................... [ LVM2_member | 8GB ] /dev/mapper/xporter-boot ................... [ ext3 | 255MB ] /boot /dev/mapper/xporter-luks ............ [ crypto_LUKS | 7751MB ] /dev/mapper/peevee .............. [ LVM2_member | 7750MB ] /dev/mapper/veegee-root ............ [ ext4 | 6996MB ] / /dev/mapper/veegee-home ............ [ ext4 | 750MB ] /home /dev/sdb2 ...................................... [ vfat | 8GB ] The first primary partition (/dev/sdb1) is a Physical Volume used as member of the Volume Group 'xporter', which is divided into two Logical Volumes: 'boot' and 'luks'. /dev/mapper/xporter-luks (or /dev/xporter/luks) contains a Physical Volume 'peevee' used as member of the Volume Group 'veegee' that contains two Logical Volumes: 'root' and 'home'. The second primary partition is used to be mountable, readable and writable on any computer: it contains a vfat (FAT32) filesystem of 8 GB and is not automatically mounted (not registered in /etc/fstab). 4.1. First stage ---------------- One time the device that is normally used as the root of the system has been discovered and mounted read-only on a temporary mountpoint (stored in the 'rootmnt' variable) in the initramfs environment, the bilibop-lockfs script is executed. a. It checks if the 'lockfs' feature is enabled or not. If not, it exits. One of the checks is to verify that the drive is physically locked or not; if it is, all BILIBOP_LOCKFS_* variables are reset to values compatible with the physical lock, and stored in /run/bilibop/plocked. b. It checks if ${rootmnt} is already an aufs mountpoint. If yes, it exits. This is done to not conflict with other programs such as 'fsprotect'. c. It checks the policy to apply: 'hard' or 'soft'. If 'hard', then the block device mounted on ${rootmnt} and the drive hosting this device are set read-only. Additionally, all parent block devices of the root device are set read-only too. With the partition scheme described above, this should give: sdb __ sdb1 __ dm-1 __ dm-2 __ dm-3 : RO (disk > PV > LV=LUKS > PV > LV=/) | | |__ dm-4 : rw (/home) | |__ dm-0 : rw (/boot) |__ sdb2 : rw (FAT32) Now the root filesystem (/dev/dm-3 on ${rootmnt}) is fully protected: it is not possible to dd(1) or whatever dm-3, dm-2 (that contains dm-3), dm-1 (that contains dm-2), sdb1 (that contains dm-1) nor sdb (that contains sdb1). At this step, only three block devices are not yet locked: /dev/sdb2, /dev/dm-0 and /dev/dm-4. d. Several mount operations are performed, sometimes with --bind or --move options, to obtain that ${rootmnt} is now an aufs mountpoint with dm-3 (/dev/mapper/veegee-root) mounted on ${rootmnt}/aufs/ro as the lower and readonly branch, and tmpfs mounted on ${rootmnt}/aufs/rw as the upper and writable branch. If the global policy is 'soft', the lower branch is set 'ro'; otherwise, 'rr' (real readonly). If, for any reason, something goes wrong, then all that has been done before is undone (especially the blockdev commands) and the boot process will continue as if bilibop-lockfs was disabled. An error message is sent to plymouth. e. Two files are created: - /run/bilibop/lock is a marker: if it don't exist, some bilibop-lockfs helper scripts will exit immediately. It is also used to store a list of the files modified by bilibop-lockfs. - ${rootmnt}/fastboot is also a marker: if it exists, filesystem checks at startup are skipped. f. ${rootmnt}/etc/fstab is modified: - The entry about the root filesystem is commented to forbid further possible management of / by initscrits. - Entries about swap devices are kept as is, commented, or modified, depending on the policy to apply (soft, noauto, crypt, random, hard). - Entries about mountpoints that have not been whitelisted in bilibop.conf(5) are modified: the fstype (third field) is replaced by 'lockfs', and options are also modified to remember the real fstype to use. This makes the original line: UUID=a82267c0-fe18-6c44-0acf-d11a5904d7ae /boot ext3 noatime,nodev,noexec,nosuid 0 2 is commented and replaced by: UUID=a82267c0-fe18-6c44-0acf-d11a5904d7ae /boot lockfs fstype=ext3,noatime,nodev,noexec,nosuid 0 0 NOTE that because some filesystems may not exist at this time, filesystem metadata such as LABEL, UUID or TYPE cannot be queried to know if a filesystem is whitelisted or not. Only mountpoints, devices and metadata matching the fstab entries are checked at this step. This means, with the previous example, that if you don't want to modify the /boot entry in fstab, you should use '/boot' or 'UUID=a82267c0-fe18-6c44-0acf-d11a5904d7ae'. '/dev/mapper/xporter-boot' or 'LABEL=boot' will not work here. 'TYPE=ext3' is too generic and can match other mountpoints. g. ${rootmnt}/etc/lvm/lvm.conf is modified (optional): Due to the power of the LVM commands, a last step can be necessary when BILIBOP_LOCKFS_POLICY is not set to 'soft'. Some commands such as 'vgchange -ay', which is run by the lvm2 initscript, can reset the 'ro' flag on Logical Volumes. This is a case of breakage of the lockfs 'hard' policy. To avoid this infamous result, the lvm.conf(5) file is modified: - in the 'global' section: locking_type = 4 metadata_read_only = 1 - in the 'activation' section: the content of (initrd)/etc/lvm/bilibop is used to set 'read_only_volume_list'. - in the 'devices' section: the PV we want to protect from further LVM investigations are filtered by the 'filter' option. The variable 'read_only_volume_list' applies to Logical Volumes. The variable 'filter' applies to Physical Volumes. Modify both 'read_only_volume_list' and 'filter' is a kind of defense in depth. 4.2. Second stage ----------------- Now /, the root of the system, is what it was previously named ${rootmnt}. /sbin/init is running and initscripts are executed. Due to the changes in lvm.conf, the 'vgchange -ay' from the lvm initscript has no effect on the protected devices: they are even not seen. When 'mount -a' is called, it parses /etc/fstab and for each entry it encounters with a 'lockfs' filesystem type, it calls the helper mount.lockfs(8) with the proper options and arguments. /sbin/mount.lockfs does something very close to what the initramfs script did for the root of the system. This mount helper script can not be used manually. a. If the parent process of the script is not /bin/mount, then it exits immediately. b. It checks if: - / is an aufs mountpoint - /run/bilibop/lock exists - what has to be mounted is really a block device, or a regular file (that will be associated to a loop device) - the filesystem to mount is not whitelisted If one of these tests fails, then a normal mount is executed and the corresponding entry in /etc/fstab is replaced by something very close to the original one, to reflect the actual mount. Here, we call that: 'mount_fallback'. 'very close' ? Since mount(8) can resolve the device name when it is called by its LABEL or UUID, the first argument given to the mount helpers is always the device name (or a symlink to it), never LABEL=* or UUID=*, even if the fstab entry uses this format. Options are preserved. So, if the original line was: UUID=a82267c0-fe18-6c44-0acf-d11a5904d7ae /boot ext3 noatime,nodev,noexec,nosuid 0 2 and replaced by the initramfs script by: UUID=a82267c0-fe18-6c44-0acf-d11a5904d7ae /boot lockfs fstype=ext3,noatime,nodev,noexec,nosuid 0 0 in case of 'mount_fallback' the new one is: /dev/mapper/xporter-boot /boot ext3 noexec,nosuid,nodev,noatime 0 0 This can happen if '/dev/mapper/xporter-boot' or 'LABEL=boot' has been whitelisted instead of 'UUID=a82267c0-fe18-6c44-0acf-d11a5904d7ae' or simply '/boot': the bilibop-lockfs initramfs script doesn't understand that this device is whitelisted and modifies the corresponding fstab entry; after what the mount helper script, understanding that the device is whitelisted, restores the fstab entry. NOTE that the replacement of the last field (here '2') by '0' is less than minor: the /fastboot file created by the initramfs script already disables filesystem checks. c. Now the script checks if the global policy is 'hard' or 'soft'. If it is 'hard', then the block device is set read-only with blockdev(8). If '/usr/local' is the target mountpoint, then the readonly branch is mounted on /aufs/ro/usr/local. '/aufs/ro' is the mountpoint of the readonly branch of the root filesystem and is used as prefix for all other mountpoints of readonly branches. If mount fails, then what it has been done before is undone, and a 'mount_fallback' is executed (see above). d. The script checks if a specified size has to be allocated to the writable branch, creates the mountpoint for the writable branch and mount it with proper options (nodev, noexec, nosuid and ro if they were specified in the original fstab entry). If '/usr/local' is the target mountpoint, then the writable branch is mounted on /aufs/rw/usr/local. '/aufs/rw' is the mountpoint of the writable branch of the root filesystem and is used as prefix for all other mountpoints of writable branches. If mount fails, then what has been done before is undone, and a 'mount_fallback' is executed. The ownership and permissions of the writable branch are modified if necessary, to match those of the readonly branch. e. The aufs is mounted. If the global lockfs policy is 'hard', then the readonly branch is set 'rr' instead of 'ro'. If mount fails, then what has been done before is undone, and a 'mount_fallback' is executed. f. The last step is to modify /etc/fstab to make it matches /proc/mounts: this can be important for clean unmounts at shutdown, for the case a readonly filesystem is remounted 'rw' during a session. This needs the global policy (BILIBOP_LOCKFS_POLICY) set to 'soft', or run blockdev(8) manually to set the block device as writable. The entry corresponding to the target mountpoint is replaced by a block of three lines: readonly branch, writable branch and the aufs itself. 4.3. Results ------------ bilibop-lockfs is enabled with default options (bilibop.conf is empty): $ drivemap -i / /dev/sdb [ usb-_Xporter_Memory_07B3100100182DD2-0:0 | 16GB ] /dev/sdb1 ............................... [ LVM2_member | 8GB ] /dev/dm-0 .................................. [ ext3 | 255MB ] aufs/ro/boot /dev/dm-1 ........................... [ crypto_LUKS | 7751MB ] /dev/dm-2 ....................... [ LVM2_member | 7750MB ] /dev/dm-3 .......................... [ ext4 | 6996MB ] /aufs/ro /dev/dm-4 .......................... [ ext4 | 750MB ] /aufs/ro/home /dev/sdb2 ...................................... [ vfat | 8GB ] $ for i in /dev/sdb* /dev/dm-[0-4] ; do printf "$i\tro=" ; cat /sys/class/block/${i##*/}/ro ; done /dev/sdb ro=1 /dev/sdb1 ro=1 /dev/sdb2 ro=0 /dev/dm-0 ro=1 /dev/dm-1 ro=1 /dev/dm-2 ro=1 /dev/dm-3 ro=1 /dev/dm-4 ro=1 This last command line says /dev/sdb2 (vfat fs, and not listed in fstab) is writable, other block devices are read-only. -- bilibop project Tue, 17 Apr 2012 03:03:52 +0200 -- bilibop project Sun, 27 Oct 2013 04:48:23 +0000 bilibop-0.4.20/debian/bilibop-common.dirs0000644000000000000000000000003012165414757015123 0ustar etc/bilibop lib/bilibop bilibop-0.4.20/debian/bilibop-lockfs.examples0000644000000000000000000000006312165414757015777 0ustar usr/share/doc/bilibop-lockfs/examples/bilibop.conf bilibop-0.4.20/debian/bilibop-common.install0000644000000000000000000000030312165414757015633 0ustar etc/bilibop/bilibop.conf etc/bilibop lib/bilibop/common.sh lib/bilibop lib/bilibop/disk lib/bilibop lib/bilibop/test lib/bilibop lib/bilibop/drivemap.sh lib/bilibop usr/bin/drivemap usr/bin bilibop-0.4.20/debian/bilibop-common.README.Debian0000644000000000000000000001352212236272332016300 0ustar bilibop-common -------------- OVERVIEW ======== This package mainly provides shell functions that can be called by any user, either manually or from a shell script. Some of them require Linux kernel 2.6.37 or higher to work properly: this requirement can be bypassed if you don't use loop devices. One of the main goals of these functions is to easily find the device name of the disk hosting the running system. We assume that the commands in /usr/bin (awk, cut, tail, and others) can be unavailable, and then are replaced by grep and sed heuristics. We assume, even if it is not often, that /etc/udev/udev.conf can have been modified and that 'udev_root' can be something else than '/dev'. dm-crypt/LUKS, LVM, loopback and aufs root filesystems (and combinations of them) are now _fully_ supported, with the following limitations: these functions are intended to be used on a system hosted by an external and writable device (USB, FireWire, eSATA, MMC and maybe more); this means all filesystems used by the system must be either hosted by the same disk or in RAM. Functions that just output information about devices/filesystems can be called by any unprivileged user. Some of the main functions can be called from the commandline (or from a script) with: $ . /lib/bilibop/common.sh $ get_udev_root $ underlying_device / $ underlying_partition / $ physical_hard_disk / The second line (get_udev_root) is mandatory. For the three last functions, / can be replaced by any (symlink to a) directory (even if it is not a mount point), regular file or block device. If something goes wrong or gives unexpected result, set DEBUG to true and retry: $ DEBUG=true $ physical_hard_disk [ARG] LIMITATIONS =========== So, the main limitations for _full_ LVM support is that a Volume Group can contain several Logical Volumes, but never more than one Physical Volume: we assume there is no sense to use two partitions of the same disk to create a Volume Group. For the same reason, RAID is not supported at all. The limitations for _full_ aufs support are the sames than for some of the aufs-tools programs: we assume two branches, the lower being readonly (on disk) and the upper writable (in RAM). For loop devices, there is a small limitation, concerning the fact that in some cases, some functions cannot be run by any unprivileged user: if the loop device has been associated from into the initramdisk environment, then the filename stored in /sys/block/loop?*/loop/backing_file may be obsolete in the system environment, and a call to losetup is needed to access relevant information about the filesystem the backing file resides on. People who are interested by issues concerning multilayered block devices systems can read: http://wiki.debian.org/AdvancedStartupShutdownWithMultilayeredBlockDevices SHELL COMPATIBILITY =================== The bilibop common shell functions have been tested - and work - with the following shells: - /bin/bash (default login shell on Debian) - /bin/dash (default target of the /bin/sh symlink on Debian) - /bin/busybox sh (alternative shell in the Debian initramdisk) - /usr/lib/klibc/bin/sh.shared (default shell in the Debian initramdisk) And also work with: - /bin/mksh - /bin/mksh-static - /bin/bash-static - /bin/posh - /bin/zsh4 They work conditionally with: - /bin/sash Works when the script begins with #!/bin/sash -f, but not when it begins with #!/bin/sh and /bin/sh is linked to sash. They have been tested and don't work with: - /bin/pdksh (this shell has no 'printf' builtin) - /bin/ksh93 (this shell has no 'local' builtin) - /usr/bin/yash (this shell has no 'local' builtin, and '[' is not implemented when the shell is called as 'sh'; and in all cases, yash being in /usr/bin, it should be considered as unusable for bilibop purposes) NEEDED FILES ============ To run correctly, the bilibop functions need to read information into some virtual files or directories, especially: ${udev_root}/* (commonly /dev/*) /proc/cmdline /proc/filesystems /proc/mounts /proc/partitions /sys/block/sd?/removable /sys/block/dm-?/slaves /sys/block/loop?*/loop/backing_file (needs linux >= 2.6.37) /sys/class/block/*/dev /sys/class/block/*/holders /sys/module/aufs/parameters/brs /sys/fs/aufs/si_*/br? and maybe others So we assume that /dev, /proc and /sys are mounted. If you have to use the bilibop common functions from into a chrooted environment, you have to do something like that (as root). # mount DEVICE /mnt # mount -t sysfs -o nodev,noexec,nosuid sysfs /mnt/sys # mount -t proc -o nodev,noexec,nosuid proc /mnt/proc # mount -t devtmpfs -o mode=0755 udev /mnt/dev and optionally: # mount -t tmpfs -o nosuid,nodev tmpfs /mnt/tmp # mount -t tmpfs -o nosuid,size=10%,mode=0755 tmpfs /mnt/run # mkdir -p /mnt/dev/pts /mnt/run/lock /mnt/run/shm # mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /mnt/dev/pts # mount -t tmpfs -o noexec,nodev,nosuid,size=10% tmpfs /mnt/run/lock # mount -t tmpfs -o nosuid,nodev tmpfs /mnt/run/shm and finally: # chroot /mnt SCRIPTS ======= Bilibop-common is shipped with three shell scripts: /lib/bilibop/disk ----------------- This script is very small; it just outputs the physical disk name that contains the root filesystem (or the disk name containing a file, device or directory given as argument). This is a kind of 'proof of concept'. /lib/bilibop/test ----------------- This script tests if the argument (file/directory/device) is on the same physical disk than the root filesystem. If it is the case and -q is not used, then it outputs the value of BILIBOP_COMMON_BASENAME. This is also a kind of 'proof of concept'. /usr/bin/drivemap ----------------- This script is a little bit more complicated; it is fully described in its own manual page: drivemap(1). -- bilibop project Tue, 17 Apr 2012 03:03:52 +0200 -- bilibop project Sat, 26 Oct 2013 21:27:07 +0000 bilibop-0.4.20/debian/bilibop-lockfs.postinst0000644000000000000000000000040112165414757016040 0ustar #!/bin/sh set -e case "${1}" in configure) # Add bilibop-lockfs scripts in the initramdisk: if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u fi ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/bilibop-rules.manpages0000644000000000000000000000010112165414757015616 0ustar usr/share/man/man8/lsbilibop.8 usr/share/man/man8/lsbilibop.fr.8 bilibop-0.4.20/debian/bilibop-lockfs.TODO0000644000000000000000000000037312236272332014720 0ustar bilibop-lockfs - TODO * Translate manpages * Use debconf to notice the user that she must reboot the system to use the lockfs feature, and how. * Improve soft policy, to automatically save some changes at shutdown, maybe from a list. bilibop-0.4.20/debian/source/0000755000000000000000000000000012165414757012641 5ustar bilibop-0.4.20/debian/source/format0000644000000000000000000000001512165414757014050 0ustar 3.0 (native) bilibop-0.4.20/debian/bilibop-rules.examples0000644000000000000000000000032012165414757015644 0ustar usr/share/doc/bilibop-rules/examples/90-insidev.rules usr/share/doc/bilibop-rules/examples/90-internal-drives.rules usr/share/doc/bilibop-rules/examples/bilibop.conf usr/share/doc/bilibop-rules/examples/rlvm bilibop-0.4.20/debian/bilibop-rules.dirs0000644000000000000000000000011512165414757014771 0ustar lib/bilibop usr/share/bilibop usr/share/initramfs-tools/scripts/local-bottom bilibop-0.4.20/debian/bilibop-common.TODO0000644000000000000000000000030612165414757014735 0ustar bilibop-common - TODO * Provide a bilibop specific, sample 'preseed' file, and a script to easily include it either into the installer's initrd or into the iso image. * Translate manpages bilibop-0.4.20/debian/copyright0000644000000000000000000000211112234636044013257 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: bilibop project Upstream-Contact: Files: * Copyright: 2011-2013 Yann Amar License: GPL-3.0+ Files: debian/* Copyright: 2012-2013 Yann Amar License: GPL-3.0+ License: GPL-3.0+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU General Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". bilibop-0.4.20/debian/bilibop-udev.bilibop.udev0000644000000000000000000000072312251113305016205 0ustar # /lib/udev/rules.d/66-bilibop.rules # # Do not edit this file, it will be overwritten on updates. SUBSYSTEM!="block", GOTO="bilibop_end" ACTION!="add|change", GOTO="bilibop_end" KERNEL!="sd?*|mmcblk?*|mspblk?*", GOTO="bilibop_end" SUBSYSTEMS=="usb|firewire|memstick|mmc", \ PROGRAM=="/lib/bilibop/test $tempnode", \ GROUP:="disk", \ GOTO="bilibop_disk" GOTO="bilibop_end" LABEL="bilibop_disk" ATTR{removable}=="?*", \ SYMLINK+="$result" LABEL="bilibop_end" bilibop-0.4.20/debian/source.lintian-overrides0000644000000000000000000000010112244321061016170 0ustar bilibop source: newer-standards-version 3.9.5 (current is 3.9.4) bilibop-0.4.20/debian/bilibop-rules.templates0000644000000000000000000001725712251205050016021 0ustar Template: bilibop-rules/on-live-system Type: boolean Default: false _Description: Do you intend to install bilibop-rules on a Live System ? Some bilibop-rules settings can be useful on non-volatile Operating Systems, when running from a removable and writable media (USB sticks, external HDD or SD cards); but they are currently useless or even harmful for LiveCD or LiveUSB systems. . If you choose this option, no other question will be asked; bilibop udev rules will be applied but nothing else will be modified on your system. Note that in that case, this package is overkill and you should probably replace it by the lighter but as much as efficient bilibop-udev package. Template: bilibop-rules/bilibop_rules_generator/customize Type: boolean Default: false _Description: Do you want to use custom bilibop rules and build them now ? If tens of removable media are plugged on the computer your system boots from, bilibop udev rules can significantly increase boot time. This can be avoided by using custom udev rules, which are specific to the device your system is installed on. . That said, if this device can boot from different hardware port types (as USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), you should check the resulting rules by booting your system on the alternative port type, and if necessary by running 'dpkg-reconfigure bilibop-rules' again with proper options, or even by editing '/etc/udev/rules.d/66-bilibop.rules'. Template: bilibop-rules/bilibop_rules_generator/overwrite Type: select __Choices: keep existing custom rules, rebuild custom rules, remove custom rules Choices-C: keep, rebuild, remove Default: keep _Description: What do you want to do with your custom rules ? The file '/etc/udev/rules.d/66-bilibop.rules' exists. It is specific to the drive on which your system is installed and overrides the one, more generic, that is provided by the bilibop-rules package (in '/lib/udev/rules.d'). . If the device hosting the running system is able to boot from different hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD-card, etc.), you should boot it from the alternative port type and check if your custom rules work fine in all cases. In the doubt, you should remove the custom rules file. Template: bilibop-rules/bilibop_rules_generator/options Type: string #flag:translate!:3 _Description: Options to pass to the bilibop rules generator: Possible options you can pass to the bilibop rules generator are the followings: . -a vendor,model -a manufacturer,product,serial -e ID_VENDOR,ID_MODEL,ID_SERIAL_SHORT -e ID_SERIAL . The two first ones cannot be mixed; for example, '-a model,serial' is not a valid option; use '-a model -e ID_SERIAL' instead. In the doubt, you should probably set it to an empty string (defaults to '-a manufacturer,product,serial'). Template: bilibop-rules/bilibop_rules_generator/bad_options Type: error _Description: Options given to the bilibop rules generator seem to be invalid. You can go back by hitting the key and then modify the options. Otherwise, the custom rules file '/etc/udev/rules.d/66-bilibop.rules' will not be written. Template: bilibop-rules/belongs_to_floppy_group/custom_rules_error Type: error #flag:translate!:2,4 _Description: The following device(s) still belong to floppy group: ${DEVICE} . You should rewrite or remove your custom rules file: . /etc/udev/rules.d/66-bilibop.rules Template: bilibop-rules/belongs_to_floppy_group/internal_error Type: error #flag:translate!:3 _Description: Internal error The following device(s) still belong to floppy group: . ${DEVICE} . You should send a bug report to the maintainer of the package. Template: bilibop-rules/grub_device_map_manager Type: select __Choices: the existing one, a static device map (not recommended), a static fake device map, a dynamic fake device map, a dynamically updated device map Choices-C: keep, static, fake, dynamic, ondemand Default: keep _Description: What kind of GRUB device map do you want to use ? The '/boot/grub/device.map' file can store obsolete information. In some cases, this can lead to failures when the GRUB bootloader menu is updated. To avoid that, it is possible to replace the device map by a fake one, mapping only the physical drive hosting your system; or by a link to a temporary file, which may be created either at boot time with a fake content, or on demand with an updated content. . If your external system is embedded on a device able to boot from different hardware port types (USB/Firewire, USB/eSATA, USB/MMC/SD, etc.), it is not recommended to use a static device map. The dynamic fake device map should work in all cases. Template: bilibop-rules/make_unpersistent_rules Type: select __Choices: keep them in their current state, make unpersistent cd rules only, make unpersistent net rules only, make unpersistent rules for all (recommended), make persistent rules for all Choices-C: keep, cd, net, all, none Default: keep #flag:translate!:3,5 _Description: What persistent rules do you want to make unpersistent ? Some udev rules files can store information about components of the computer your system is plugged on: . /etc/udev/rules.d/70-persistent-cd.rules /etc/udev/rules.d/70-persistent-net.rules . These files are cumulative and can store obsolete information, possibly leading to unexpected behaviour of your network manager or CD burner application. It is possible to replace them by symlinks to temporary files to keep them always up to date. Note that it is possible to do or undo that at any time by running . dpkg-reconfigure bilibop-rules Template: bilibop-rules/physical_volumes_filter/system-only Type: boolean Default: false #flag:translate!:4 _Description: Do you want to hide Physical Volumes your system does not need ? It seems that the drive on which your system is installed contains Logical Volumes. It is possible to set LVM to activate only the Physical Volumes that your system needs. This can mainly avoid name conflicts between the Volumes used by your system and those that could be found on internal or external drives plugged on the same computer. . If you choose to use this feature, this will overwrite '/etc/lvm/lvm.conf', and you should read 'README.Debian' in the documentation of the package. Otherwise, you can do it later with . dpkg-reconfigure -p low bilibop-rules Template: bilibop-rules/physical_volumes_filter/filter Type: string Description: for internal use only Template: bilibop-rules/physical_volumes_filter/global_filter Type: string Description: for internal use only Template: bilibop-rules/physical_volumes_filter/obtain_device_list_from_udev Type: string Description: for internal use only Template: bilibop-rules/physical_volumes_filter/without_global_filter/warning Type: error #flag:translate!:3,5 _Description: Physical Volumes Filter will not be applied. Probably due to an error in '66-bilibop.rules', the following device(s) have not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev: . ${UNTAGGED} ${UNLINKED} . This means some variables in '/etc/lvm/lvm.conf' will be left or reset to their initial values: . obtain_device_list_from_udev = ${FROMUDEV} filter = ${FILTER} Template: bilibop-rules/physical_volumes_filter/with_global_filter/warning Type: error #flag:translate!:3,5 _Description: Physical Volumes Filter will not be applied. Probably due to an error in '66-bilibop.rules', the following device(s) have not been tagged 'BILIBOP' by udev, or have no usable symlink managed by udev: . ${UNTAGGED} ${UNLINKED} . This means some variables in '/etc/lvm/lvm.conf' will be left or reset to their initial values: . obtain_device_list_from_udev = ${FROMUDEV} filter = ${FILTER} global_filter = ${GLOBAL_FILTER} bilibop-0.4.20/debian/bilibop-rules.README.Debian0000644000000000000000000003154412244270117016144 0ustar bilibop-rules ------------- 1. OVERVIEW =========== This package mainly provides a udev rules file to be applied on operating systems running from external media (USB stick, USB HDD, FireWire, Flash Memory stick, eSATA HDD). Its goal is to adapt some system behaviours to its particular situation, like an organ outside of the body. Bilibop-rules is based on the bilibop-common functions and may need Linux kernel 2.6.37 or higher to work properly (this requirement is related to loop devices). The running system being hosted on a removable device, the common udev rules (91-permissions.rules) will set it as owned by the 'floppy' group, allowing any member of this group to damage it, even by mistake, with a simple 'shred DEVICE' or 'cat /dev/zero >DEVICE' command. So the bilibop rules fix the disk hosting the operating system and all its partitions as owned by the 'disk' group, as it was an internal disk. This is the main, and this is not optional. 2. OTHER UDEV RULES =================== Another feature of the bilibop udev rules is to tag all devices hosted by the same disk than the root filesystem as 'BILIBOP'. This applies to all physical devices (disk and partitions) and virtual devices (device-mapper and loop), and can be used later by the lsbilibop(8) command (see below). Internal physical block devices (i.e. disks and partitions of the drives inside the computer) are also tagged as 'INSIDEV'. This can be used later by the physical_volumes_filter helper script, and provides an easy way to customize the settings and behaviour of these internal devices (see 90-insidev.rules in the documentation of the package for examples). Additionally, if one of the 'BILIBOP' tagged devices uses the device-mapper, some of the udev symlinks to this device are updated. This is done because when a device has already been added from the initrd, the dm rules file (55-dm.rules) makes that the spurious 'add' uevent triggered by udev from the system environment don't update symlinks to the added device, leading to this situation, that a dm device can have a lot of symlinks created by udev in the initrd environment, but none is managed by udev in the system environment. So, bilibop rules restore at least /dev/mapper/dm_name as a part of the udev database, and also /dev/vg_name/lv_name if the device is a Logical Volume. 2.1. Udisks facilities ---------------------- Bilibop rules include rules to set udisks/udisks2 environment variables for the devices hosted on the same disk than the root filesystem. If one of the Gnome, KDE, Xfce or LXDE desktop environment is installed, and then Udisks is used to mount/unmount removable devices from the file manager or the desktop (which is an instance of the file manager), it is possible to hide some devices, or show them with a different name or icon than the default, or prompt the user for su/sudo password when she attempts to manage them. The udisks variables bilibop rules can set are: * For udisks (see udisks(7) manpage): UDISKS_SYSTEM_INTERNAL UDISKS_PRESENTATION_HIDE UDISKS_PRESENTATION_ICON_NAME UDISKS_PRESENTATION_NAME * For udisks2 (see udisks(8) manpage): UDISKS_SYSTEM UDISKS_IGNORE UDISKS_ICON_NAME UDISKS_NAME By default, 'BILIBOP' tagged devices are hidden and set 'system internal'. The rules: ENV{ID_DRIVE_DETACHABLE}:=0 (udisks) and ENV{UDISKS_CAN_POWER_OFF}:=0 (udisks2) are also applied to the disk, to avoid udisks detach it from its bus when a partition is unmounted, but it seems that the first one is not working as expected. Bad thing! Here the Udisks ability to detach a drive can lead to crash the system :( 2.2. lsbilibop -------------- This command can be used to list 'BILIBOP' tagged devices, and display or update some of their udev properties. It should be used each time the BILIBOP_RULES_* variables are modified in /etc/bilibop/bilibop.conf. For the case the devices have not been tagged (a simple case: override /lib/udev/rules.d/66-bilibop.rules by an empty rules file in /etc), you may use the -l option: it allows lsbilibop to not rely on the 'BILIBOP' udev tag, and makes it lists bilibop devices by using the shell library provided by bilibop-common. If BILIBOP_COMMON_BASENAME has been modified in /etc/bilibop/bilibop.conf, then running 'lsbilibop -a' or 'lsbilibop -c' is mandatory. See the bilibop.conf(5) and lsbilibop(8) manual pages and /usr/share/doc/bilibop-rules/examples/bilibop.conf for detailed information about default or custom settings. 3. DEBCONF ========== bilibop-rules is now debconf-configurable (since 0.4.12). That means it is also preconfigurable or 'preseedable'. To preconfigure bilibop-rules from a preseed file, you can include something like: bilibop-rules bilibop-rules/on-live-system boolean false bilibop-rules bilibop-rules/make_unpersistent_rules select all bilibop-rules bilibop-rules/grub_device_map_manager select dynamic bilibop-rules bilibop-rules/bilibop_rules_generator/customize boolean false bilibop-rules bilibop-rules/physical_volumes_filter/system-only boolean true Except the first one, all is based on calls of helper scripts (see the next section). If you intend to install bilibop-rules on a LiveUSB, be sure to answer 'true' to the first question (on-live-system); then other questions will not be asked and the helper scripts will not be executed at all. To reconfigure bilibop-rules, just run (as root): dpkg-reconfigure -p low bilibop-rules 4. HELPER SCRIPTS ================= bilibop-rules provides helper scripts (in /usr/share/bilibop). They are called from the maintainer scripts (postinst and prerm) but all can be run manually by the admin: each of them accepts the '--help' option, to know how to use it. If BILIBOP_COMMON_BASENAME is modified in bilibop.conf(5) (i.e. set to something else than 'bilibop' or ''), then it may be necessary to run 'bilibop_rules_generator' (if /etc/udev/rules.d/66-bilibop.rules exists) and 'grub_device_map_manager' (if /boot/grub/device.map is a symlink to /run/bilibop/grub-device.map) to reflect the new setting. Unless you know what you are doing, you should not run these scripts manually, but by running 'dpkg-reconfigure bilibop-rules' instead. 4.1. bilibop_rules_generator ---------------------------- This program generates a udev rules file /etc/udev/rules.d/66-bilibop.rules doing the same things than the file with the same name in /lib/udev/rules.d. The main difference is that rules in /lib are generic and can take more time if a lot of removable devices are plugged onto the computer. Rules in /etc use the sysfs attributes of the device hosting the system and run faster. Take care that if your device is able to be plugged on several port types (i.e. can be used both as USB and FireWire, or USB and eSATA, or MMC and USB - by using an adapter) the generated rules will work only for the interface type on which it was plugged when the rules have been generated. As example, for a 'LaCie Rugged FW/USB' external HDD: ### 4.1.a. When booted as USB device The sysfs attributes possibly managed by the script are: ATTRS{vendor}=="LaCie " ATTRS{model}=="Rugged FW/USB " ... ATTRS{manufacturer}=="LaCie" ATTRS{product}=="LaCie Rugged FW/USB" ATTRS{serial}=="00D04B9A0506232D" ### 4.1.b. When booted as FireWire device The sysfs attributes possibly managed by the script are: ATTRS{vendor}=="LaCie " ATTRS{model}=="Rugged FW/USB " ### 4.1.c. Generate the proper rules file: To generate a rules file matching sysfs attributes both for USB and FireWire usage, you have to force 'vendor' and 'model' sysfs attributes, because the default being to use 'manufacturer', 'product' and 'serial' if they exist, as they don't exist when the disk is plugged on FireWire, the rules working fine for USB will not work for FireWire. So, in that case, if the disk is plugged on the FireWire port, the result of the command without option will work for both USB and FireWire; but if the disk is connected on the USB port when you want to build the rules file, use this command: /usr/share/bilibop/bilibop_rules_generator --attribute vendor,model 4.2. grub_device_map_manager ---------------------------- This program can be used in association with BILIBOP_RULES_FAKE_DEVICE_MAP variable to set the location and contents of the GRUB device.map. The standard path of this file is /boot/grub/device.map; its content is generally written the first time 'update-grub' is run. After what it can be considered as a static file with a static content. But when the system runs from a removable drive on a different computer than during its installation, update-grub can complain and fail because the drives actually connected to the computer don't match the device map created in other conditions. To avoid that, it is possible - and highly recommended - to use either an always-up-to-date device map, or a fake one. It is the goal of this helper script, by modifying either the location of /boot/grub/device.map or its content. If device.map already is a symlink, it is replaced by a new symlink to /run/bilibop/grub-device.map; otherwise its content is modified to map the system drive as the first disk (hd0). As for 'bilibop_rules_generator', if you plan to plug the drive hosting your system on different interfaces (USB, FireWire, etc.), it is not recommended to use a static fake device map. On the other hand, the use of a symlink can imply to rerun the script if BILIBOP_COMMON_BASENAME has been modified in bilibop.conf(5). 4.3. make_unpersistent_rules ---------------------------- This program replaces some persistent and cumulative rules files in /etc/udev/rules.d by symlinks to unpersistent and always-up-to-date files in /run/udev/rules.d. This concerns: 70-persistent-cd.rules 70-persistent-net.rules For example, for 70-persistent-net.rules, each time you run your system on a different computer, with ethernet or wifi interfaces that are not already registered in this file, a new rule will be added to match the not-already-registered MAC addresses, and set new interface names corresponding to the given MAC addresses. After your system has traveled on several computers, you may have to use eth12 or wlan4, what is not very convenient. Additionally, this kind of cumulative and sorted data may allow adversaries to track your activities and make correlations. The helper script 'make_unpersistent_rules' simply avoids all that. 4.4. physical_volumes_filter ---------------------------- This script can be used to display the LVM 'filter' settings actually in use, or to modify these settings. It uses the 'BILIBOP' and 'INSIDEV' tags to find devices and their symlinks and build patterns on which the 'accept' or 'reject' behaviours will be applied. For example, if you don't want to activate Logical Volumes other than those used by your system, you can easily make that all Physical Volumes that are not used by your system are ignored and never scanned by lvm tools: /usr/share/bilibop/physical_volumes_filter --overwrite --udev --accept bilibop --reject all Or, shorter: /usr/share/bilibop/physical_volumes_filter -oua bilibop -r all This can be very useful, especially when the VG and LV names used on your system are as generic as 'vg0' and 'lv0', 'lv1', etc. One time you are satisfied of your settings, you should not modify them. Run 'update-initramfs -u' to put your lvm.conf in the initramdisk (so the other Physical Volumes will be hidden even from the initramfs, and never activated). Then, to use other LVM filters without modifying your owns, you can do (as root): mkdir /tmp/lvm2 cp /etc/lvm/lvm.conf /tmp/lvm2 export LVM_SYSTEM_DIR=/tmp/lvm2 alias pvfilter='/usr/share/bilibop/physical_volumes_filter' And then you can use 'pvfilter' and all LVM tools from the same shell: changes from pvfilter will apply to /tmp/lvm2/lvm.conf, and LVM tools will use the settings from this temporary file. If, for a reason or another, the initramdisk of your system is updated during this time, lvm.conf will be copied in it from /etc/lvm, not from /tmp/lvm2, and so your next boot will not be compromised. In this context, you can safely run: pvfilter --overwrite --blank --udev --show --reject bilibop And then you can perform operations on Physical or Logical Volumes by using LVM commands without take the risk to modify your owns by mistake. This can be automated by copying /usr/share/doc/bilibop-rules/examples/rlvm somewhere in your PATH (probably in /usr/local/sbin) and enabling its executable bit; then run 'rlvm' (restricted lvm) and work. If the 'global_filter' variable is supported (lvm2 >= 2.02.98) and if it is enabled, then the command automatically applies to this variable (instead of 'filter'), unless the --noglobal option is invoked. See also lvm.conf(5) manual page for details. 5. MORE INFO ============ See /usr/share/doc/bilibop-common/misc/* -- bilibop project Tue, 17 Apr 2012 03:03:52 +0200 -- bilibop project Sun, 24 Nov 2013 03:19:27 +0000 bilibop-0.4.20/debian/bilibop-common.examples0000644000000000000000000000006312165414757016006 0ustar usr/share/doc/bilibop-common/examples/bilibop.conf bilibop-0.4.20/debian/bilibop-rules.prerm0000644000000000000000000000173612165414757015167 0ustar #!/bin/sh set -e case "${1}" in remove) # Restore /etc/udev/rules.d/70-persistent-*.rules as regular # files: /usr/share/bilibop/make_unpersistent_rules --restore # GRUB device.map management: if the device map is a symlink, # replace it by a symlink to a temporary file in an existing # directory. This is safe (update-grub calls grub-mkdevicemap # if the device map is missing or is a broken symlink). DEVICE_MAP="/boot/grub/device.map" if [ -h "${DEVICE_MAP}" ]; then if [ -f "/etc/bilibop/bilibop.conf" ]; then . /etc/bilibop/bilibop.conf fi case "$(readlink -f ${DEVICE_MAP})" in /run/${BILIBOP_COMMON_BASENAME:-bilibop}/*|"") rm -f ${DEVICE_MAP} ln -s /run/grub-device.map ${DEVICE_MAP} ;; esac fi ;; esac #DEBHELPER# : # vim: et ts=4 sts=4 sw=4 bilibop-0.4.20/debian/bilibop-lockfs.triggers0000644000000000000000000000003212165414757016003 0ustar activate update-initramfs bilibop-0.4.20/debian/bilibop-rules.lintian-overrides0000644000000000000000000000107212251226432017454 0ustar # # The postinst script embeds the ${HELPER} variable in the template names # bilibop-rules: unused-debconf-template bilibop-rules/physical_volumes_filter/filter bilibop-rules: unused-debconf-template bilibop-rules/physical_volumes_filter/global_filter bilibop-rules: unused-debconf-template bilibop-rules/physical_volumes_filter/obtain_device_list_from_udev bilibop-rules: unused-debconf-template bilibop-rules/physical_volumes_filter/without_global_filter/warning bilibop-rules: unused-debconf-template bilibop-rules/physical_volumes_filter/with_global_filter/warning bilibop-0.4.20/debian/control0000644000000000000000000001334612244322360012735 0ustar Source: bilibop Section: admin Priority: optional Maintainer: Yann Amar Build-Depends: debhelper (>= 9), po-debconf Standards-Version: 3.9.5 Homepage: https://un.poivron.org/~quidame/wiki/bilibop Vcs-Git: http://poivron.org/~quidame/git/bilibop.git Package: bilibop Section: metapackages Priority: extra Architecture: linux-any Depends: bilibop-lockfs (= ${binary:Version}), bilibop-rules (= ${binary:Version}), ${misc:Depends} Description: run Debian GNU/Linux from external media - metapackage ${Description} . The installation of this metapackage will install other BILIBOP packages as dependencies. You should not install it, unless your system is writable and runs from an external device. . ${Requirement} Package: bilibop-common Architecture: linux-any Depends: udev, ${misc:Depends} Suggests: aufs-tools, bilibop-lockfs, bilibop-device-policy, cryptsetup, dmsetup, lvm2 Description: shell functions for bilibop scripts ${Description} . This package provides shell functions usable by other bilibop scripts on the running system or into the initramfs environment. These functions use /dev, /proc and /sys databases to output the drive name or the partition hosting the running system, and are fully usable by any unprivileged user or application. Dm-crypt, LVM, loop devices and aufs root filesystems (and any combination of them) are supported. A 'drivemap' command is also provided, to show block devices in a tree of dependencies. . ${Requirement} Package: bilibop-lockfs Architecture: linux-any Depends: bilibop-common (= ${binary:Version}), initramfs-tools, initscripts (>= 2.88dsf-13.3), ${misc:Depends} Recommends: cryptsetup Suggests: aufs-tools, bilibop-device-policy, gnome-icon-theme, libnotify-bin, plymouth Description: lock filesystems and write changes into RAM ${Description} . If the lockfs feature is enabled (in a configuration file, in the boot commandline or by a heuristic), nothing will be written on the filesystems listed in /etc/fstab, except for those that have been whitelisted, or for the encrypted swap devices. More, bilibop-lockfs now is able to detect if the drive has been locked by a physical switch, and then overrides its own settings to unconditionally apply a 'hard' policy. . The root filesystem is locked (set readonly, using aufs) by an initramfs script which also modifies the temporary fstab to prepare other filesystems to be locked later by a mount helper script. . bilibop-lockfs provides the following features: * whitelist based policy: filesystems on which you want to allow persistent changes must be explicitly listed in a configuration file. * swap devices policy: they can be used 'as is', noauto, only if encrypted, only if encrypted with a random key, or not used at all. * not only filesystems are set read-only, but also block devices: this forbids changes of the partition table, boot sectors, LUKS headers and LVM metadata. * plymouth messages to know at boot time if bilibop-lockfs is enabled or not, or if an error occured. * desktop notifications at startup about filesystems status, to inform the user that volatile or persistent changes are allowed or not, and where. . This package can be used as an alternative to fsprotect or overlayroot, especially for writable operating systems embedded on a USB stick; but it may also be installed on public or personal computers, for daily use, kiosks, testing purposes, or as a tool in anti-forensics strategies. . ${Requirement} Package: bilibop-rules Architecture: linux-any Depends: bilibop-common (= ${binary:Version}), initramfs-tools, initscripts (>= 2.88dsf-13.3), ${misc:Depends} Recommends: grub-common, lvm2, udisks | udisks2 Suggests: bilibop-lockfs, cryptsetup, grub-coreboot | grub-efi-amd64 | grub-efi-ia32 | grub-ieee1275 | grub-pc, pmount, policykit-1 Conflicts: bilibop-udev Provides: bilibop-device-policy Description: device management rules for OS running from external media ${Description} . This package provides a udev rules file to manage the external drive hosting the running system. Its main goal is to forbid low-level write access on this drive and its partitions by any unprivileged user or application, but some other convenient and optional rules have been added for desktop-level management of the system disk and partitions (need udisks), as well as the internal disks of the computer. The 'lsbilibop' command allows the admin to update udev properties of the devices after the configuration file has been modified. . To ease device management, bilibop-rules also provides helper scripts to: * build custom bilibop udev rules running faster than the generic ones * make some persistent and cumulative udev rules files unpersistent * use either a fake or an always-up-to-date grub device map * filter Physical Volumes, to activate only those needed by the system . This package is not designed to be used on internal disks. It works only for OS installed on removable and writable media, including LiveUSB systems. See also the bilibop-udev package. . ${Requirement} Package: bilibop-udev Architecture: linux-any Depends: bilibop-common (= ${binary:Version}), ${misc:Depends} Suggests: bilibop-lockfs Conflicts: bilibop-rules Provides: bilibop-device-policy Description: minimal udev rule for Debian GNU/Linux running from external media ${Description} . This package provides a udev rules file to manage the external drive hosting the running system. Its goal is to forbid low-level write access on this drive and its partitions by any unprivileged user or application. . This package is not designed to be used on internal disks. It works only for OS installed on removable and writable media, especially LiveUSB systems. See also the bilibop-rules package. . ${Requirement} bilibop-0.4.20/lib/0000755000000000000000000000000012165414757010665 5ustar bilibop-0.4.20/lib/bilibop/0000755000000000000000000000000012246226252012274 5ustar bilibop-0.4.20/lib/bilibop/lockfs_mount_helper0000755000000000000000000002212012236272332016260 0ustar #!/bin/sh set -e # /lib/bilibop/lockfs_mount_helper {{{ # Mount helper script for 'lockfs' filesystem type entries in /etc/fstab. # This script cannot be run manually. The expected way to run it is the # following: # 1. Enable bilibop-lockfs: # * set BILIBOP_LOCKFS to "true" in /etc/bilibop/bilibop.conf or # * append 'lockfs' parameter in the boot commandline # 2. One time '/' is an aufs mountpoint, the temporary /etc/fstab is # modified to replace filesystem types (third field) of some entries # by 'lockfs' (options are modified too to remember the original # fstype). # 3. /sbin/mount.lockfs is created if it don't already exist. This can be a # symlink to /lib/bilibop/lockfs_mount_helper if this helper is executable, # or a copy of the helper (followed by chmod +x) if the helper is not # executable. If the helper is missing, /sbin/mount.lockfs will be a # poor fallback to call mount normally. # 4. /etc/fstab is parsed by 'mount -a', and then mount calls mount.lockfs # with the proper arguments when a 'lockfs' fstype is encountered. # }}} PATH="/sbin:/bin" usage() { cat < mount_fallback $@" >&2 local opt options= fstype= for opt in $(IFS=','; echo ${4}); do case "${opt}" in fstype=*) eval "${opt}" ;; *) options="${options:+${options},}${opt}" ;; esac done sed -i "s;^\s*\([^#][^ ]\+\s\+${2}\s\+\)lockfs\s.*;\1${fstype:-auto} ${options:-defaults} 0 0;" /etc/fstab mount ${1} ${2} ${fstype:+-t ${fstype}} ${options:+-o ${options}} } # ===========================================================================}}} # Works only if the parent process is /bin/mount: if [ "$(readlink -f /proc/${PPID}/exe)" != "/bin/mount" ]; then usage >&2 exit 3 fi . /lib/bilibop/common.sh get_bilibop_variables get_udev_root # Works only if the root filesystem is already managed by bilibop-lockfs: if is_aufs_mountpoint -q / && [ -f "${BILIBOP_RUNDIR}/lock" ]; then LOCKFS="true" robr="$(aufs_readonly_branch /)" rwbr="$(aufs_writable_branch /)" else echo "${0##*/}: bilibop-lockfs is disabled." >&2 exit 1 fi # Some configurations can have been overridden from the boot commandline: for param in $(cat /proc/cmdline); do case "${param}" in lockfs=*) for policy in $(IFS=','; echo ${param#lockfs=}); do case "${policy}" in default) BILIBOP_LOCKFS_POLICY="" BILIBOP_LOCKFS_WHITELIST="" BILIBOP_LOCKFS_SIZE="" ;; hard|soft) BILIBOP_LOCKFS_POLICY="${policy}" ;; all) BILIBOP_LOCKFS_WHITELIST="" ;; -/*) BILIBOP_LOCKFS_WHITELIST="${BILIBOP_LOCKFS_WHITELIST:+${BILIBOP_LOCKFS_WHITELIST} }${policy#-}" ;; esac done ;; esac done # But if there is a physical lock, it takes precedence: if [ -f "${BILIBOP_RUNDIR}/plocked" ]; then . ${BILIBOP_RUNDIR}/plocked fi # the mount command always provides arguments to the helper scripts in this # order: FILESYSTEM MOUNTPOINT -o OPTIONS. We take advantage of this fixed # format. if [ -b "${1}" ]; then device="${1}" # Check if this device is whitelisted: if [ -n "${BILIBOP_LOCKFS_WHITELIST}" ]; then # Query ID_FS_* udev environment variables of the device: eval $(query_udev_envvar $(readlink -f ${device})) if [ -z "${ID_FS_USAGE}" ]; then eval $(blkid -o udev -p ${device}) fi [ "${ID_FS_USAGE}" = "filesystem" -o "${ID_FS_USAGE}" = "crypto" ] && for skip in ${BILIBOP_LOCKFS_WHITELIST}; do case "${skip}" in UUID=${ID_FS_UUID}|LABEL=${ID_FS_LABEL}|TYPE=${ID_FS_TYPE}) LOCKFS="false" break ;; esac done fi elif [ -f "${1}" ]; then lofile="${1}" LOFILE="${robr}${lofile}" else # There is no block device to mount (here 'block device' includes # files associated to a loop device). Bind mounts and remote fs # should have been discarded by the bilibop-lockfs script in the # initramfs... LOCKFS="false" fi # If bilibop-lockfs is not enabled (the device is whitelisted, or we don't # know how to manage it), rewrite the fstab entry and do a normal mount: if [ "${LOCKFS}" != "true" ]; then mount_fallback "${@}" exit $? fi mntpnt="${2}" options="${4}" # Parse mount options. Two cases: # 1. the block device will be mounted with the same options than in the # original fstab entry, plus 'ro'. # 2. the tmpfs will be mounted with only some options of the previous: # ro, nodev, noexec, nosuid, if they exist. for opt in $(IFS=','; echo ${options}); do # 1. Options for the readonly branch: case "${opt}" in fstype=*) eval "${opt}" ;; rw) ;; *) robr_opts="${robr_opts:+${robr_opts},}${opt}" ;; esac # 2. Options for the writable branch: case "${opt}" in ro|nodev|noexec|nosuid) rwbr_opts="${rwbr_opts:+${rwbr_opts},}${opt}" ;; *) ;; esac done # Each readonly branch is mounted under the subtree of the main readonly # branch (/aufs/ro) and each writable branch is mounted under the subtree # of the main writable branch (/aufs/rw): robr="${robr}${mntpnt}" rwbr="${rwbr}${mntpnt}" # If the policy is not explicitly set to 'soft', set the block device as # readonly, and use 'rr' aufs option to improve performances: if [ "${BILIBOP_LOCKFS_POLICY}" = "soft" ]; then RO="ro" else RO="rr" [ -b "${device}" ] && blockdev --setro ${device} fi # Try to mount the readonly branch. In case of failure, undo what has been # done before, do a normal mount, rewrite the fstab entry to be consistent # with that, and exit: if ! mount ${fstype:+-t ${fstype}} -o ${robr_opts:+${robr_opts},}ro ${device:-${LOFILE}} ${robr}; then [ "${RO}" = "rr" ] && [ -b "${device}" ] && blockdev --setrw "${device}" mount_fallback "${@}" exit 3 fi # The amount of RAM to allow to this mountpoint: SIZE= for size in ${BILIBOP_LOCKFS_SIZE}; do case "${size}" in ${mntpnt}=[1-9]*) SIZE="$(printf "${size#${mntpnt}=}" | grep '^[1-9][0-9]*[KkMmGg%]\?$')" break ;; esac done # Create the mountpoint (it should not exist before this step): if [ ! -d "${rwbr}" ]; then mkdir -p ${rwbr} grep -q "^${mntpnt}$" ${BILIBOP_RUNDIR}/lock || echo "${mntpnt}" >>${BILIBOP_RUNDIR}/lock fi # Try to mount the writable branch, and in case of failure, undo what # has been done before, etc. if ! mount -t tmpfs -o ${rwbr_opts:+${rwbr_opts},}${SIZE:+size=${SIZE},}mode=0755 tmpfs ${rwbr}; then umount ${robr} [ "${RO}" = "rr" ] && [ -b "${device}" ] && blockdev --setrw "${device}" mount_fallback "${@}" exit 3 fi # Fix permissions and ownership of the writable branch (and catch the values; # they will be reused later): mod="$(LC_ALL=C chmod -v --reference="${robr}" "${rwbr}" | sed 's;.* \([0-7]\{4\}\) (.\+)$;\1;')" own="$(LC_ALL=C chown -v --reference="${robr}" "${rwbr}" | sed 's;.* \([^:]\+:[^:]\+\)$;\1;')" owner="${own%:*}" if [ "${owner}" != "root" ]; then uid="$(grep "^${owner}:" /etc/passwd | sed 's;^\([^:]*:\)\{2\}\([^:]\+\):.*;\2;')" fi group="${own#*:}" if [ "${group}" != "root" ]; then gid="$(grep "^${group}:" /etc/group | sed 's;^\([^:]*:\)\{2\}\([^:]\+\):.*;\2;')" fi # Try to mount the aufs now. In case of failure, undo what has been done # before, etc. if ! mount -t aufs -o br:${rwbr}=rw:${robr}=${RO} none ${mntpnt}; then umount ${robr} umount ${rwbr} [ "${RO}" = "rr" ] && [ -b "${device}" ] && blockdev --setrw "${device}" mount_fallback "${@}" exit 3 fi # All is OK. So we can rewrite fstab entry to reflect the real mounts. This # can be important for clean unmounts at shutdown (for the case a filesystem # is remounted rw during a session). robr_line="${device:-${LOFILE}} ${robr} ${fstype:-auto} ${robr_opts:+${robr_opts},}ro 0 0" rwbr_line="tmpfs ${rwbr} tmpfs ${rwbr_opts:+${rwbr_opts},}${SIZE:+size=${SIZE},}${uid:+uid=${uid},}${gid:+gid=${gid},}mode=${mod} 0 0" aufs_line="none ${mntpnt} aufs br:${rwbr}=rw:${robr}=${RO} 0 0" sed -i "s;^\s*[^#][^ ]\+\s\+${mntpnt}\s\+lockfs\s.*;${robr_line}\n${rwbr_line}\n${aufs_line};" /etc/fstab # vim: et sts=4 sw=4 ts=4 bilibop-0.4.20/lib/bilibop/common.sh0000644000000000000000000010275212244264162014127 0ustar # /lib/bilibop/common.sh # # Copyright (C) 2011-2013, Bilibop Project # License GPL-3.0+ # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This package is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Or write to the Free Software Foundation, Inc., 59 Temple Place, # Suite 330, Boston, MA 02111-1307 USA. # # On Debian systems, the complete text of the GNU General # Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". # For tests and debug purposes, set it to 'true': [ "${DEBUG}" = "true" ] || DEBUG="false" # README {{{ # #> We assume that the commands in /usr/bin are not available (awk, cut, tail, # and others), and then are replaced by grep and sed heuristics. #> We assume, even if it is not often, that /etc/udev/udev.conf can have been # modified and that 'udev_root' can be something else than '/dev'. #> dm-crypt/LUKS, LVM, loopback and aufs root filesystems (and combinations # of them) are now fully supported. #> Functions that just output informations about devices/filesystems can be # called by any unprivileged user. # Shell compatibility ======================================================={{{ # The bilibop-common shell functions use a lot of variable subtitutions and # builtin commands. Some of them can not work with some shells. The functions # have been tested: # 1. with a lot of multilayer settings (combinations of LVM, LUKS, loop and # aufs) # 2. by running the following script (where ${SHELL} is replaced by /bin/dash, # /bin/bash, /bin/sash -f, /bin/posh, /bin/busybox sh, /bin/ksh, /bin/zsh, # or /usr/lib/klibc/bin/sh.shared, etc.): # ---------- # #!${SHELL} # PATH=/bin ; . /lib/bilibop/common.sh ; get_udev_root ; physical_hard_disk # ---------- # 3. by running the previous script with /bin/sh as ${SHELL} and linking # /bin/sh successively to dash, bash, sash, posh, busybox, ksh, zsh, or # /usr/lib/klibc/bin/sh.shared, etc. # # This has been tested and works with: # - /bin/bash # - /bin/dash # - /bin/busybox sh # - /usr/lib/klibc/bin/sh.shared # which are the default available shells on a Debian system (bash, dash) and # its initramdisk built with initramfs-tools (busybox sh, klibc sh.shared). # # And also works with: # - /bin/mksh # - /bin/mksh-static # - /bin/bash-static # - /bin/posh # - /bin/zsh4 # # This has been tested and works under certain conditions with: # - /bin/sash Works when the script begins with #!/bin/sash -f, but not # when it begins with #!/bin/sh and /bin/sh is linked to # sash. # # This has been tested and don't work with: # - /bin/pdksh (this shell has no 'printf' builtin) # - /bin/ksh93 (this shell has no 'local' builtin) # - /usr/bin/yash (this shell has no 'local' builtin, and '[' is not # implemented when the shell is called as 'sh'; and in all # cases, yash being in /usr/bin, it should be considered as # unusable for bilibop purposes) # # Because the 'echo' builtin command is not samely implemented in all shells # (especially the '-e' option is implicit in dash's echo), we never use this # command with options, and never use escaped characters (\t, \n, \c...) in # the string to echo. # }}} # Needed external commands: ================================================={{{ # Here is a table of external GNU commands used in the following functions. # Some of them having different options and behaviors when they are provided # by 'busybox' or 'klibc', we note here which are working or not in the context # of these functions (this is a base to write an initramfs-tools hook). 'YES' # means it works, 'NO' means it don't, and '-' means it is not provided. # # GNU tools busybox builtins klibc commands # ------------------------------------------------------------------------------ # /bin/cat YES YES # /bin/df YES - # /bin/grep YES - # /bin/readlink YES NO # /bin/sed YES - # /bin/udevadm - - # # Now we can say: # - there is no need to add 'cat'. # - 'udevadm' must be added (we assume udev provides a hook to do that). # - if 'busybox' is not added into the initramdisk, we have to use the 'df', # 'grep', 'readlink' and 'sed' GNU commands. # So, if busybox is not available into the initramdisk: # * add 'df', 'grep' and 'sed' # * replace the klibc's 'readlink' by the GNU one # # }}} # Needed files: ============================================================={{{ # To run correctly, the bilibop functions need to read informations into some # virtual files or directory, especially: # # /dev/* (or ${udev_root}/*) # /dev/block/* # /proc/cmdline # /proc/filesystems # /proc/mounts # /proc/partitions # /sys/block/sd?/removable # /sys/block/dm-?/slaves # /sys/block/loop?*/loop/backing_file # /sys/class/block/*/dev # /sys/fs/aufs/si_*/br? # # So we assume that /dev, /proc and /sys are mounted. If you have to use this # file from into a chrooted environment, you have to do something like that: # # # mount DEVICE /mnt # # mount -t sysfs -o nodev,noexec,nosuid sysfs /mnt/sys # # mount -t proc -o nodev,noexec,nosuid proc /mnt/proc # # mount -t devtmpfs -o mode=0755 udev /mnt/dev # and optionally: # # mount -t tmpfs -o nosuid,nodev tmpfs /mnt/tmp # # mount -t tmpfs -o nosuid,size=10%,mode=0755 tmpfs /mnt/run # # mkdir -p /mnt/dev/pts /mnt/run/lock /mnt/run/shm # # mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /mnt/dev/pts # # mount -t tmpfs -o noexec,nodev,nosuid,size=10% tmpfs /mnt/run/lock # # mount -t tmpfs -o nosuid,nodev tmpfs /mnt/run/shm # and finally: # # chroot /mnt # }}} # }}} # Udev compatibility stuff =================================================={{{ # What we want is to be able to use udevadm even if it not included in the # PATH. Obviously, we assume that /bin is ever in PATH, so if udevadm is not # in the PATH, it means /bin/udevadm does not exist; then /sbin/udevadm is # the fallback. This should work for any version of udev, and does not need # to silently modify the PATH of the user sourcing this file. The resulting # udevadm() function does not conflict with the udevadm command, since the # command itself is not available in PATH. # NOTE: until udev has been merged to systemd, udevadm was /sbin/udevadm; # from version 183 to 204, it seems that udevadm was /bin/udevadm, but with # no symlink in /sbin to ensure backward compatibility; this has been done # in 204-1. has_udevadm="false" for d in $(IFS=':'; echo ${PATH}); do if [ -x "${d}/udevadm" ]; then has_udevadm="true" break fi done [ "${has_udevadm}" = "true" ] || udevadm() { /sbin/udevadm "$@"; } unset has_udevadm d # ===========================================================================}}} # bilibop_common_functions() ================================================{{{ # What we want is: output a list of useful bilibop functions, to use them # manually. bilibop_common_functions() { get_udev_root cat >&2 < aufs_mountpoints aufs_readonly_branch aufs_writable_branch backing_file_from_loop device_nodes device_node_from_major_minor device_id_of_file find_mountpoint get_biliop_variables is_aufs_mountpoint [-q] is_removable mapper_name_from_dm_node major_minor_from_device_node physical_hard_disk [FILE|DIR|DEVICE] query_sysfs_attrs query_udev_envvar underlying_device underlying_device_from_aufs underlying_device_from_device underlying_device_from_dm underlying_device_from_file underlying_device_from_loop underlying_partition EOF } # ===========================================================================}}} ### INTERNAL FUNCTIONS ### ### The following functions can be called by others in this file, except the ### last one, 'physical_hard_disk'. ### Here is the main function's dependency tree {{{ # # physical_hard_disk # | # |__underlying_partition # | # |__underlying_device # | | # | |__underlying_device_from_device # | | | # | | |__underlying_device_from_dm # | | |__underlying_device_from_loop # | | | # | | |__backing_file_from_loop # | | |__device_id_of_file # | | |__device_node_from_major_minor # | | # | |__underlying_device_from_file # | | # | |__device_node_from_major_minor # | |__device_id_of_file # | |__find_mountpoint # | | | # | | |__is_aufs_mountpoint # | | | # | | |__canonical # | | # | |__underlying_device_from_aufs # | | # | |__aufs_dirs # | | | # | | |__aufs_dirs_if_brs0 # | | | | # | | | |__is_aufs_mountpoint # | | | | # | | | |_canonical # | | | # | | |__aufs_si_directory # | | | # | | |__is_aufs_mountpoint # | | | # | | |__canonical # | | # | |__device_id_of_file # | |__device_node_from_major_minor # | # |__underlying_device_from_device # | # |__underlying_device_from_dm # |__underlying_device_from_loop # | # |__backing_file_from_loop # |__device_id_of_file # |__device_node_from_major_minor # # }}} # canonical() ==============================================================={{{ # What we want is: remove trailing slash of a directory name (to match with the # /proc/mounts mountpoints, between others). Another solution? Maybe: # local arg="${1%/}"; echo "${arg:-/}" # But this is a little bit different: if $1 is empty, the output is "/". Try # again. canonical() { ${DEBUG} && echo "> canonical $@" >&2 case "${1}" in /) echo "/" ;; *) echo "${1%/}" ;; esac } # ===========================================================================}}} # find_mountpoint() ========================================================={{{ # What we want is: output the mountpoint of the filesystem the file or directory # given as argument depends is onto. Because it outputs the last field of the # last line of the 'df' output, df don't need the '-P' (POSIX format) option, # and so we are sure it works with all df commands or builtins (busybox). find_mountpoint() { ${DEBUG} && echo "> find_mountpoint $@" >&2 df "${1}" | sed -n '$p' | sed -e 's,.* \([^[:blank:]]\+\)$,\1,' } # ===========================================================================}}} # device_node_from_major_minor() ============================================{{{ # What we want is: translate the 'major:minor' given as argument to the # corresponding device node. What is the best way? device_node_from_major_minor() { ${DEBUG} && echo "> device_node_from_major_minor $@" >&2 readlink -f ${udev_root}/block/${1} } # ===========================================================================}}} # device_id_of_file() ======================================================={{{ # What we want is: output the major:minor of the filesystem containing the # file or directory given as argument. device_id_of_file() { ${DEBUG} && echo "> device_id_of_file $@" >&2 udevadm info --device-id-of-file "${1}" } # ===========================================================================}}} # is_aufs_mountpoint() ======================================================{{{ # What we want is: check if a directory given as argument is an aufs mountpoint # and print the corresponding line from /proc/mounts. Accepts the '-q' (quiet) # option: print nothing, but return a 0/1 exit value. is_aufs_mountpoint() { ${DEBUG} && echo "> is_aufs_mountpoint $@" >&2 local opt= case "${1}" in -*) opt="${1}" shift ;; esac grep ${opt} "^[^ ]\+ $(canonical ${1}) aufs " /proc/mounts } # ===========================================================================}}} # aufs_si_directory() ======================================================={{{ # What we want is: output the sysfs directory where informations can be found # about an aufs mount point given as argument. aufs_si_directory() { ${DEBUG} && echo "> aufs_si_directory $@" >&2 is_aufs_mountpoint "${1}" | sed -e 's|.*si=\([^ ,]\+\).*|/sys/fs/aufs/si_\1|' } # ===========================================================================}}} # aufs_dirs_if_brs0() ======================================================={{{ # What we want is: output all the underlying mountpoints (called branches) an # aufs filesystem given as argument is made of, by parsing /proc/mounts. This # needs aufs module loaded with brs=0 parameter (not the default). aufs_dirs_if_brs0() { ${DEBUG} && echo "> aufs_dirs_if_brs0 $@" >&2 is_aufs_mountpoint "${1}" | sed -e 's@.*[ ,]br:\([^ ,]\+\).*@\1@ ; s@:@ @g' } # ===========================================================================}}} # aufs_dirs() ==============================================================={{{ # What we want is: output all the underlying mountpoints (called branches) an # aufs filesystem given as argument is made of. aufs_dirs() { ${DEBUG} && echo "> aufs_dirs $@" >&2 local br case "$(cat /sys/module/aufs/parameters/brs)" in 0) for br in $(aufs_dirs_if_brs0 "${1}") do echo ${br} done ;; *) for br in $(aufs_si_directory "${1}")/br* do cat ${br} done ;; esac } # ===========================================================================}}} # backing_file_from_loop() =================================================={{{ # What we want is: output the backing file of a loopback device given as # argument. This requires kernel >= 2.6.37. Great thing! Before that, it was # necessary to call losetup (as root) and parse its output, with possible # failures: the filename is truncated (currently 64 characters) and even, # depending on the version of the command or its implementation, it can be # relative to the directory from where the command was called to setup the # device... an other solution is to parse the output of losetup and use # the major:minor of the device and the inode number of the file to find it. # Pfff! See now: backing_file_from_loop() { ${DEBUG} && echo "> backing_file_from_loop $@" >&2 [ -f /sys/block/${1##*/}/loop/backing_file ] && cat /sys/block/${1##*/}/loop/backing_file } # ===========================================================================}}} # underlying_device_from_loop() ============================================={{{ # What we want is: output the underlying device of a loop device given as # argument. If the loop device is associated to a block device, then output it; # otherwise, find the device from its major:minor numbers. This function has # been entirely rewritten to not depend on losetup, but requires kernel version # >= 2.6.37. underlying_device_from_loop() { ${DEBUG} && echo "> underlying_device_from_loop $@" >&2 local lofile="$(backing_file_from_loop ${1})" || return 1 if [ -b "${lofile}" ] then readlink -f "${lofile}" elif [ -e "${lofile}" ] then device_node_from_major_minor $(device_id_of_file "${lofile}") elif [ -r "${1}" ] then # For some cases, when the loop device is set from inside the # initramfs (Live Systems) local dev="$(/sbin/losetup ${1} | sed "s;^${1}: \[\([0-9a-f]\{4\}\)\].*;\1;")" device_node_from_major_minor "$((0x${dev}/256)):$((0x${dev}%256))" else return 1 fi } # ===========================================================================}}} # underlying_device_from_aufs() ============================================={{{ # What we want is: output the underlying device of the (generally) readonly # branch of an aufs mountpoint given as argument. We assume that there is only # and at least one physical device used to build the aufs (but the directory # is not necessarly the mountpoint of this device), other branch(s) being # virtual fs. underlying_device_from_aufs() { ${DEBUG} && echo "> underlying_device_from_aufs $@" >&2 local dir dev for dir in $(aufs_dirs "${1}") do dev="$(device_id_of_file ${dir%\=r?*})" case "${dev}" in 0:*) continue ;; *) dev="$(device_node_from_major_minor "${dev}")" ;; esac if [ -b "${dev}" ] then readlink -f "${dev}" return 0 fi done return 1 } # ===========================================================================}}} # underlying_device_from_dm() ==============================================={{{ # What we want is: output the underlying device of a dm device given as # argument. This function has been rewritten to not depend on dmsetup, grep and # sed. A loop is now used to output the final underlying device, not just the # parent device (for example for LUKS/LVM combinations). The output will be of # the form /dev/sdXN or /dev/loopN. As for the aufs, we assume that the scheme # is very simple, and there is only and at least one slave device per dm device # (this is the case for bilibop: because it runs from an external media, RAID # is not used as the root filesystem, and if LVM is used, this is to create # several LV in a VG, not several PV in a VG). underlying_device_from_dm() { ${DEBUG} && echo "> underlying_device_from_dm $@" >&2 local slave dev="$(readlink -f "${1}")" dev="${dev##*/}" while true do case "${dev}" in dm-*) #slave="$(parent_device_from_dm ${udev_root}/${dev})" slave="$(echo /sys/block/${dev}/slaves/*)" [ "${slave}" = "/sys/block/${dev}/slaves/*" ] && return 3 dev="${slave##*/}" ;; *) echo "${udev_root}/${dev}" return 0 ;; esac done } # ===========================================================================}}} # underlying_device_from_device() ==========================================={{{ # What we want is: find the underlying device of a device (dm-crypt, loop or # LVM) given as argument. This function can be included into a loop to finally # output a device name that has no parent/underlying device, i.e a partition. underlying_device_from_device() { ${DEBUG} && echo "> underlying_device_from_device $@" >&2 local dev="${1}" case "${dev}" in ${udev_root}/dm-[0-9]*) underlying_device_from_dm "${dev}" ;; ${udev_root}/loop[0-9]*) underlying_device_from_loop "${dev}" ;; ${udev_root}/*) readlink -f "${dev}" ;; *) return 1 esac } # ===========================================================================}}} # underlying_device_from_file() ============================================={{{ # What we want is: output the filesystem containing a file given as argument, # even if the filesystem is mounted as the lower branch of an aufs mountpoint. underlying_device_from_file() { ${DEBUG} && echo "> underlying_device_from_file $@" >&2 local id="$(device_id_of_file "${1}")" dev mntpnt if [ "${id%:*}" = "0" ] then # 0 is the major number of all ramfs (tmpfs, devtmpfs, sysfs, proc # and others). If the file is hosted on a such virtual filesystem, # we encounter an alternative: the file is on aufs and we continue # after a jump on the real block device under the aufs, or we stop # here. mntpnt="$(find_mountpoint "${1}")" if is_aufs_mountpoint -q "${mntpnt}" then dev="$(underlying_device_from_aufs "${mntpnt}")" else return 1 fi else dev="$(device_node_from_major_minor "${id}")" fi [ -b "${dev}" ] && readlink -f "${dev}" } # ===========================================================================}}} # underlying_device() ======================================================={{{ # What we want is: output the underlying device node of a file/directory or # block device given as argument. All is explained in the previous functions. # The question here is to know what to do with the symlinks: follow them, or # not? For a lot of them, there is no importance, but for something as /etc/mtab # linked to /proc/mounts, this makes a big difference. For the moment, we have # choosen to not follow them... Maybe we have to clean some other function in # the same sense. # NEWS: the 'find_mountpoint' function uses df which operates on the pointed # file, not on the symlink. underlying_device() { ${DEBUG} && echo "> underlying_device $@" >&2 local dev target="${1}" if [ -b "${target}" ] then dev="$(underlying_device_from_device "${target}")" elif [ -f "${target}" -o -d "${target}" ] then dev="$(underlying_device_from_file "${target}")" fi if [ -b "${dev}" ] then echo "${dev}" else return 3 fi } # ===========================================================================}}} # underlying_partition() ===================================================={{{ # What we want is: output the partition which the device, or directory, or # file given as argument is on. With this simple loop, supports combinations # of mapped devices (LVM, dm-crypt), loopback devices and aufs filesystems. underlying_partition() { ${DEBUG} && echo "> underlying_partition $@" >&2 local dev="$(underlying_device "${1}")" local old new="${dev}" while true do case "${new}" in "") return 1 ;; "${udev_root}"/sd[a-z]*) echo "${new}" return 0 ;; "${old}") echo "${new}" return 0 ;; esac old="${new}" new="$(underlying_device_from_device "${old}")" done } # ===========================================================================}}} # physical_hard_disk() ======================================================{{{ # What we want is: output the physical hard disk node of a device, file or # directory given as argument. The main usage is: 'physical_hard_disk /', or # just 'physical_hard_disk'. The thing to do here is to find the whole disk # name after 'underlying_partition' has given the partition name. physical_hard_disk() { ${DEBUG} && echo "> physical_hard_disk $@" >&2 [ -z "${1}" ] && eval set -- / local blk dev disk= if [ -b "${1}" -a -e "/sys/class/block/${1##*/}" -a ! -e "/sys/devices/virtual/block/${1##*/}" ] then dev="${1}" else dev="$(underlying_partition "${1}")" fi for blk in /sys/block/* do blk="${blk##*/}" case "${blk}" in dm-*|loop*|ram*) continue ;; esac case "${dev}" in ${udev_root}/${blk}*) disk="${udev_root}/${blk}" break ;; esac done if [ -b "${disk}" ] then echo "${disk}" elif [ "${1}" = "/" ] then # Maybe you have forgotten to get/set the udev_root variable before # to run this function ? Run 'get_udev_root' and retry return 127 else # If the argument is a file/directory in a virtual fs, there is no # way to find its hosting block device name. It don't exist. This # seems simple, but how to manage other cases? return 3 fi } # ===========================================================================}}} ### OTHER FUNCTIONS ### ### only called from other scripts (from bilibop-lockfs and bilibop-rules, and ### maybe others). # unknown_argument() ========================================================{{{ # A general error message for helper scripts. unknown_argument() { ${DEBUG} && echo "> unknown_argument $@" >&2 cat < required_argument $@" >&2 cat < get_udev_root $@" >&2 if [ -f /etc/udev/udev.conf ] then . /etc/udev/udev.conf fi udev_root="${udev_root%/}" udev_root="${udev_root:-/dev}" } # ===========================================================================}}} # get_bilibop_variables() ==================================================={{{ # What we want is: get bilibop variables from its configuration file if it # exists, and set/overwrite the most important of them (BILIBOP_RUNDIR). If not # existing, BILIBOP_COMMON_BASENAME is set to 'bilibop'. # This function can be called from into the running system, or from into the # initramdisk. In this case, the mountpoint of the future root filesystem # (${rootmnt}) must be given as argument. get_bilibop_variables() { ${DEBUG} && echo "> get_bilibop_variables $@" >&2 if [ -f ${1}/etc/bilibop/bilibop.conf ] then . ${1}/etc/bilibop/bilibop.conf fi BILIBOP_RUNDIR="/run/${BILIBOP_COMMON_BASENAME:=bilibop}" } # ===========================================================================}}} # get_aufs_variables() ======================================================{{{ # What we want is: set the default aufs variables (used by the aufs tools) and # override them by the admin settings, just as do the aufs tools. get_aufs_variables() { ${DEBUG} && echo "> get_aufs_variables $@" >&2 AUFS_SUPER_MAGIC="1635083891" AUFS_SUPER_MAGIC_HEX="0x61756673" AUFS_WH_PFX=".wh." AUFS_WH_PFX2=".wh..wh." AUFS_WH_BASE=".wh..wh.aufs" AUFS_WH_DIROPQ=".wh..wh..opq" AUFS_WH_PLINKDIR=".wh..wh.plnk" AUFS_WH_ORPHDIR=".wh..wh.orph" if [ -f /etc/default/aufs ] then . /etc/default/aufs fi } # ===========================================================================}}} # aufs_mountpoints() ========================================================{{{ # What we want is: output the mountpoints of all aufs filesystems. aufs_mountpoints() { ${DEBUG} && echo "> aufs_mountpoints $@" >&2 grep '^[^ ]\+ /[^ ]* aufs .*[, ]si=[0-9a-f]\+[, ].*' /proc/mounts | sed -e 's,^[^ ]\+ \(/[^ ]*\) aufs .*,\1,' } # ===========================================================================}}} # aufs_readonly_branch() ===================================================={{{ # What we want is: output the lower (readonly) branch of an aufs mount point # given as argument. aufs_readonly_branch() { ${DEBUG} && echo "> aufs_readonly_branch $@" >&2 local br case "$(cat /sys/module/aufs/parameters/brs)" in 0) for br in $(aufs_dirs_if_brs0 "${1}") do echo ${br} | grep -q '=r[or]\(+wh\)\?$' && echo ${br%\=r*} done ;; *) for br in $(aufs_si_directory "${1}")/br* do grep '=r[or]\(+wh\)\?$' ${br} | sed -e 's,=r[or].*,,' done ;; esac } # ===========================================================================}}} # aufs_writable_branch() ===================================================={{{ # What we want is: output the upper (read-write) branch of an aufs mount point # given as argument. aufs_writable_branch() { ${DEBUG} && echo "> aufs_writable_branch $@" >&2 local br case "$(cat /sys/module/aufs/parameters/brs)" in 0) for br in $(aufs_dirs_if_brs0 "${1}") do echo ${br} | grep -q '=rw\(+nolwh\)\?$' && echo ${br%\=rw*} done ;; *) for br in $(aufs_si_directory "${1}")/br* do grep '=rw\(+nolwh\)\?$' ${br} | sed -e 's,=rw.*,,' done ;; esac } # ===========================================================================}}} # is_removable() ============================================================{{{ # What we want is: check if a whole disk node given as argument is seen as # removable from its sysfs attribute. If yes, this means the disk given as # argument is an USB stick (or a CD/DVD). is_removable() { ${DEBUG} && echo "> is_removable $@" >&2 [ "$(cat /sys/block/${1##*/}/removable)" = "1" ] } # ===========================================================================}}} # is_readonly() ============================================================={{{ # What we want is: check if a block device given as argument is writable. is_readonly() { ${DEBUG} && echo "> is_readonly $@" >&2 [ "$(cat /sys/class/block/${1##*/}/ro)" = "1" ] } # ===========================================================================}}} # device_nodes() ============================================================{{{ # What we want is: output the list of device nodes from /proc/partitions. device_nodes() { ${DEBUG} && echo "> device_nodes $@" >&2 grep '[[:digit:]]' /proc/partitions | sed 's,.* \([^ ]\+\)$,\1,' } # ===========================================================================}}} # extended_partition() ======================================================{{{ # What we want is: output the primary extended partition device node of a drive # given as argument. extended_partition() { ${DEBUG} && echo "> extended_partition $@" >&2 local part for part in ${1}?* do case "$(cat /sys/class/block/${part##*/}/partition)" in [1-4]) ID_PART_ENTRY_TYPE= eval "$(query_udev_envvar ${part})" case "${ID_PART_ENTRY_TYPE}" in 0x5|0xf|0x85) echo "${part}" return 0 ;; *) continue ;; esac ;; *) return 1 ;; esac done return 1 } # ===========================================================================}}} # parent_device_from_dm() ==================================================={{{ # What we want is: output the direct parent device (slave) of a dm device given # as argument. parent_device_from_dm() { ${DEBUG} && echo "> parent_device_from_dm $@" >&2 local dev="$(readlink -f "${1}")" local slave="$(echo /sys/block/${dev##*/}/slaves/*)" [ "${slave}" = "/sys/block/${dev##*/}/slaves/*" ] && return 3 echo "${udev_root}/${slave##*/}" } # ===========================================================================}}} # mapper_name_from_dm_node() ================================================{{{ # What we want is: output the basename (in /dev/mapper) of a dm device node # (dm-*) given as argument. mapper_name_from_dm_node() { ${DEBUG} && echo "> mapper_name_from_dm_node $@" >&2 cat /sys/block/${1##*/}/dm/name } # ===========================================================================}}} # major_minor_from_device_node() ============================================{{{ # What we want is: translate the device node given as argument to the # corresponding major:minor. major_minor_from_device_node() { ${DEBUG} && echo "> major_minor_from_device_node $@" >&2 cat /sys/class/block/${1##*/}/dev } # ===========================================================================}}} # query_sysfs_attrs() ======================================================={{{ # What we want is: query the sysfs attributes database for a device node given # as argument. query_sysfs_attrs() { ${DEBUG} && echo "> query_sysfs_attrs $@" >&2 udevadm info --attribute-walk --name "${1}" } # ===========================================================================}}} # query_udev_envvar() ======================================================={{{ # What we want is: query the udev properties database for a device node given # as argument. The --export option is mandatory to eval the output of this # command. query_udev_envvar() { ${DEBUG} && echo "> query_udev_envvar $@" >&2 udevadm info --query property --name "${1}" --export } # ===========================================================================}}} # vim: et sw=4 sts=4 ts=4 fdm=marker fcl=all bilibop-0.4.20/lib/bilibop/test0000755000000000000000000000110512244300427013171 0ustar #!/bin/sh set -e # Test if the argument (file/directory/device) is on the same underlying # device than the root filesystem; if this is the case and -q option is # not used, then output something. . /lib/bilibop/common.sh get_udev_root DISK="$(physical_hard_disk /)" || exit $? if [ "${1}" = "-q" ]; then quiet="true" shift else quiet="false" fi [ -e "${1}" ] && [ "$(physical_hard_disk ${1})" = "${DISK}" ] || exit 1 if [ "${quiet}" = "false" ]; then if [ -f /etc/bilibop/bilibop.conf ]; then . /etc/bilibop/bilibop.conf fi echo ${BILIBOP_COMMON_BASENAME:-bilibop} fi bilibop-0.4.20/lib/bilibop/drivemap.sh0000644000000000000000000004356612236272332014454 0ustar # /lib/bilibop/drivemap.sh # vim: set et sw=4 sts=4 ts=4 fdm=marker fcl=all: # The _drivemap_* functions need some more common functions: . /lib/bilibop/common.sh get_udev_root ### DRIVEMAP FUNCTIONS ### # _drivemap_initial_indent() ================================================{{{ # What we want is: initialize the indentation values to show the disk map as # a tree. We use the length of the $udev_root string to align indentations on # the path separator (/). We will have to consider two types of indentation: # the absolute one is N times the indent unit, N being the indentation level; # the relative one is the addition of an indent unit to the previous # indentation string, without knowledge of its level. Here we want the absolute # form. The relative indentations will be set using local variables (local # indent="${indent}${I}") in some functions. By this way we will go back to # the previous indentation level after the function (and sub-functions) has # terminated. _drivemap_initial_indent() { ${DEBUG} && echo "> _drivemap_initial_indent $@" >&2 I="$(echo ${udev_root} | sed 's;.; ;g')" indent="" } # ===========================================================================}}} # _drivemap_max_mp_length() ================================================={{{ # What we want is: define the length of the longest mountpoint string to use it # in a formated output (with a fixed width), but with aligned paths. _drivemap_max_mp_length() { ${DEBUG} && echo "> _drivemap_max_mp_length $@" >&2 local length=1 for mp in $(grep "^${udev_root}/" /proc/mounts | sed 's,^[^ ]\+ \([^ ]\+\) .*,\1,') do [ ${#mp} -gt ${length} ] && length=${#mp} done echo ${length} } # ===========================================================================}}} # _drivemap_volume_size() ==================================================={{{ # What we want is: output the size of a device given as argument. This size # will be added to the informations about the device, and must be human # readable. To avoid some kind of confusion, we use the same units than the # vendors, i.e powers of 10 instead of powers of 2 (factor 1000 instead of # factor 1024). This size string is formated to be right-aligned into a six # columns space, including the size unit. Sizes into /sys/class/block/*/size # seem to be given in 512 bytes units, even when /sys/block/*/queue/*_size # give something different. This can be verified with CDROMs, having a sector # size of 2048 bytes. _drivemap_volume_size() { ${DEBUG} && echo "> _drivemap_volume_size $@" >&2 local dev="${1}" local size="$(cat /sys/class/block/${dev##*/}/size)" if [ $((size*512/1000/1000/1000/1000)) -gt 1 ] then printf "%6s" "$((size*512/1000/1000/1000/1000))TB" elif [ $((size*512/1000/1000/1000)) -ge 10 ] then printf "%6s" "$((size*512/1000/1000/1000))GB" elif [ $((size*512/1000/1000)) -gt 10 ] then printf "%6s" "$((size*512/1000/1000))MB" elif [ $((size*512/1000)) -gt 10 ] then printf "%6s" "$((size*512/1000))KB" else printf "%6s" "$((size*512))B" fi } # ===========================================================================}}} # _drivemap_mount_point() ==================================================={{{ # What we want is: output the mountpoint of a device given as argument. If the # argument is a regular file, we assume the corresponding block device is a # loopback device. _drivemap_mount_point() { ${DEBUG} && echo "> _drivemap_mount_point $@" >&2 local dev mnt opt [ -f "${1}" ] && for dev in /sys/block/loop?*/loop/backing_file do if [ "${1}" = "$(cat ${dev})" ] then dev="${dev%/loop/backing_file}" dev="${udev_root}/${dev##*/}" eval set -- ${dev} break fi done grep '^/' /proc/mounts | while read dev mnt opt do [ "$(readlink -f ${dev})" = "$(readlink -f ${1})" ] && echo "${mnt}" && return 0 done grep '^/' /proc/swaps | while read dev opt do [ "$(readlink -f ${dev})" = "$(readlink -f ${1})" ] && echo "" && return 0 done } # ===========================================================================}}} # _drivemap_whole_disk_id() ================================================={{{ # What we want is: output a string identifying the disk given as argument as # surely as possible for a common user. If possible, this string should begin # by the bus type, that says where the disk is connected to the computer, and # include the vendor|manufacturer|product|model name. _drivemap_whole_disk_id() { ${DEBUG} && echo "> _drivemap_whole_disk_id $@" >&2 local DRIVE_ID devlink bus # Some device id are not very comprehensive for the standard user. Try to # use the most explicit if possible... for bus in usb ieee1394 memstick scsi do for devlink in ${DEVLINKS} do case "${devlink}" in /dev/disk/by-id/${bus}-*) DRIVE_ID="${devlink#/dev/disk/by-id/}" break 2 ;; esac done done # ...or fallback to the first one, except if it is the obscur wwn-0x*: # what to do with an hexadecimal number? [ -z "${DRIVE_ID}" ] && for devlink in ${DEVLINKS} do case "${devlink}" in /dev/disk/by-id/wwn-*) break ;; /dev/disk/by-id/*) DRIVE_ID="${devlink#/dev/disk/by-id/}" break ;; esac done # If not sufficient, try something else [ -z "${DRIVE_ID}" ] && DRIVE_ID="${ID_SERIAL}" echo "${DRIVE_ID}" } # ===========================================================================}}} # _drivemap_whole_disk_fs() ================================================={{{ _drivemap_whole_disk_fs() { ${DEBUG} && echo "> _drivemap_whole_disk_fs $@" >&2 local DRIVE_SIZE DRIVE_INFO if [ "${ID_CDROM}" = "1" ] then if [ "${_info_}" = "true" ] then DRIVE_SIZE="$(_drivemap_volume_size ${1})" DRIVE_INFO="${ID_FS_TYPE:+${ID_FS_TYPE} | }${DRIVE_SIZE}" else DRIVE_INFO= fi _drivemap_print_line "${I}${ID_FS_LABEL:-${1}}" "${DRIVE_INFO:+[ ${DRIVE_INFO} ]}" fill else if [ "${_info_}" = "true" ] then DRIVE_SIZE="$(_drivemap_volume_size ${1})" DRIVE_INFO="${ID_FS_TYPE:+${ID_FS_TYPE} | }${DRIVE_SIZE}" else DRIVE_INFO= fi _drivemap_print_line "${1}" "${DRIVE_INFO:+[ ${DRIVE_INFO} ]}" fill fi } # ===========================================================================}}} # _drivemap_whole_disk() ===================================================={{{ # What we want is: generate the elements of a line about the whole disk given # as argument _drivemap_whole_disk() { ${DEBUG} && echo "> _drivemap_whole_disk $@" >&2 local DRIVE_ID DRIVE_SIZE DRIVE_INFO if [ "${_info_}" = "true" ] then eval $(query_udev_envvar "${1}") DRIVE_ID="$(_drivemap_whole_disk_id ${1})" DRIVE_SIZE="$(_drivemap_volume_size ${1})" # No sense to attribute a size to an optical drive. Only the # inserted medium, if it exists, can have a size. [ "${ID_CDROM}" = "1" ] && DRIVE_SIZE=" --" # Catenate id and size and with a separator between them. DRIVE_INFO="${DRIVE_ID:+${DRIVE_ID} | }${DRIVE_SIZE}" fi # Print the result, but never fill the line with dots: _drivemap_print_line "${1}" "${DRIVE_INFO:+[ ${DRIVE_INFO} ]}" #fill } # ===========================================================================}}} # _drivemap_dotline() ======================================================={{{ # What we want is: output a line of dots with a length depending of two numbers # given as arguments. _drivemap_dotline() { ${DEBUG} && echo "> _drivemap_dotline $@" >&2 [ $((${_width_}-2-${1}-${2})) -gt 0 ] && echo "........................................................................................................................................................................................................" | sed "s;^\(\.\{$((${_width_}-2-${1}-${2}))\}\).*;\1;" } # ===========================================================================}}} # _drivemap_print_line() ===================================================={{{ # What we want is: output a device name and optionally information about # it. The line can be indented, formated for 70 columns, and filled with # dots to make it more readable. The first argument is the indentation # string and the device name. It is mandatory. The second argument consists # in informations about the device (device id and size, or fstype and size) # between square brackets. It can be empty. If not, this information will # be right-aligned. The last argument, optional, is a flag to say: fill # the line between the device name and the informations with dots. Of # course, this flag is ignored if the information block is not provided. _drivemap_print_line() { ${DEBUG} && echo "> _drivemap_print_line $@" >&2 [ "${_mountpoint_}" = "true" ] && local mntpnt="$(_drivemap_mount_point ${1%(\*)})" if [ -n "${2}" -a "${3}" = "fill" ] then local dotline="$(_drivemap_dotline ${#1} ${#2})" printf "${1} ${dotline} ${2}${mntpnt:+ ${mntpnt}}\n" elif [ -n "${mntpnt}" -a "${3}" = "fill" ] then local dotline="$(_drivemap_dotline ${#1} ${length})" printf "${1} ${dotline} ${mntpnt}\n" elif [ -n "${2}" ] then printf "%s%*s\n" "${1}" $((${_width_}-${#1})) "${2}" else printf "${1}\n" fi } # ===========================================================================}}} # _drivemap_loopback_device() ==============================================={{{ # What we want is: print a line about a loop device associated to a file hosted # on the device given as argument. After what we can check if there is some # dm device or another loop device hosted on the loop device. _drivemap_loopback_device() { ${DEBUG} && echo "> _drivemap_loopback_device $@" >&2 local dev loop lofile LOOP_SIZE LOOP_INFO # Set the indentation string relatively to the previous one, as this: # local indent="${indent}${I}" # ^^^^ ^^^^ # local global or at least inherited from the calling function. # The new (local) indent variable will be inherited by any function called # by this one. local indent="${indent}${I}" # Check only associated loop devices (listed in /proc/partitions) for loop in $(grep '\sloop[0-9]\+$' /proc/partitions | sed 's,.*\s\([^ ]\+\)$,\1,') do # Reset dev - this is mandatory: dev= lofile= # Avoid infinite loops between loopback and dm devices, because each # of _drivemap_loopback_device and _drivemap_dmdevice_holder calls the # other: echo "${ALREADY_DONE}" | grep -qw "${loop}" && continue if [ "$(underlying_device_from_loop ${udev_root}/${loop})" = "${udev_root}/${1}" ] then dev="${udev_root}/${loop}" fi [ -b "${dev}" ] || continue ALREADY_DONE="${ALREADY_DONE:+${ALREADY_DONE} }${loop}" [ "${_backing_file_}" = "true" ] && lofile="$(backing_file_from_loop ${dev})" [ -e "${lofile}" ] || lofile="${dev}" if [ "${_info_}" = "true" ] then # ID_FS_* are not local; so reset it here: ID_FS_TYPE= eval "$(query_udev_envvar ${dev})" LOOP_SIZE="$(_drivemap_volume_size ${dev})" LOOP_INFO="${ID_FS_TYPE:+${ID_FS_TYPE} | }${LOOP_SIZE}" fi [ "${DEVICE}" = "${udev_root}/${loop}" ] && [ "${_mark_}" = "true" ] && device="${lofile}(*)" || device="${lofile}" _drivemap_print_line "${indent}${device}" "${LOOP_INFO:+[ ${LOOP_INFO} ]}" fill _drivemap_loopback_device "${loop}" _drivemap_dmdevice_holder "${loop}" done } # ===========================================================================}}} # _drivemap_dmdevice_holder() ==============================================={{{ # What we want is: find the dm devices hosted by the dm device or the partition # given as argument, query informations about it (optional), output the result # and continue by calling this function from inside itself. _drivemap_dmdevice_holder() { ${DEBUG} && echo "> _drivemap_dmdevice_holder $@" >&2 local device holder mapped DEVICE_SIZE DEVICE_INFO # Set the indentation string relatively to the previous one: local indent="${indent}${I}" [ "$(echo /sys/class/block/${1}/holders/*)" != "/sys/class/block/${1}/holders/*" ] || return 1 for holder in /sys/class/block/${1}/holders/* do holder="${holder##*/}" device="${udev_root}/${holder}" if [ "${_info_}" = "true" ] then ID_FS_TYPE= eval $(query_udev_envvar "${device}") DEVICE_SIZE="$(_drivemap_volume_size ${device})" DEVICE_INFO="${ID_FS_TYPE:+${ID_FS_TYPE} | }${DEVICE_SIZE}" fi [ "${_dm_name_}" = "true" ] && case "${holder}" in dm-*) device="${udev_root}/mapper/$(mapper_name_from_dm_node ${holder})" ;; esac [ "${DEVICE}" = "${udev_root}/${holder}" ] && [ "${_mark_}" = "true" ] && device="${device}(*)" _drivemap_print_line "${indent}${device}" "${DEVICE_INFO:+[ ${DEVICE_INFO} ]}" fill _drivemap_loopback_device "${holder}" _drivemap_dmdevice_holder "${holder}" done } # ===========================================================================}}} # _drivemap_primary_partitions() ============================================{{{ # What we want is: print a line about each primary partition. If there is an # extended primary partition, we have to deal with an MBR partition scheme; # partitions from number 5 to N are logical partitions, and included onto the # extended one. Or, if there is no extended partition but partitions with a # number greater than 4, we have to deal with a GPT partition table: this # means all partitions will be on the same level (no more indent in the tree). _drivemap_primary_partitions() { ${DEBUG} && echo "> _drivemap_primary_partitions $@" >&2 local n PART PART_SIZE PART_INFO # At first, find if there is an extended partition on the disk, to treat # logical partitions as subdevices of this extended one in the tree of # devices instead of sequentially. local extended="$(extended_partition "${1}" | sed 's,.*\([1-4]\)$,\1,')" for PART in ${1}?* do # Partition number: n="$(cat /sys/class/block/${PART##*/}/partition)" # Absolute indentation, first level: indent="${I}" ID_FS_TYPE= ID_PART_ENTRY_TYPE= [ -n "${extended}" ] && case "${n}" in [1-4]) ;; *) continue ;; esac if [ "${_info_}" = "true" ] then eval $(query_udev_envvar "${PART}") [ "${n}" = "${extended}" ] && case "${ID_PART_ENTRY_TYPE}" in 0x5) ID_FS_TYPE="Extended" ;; 0xf) ID_FS_TYPE="Extended W95 (LBA)" ;; 0x85) ID_FS_TYPE="Linux Extended" ;; esac PART_SIZE="$(_drivemap_volume_size ${PART})" PART_INFO="${ID_FS_TYPE:+${ID_FS_TYPE} | }${PART_SIZE}" fi [ "${DEVICE}" = "${PART}" ] && [ "${_mark_}" = "true" ] && device="${PART}(*)" || device="${PART}" _drivemap_print_line "${indent}${device}" "${PART_INFO:+[ ${PART_INFO} ]}" fill if [ "${n}" = "${extended}" ] then _drivemap_logical_partitions "${1}" else _drivemap_loopback_device "${PART##*/}" _drivemap_dmdevice_holder "${PART##*/}" fi done } # ===========================================================================}}} # _drivemap_logical_partitions() ============================================{{{ # What we want is: the same than in the previous function, except that this one # is called only if it exists an extended partition. In that case, partition # with a number greater than 4 will be treated as logical partitions, and so # will be shown as subdevices of the extended partition. If there is no # extended partition but partition numbers greater than 4, we assume we have # to deal with a GPT partition table. _drivemap_logical_partitions() { ${DEBUG} && echo "> _drivemap_logical_partitions $@" >&2 local n PART PART_SIZE PART_INFO for PART in ${1}?* do # Partition number: n="$(cat /sys/class/block/${PART##*/}/partition)" # Absolute indentation, second level (we consider a logical partition is # a subdevice of an extended one). indent="${I}${I}" case "${n}" in [1-4]) continue ;; esac if [ "${_info_}" = "true" ] then ID_FS_TYPE= eval $(query_udev_envvar "${PART}") PART_SIZE="$(_drivemap_volume_size ${PART})" PART_INFO="${ID_FS_TYPE:+${ID_FS_TYPE} | }${PART_SIZE}" fi [ "${DEVICE}" = "${PART}" ] && [ "${_mark_}" = "true" ] && device="${PART}(*)" || device="${PART}" _drivemap_print_line "${indent}${device}" "${PART_INFO:+[ ${PART_INFO} ]}" fill _drivemap_loopback_device "${PART##*/}" _drivemap_dmdevice_holder "${PART##*/}" done } # ===========================================================================}}} bilibop-0.4.20/lib/bilibop/pvfilter.sh0000644000000000000000000004440012243463044014464 0ustar # /lib/bilibop/pvfilter.sh # vim: set et sw=4 sts=4 ts=4 fdm=marker fcl=all: # The pvfilter functions need those of bilibop-common: . /lib/bilibop/common.sh # See also lvm.conf(5) manpage for details. # _pvfilter_has_global() ===================================================={{{ # What we want is: return 0 if the 'global_filter' variable (in lvm.conf) is # supported, 1 otherwise. Also note that unknown variables encountered in # lvm.conf are silently ignored by lvm tools. _pvfilter_has_global() { ${DEBUG} && echo "> _pvfilter_has_global $@" >&2 local version="$(dpkg -l lvm2 | awk '/^ii/ {print $3}')" dpkg --compare-versions ${version} ge 2.02.98 } # ===========================================================================}}} # _pvfilter_delimiter() ====================================================={{{ # What we want is: set a valid (objective) and readable (subjective) delimiter. # Pipes can be used as delimiters between alternatives into the string, and # slashes are used as delimiters in the paths of the files. Given that we # already use a delimiter in the sed's subtitute commands, we have to choose # something else, that is not a metacharacter (i.e. must not be interpreted by # the shell, sed or lvm parser) and should not be encountered in the string to # build. Some valid delimiters can be used as is from the shell, some others # must be escaped or quoted... Use at your own risk. # And the question is... What is the most readable? _pvfilter_delimiter() { ${DEBUG} && echo "> _pvfilter_delimiter $@" >&2 case "${1}" in "!"|"#"|"%"|"+"|","|"."|":"|";"|"="|"@"|"|"|"/") B="${1}" E="${1}" ;; "()"|"[]"|"{}") B="${1%?}" E="${1#?}" ;; *) B="|" E="|" ;; esac } # ===========================================================================}}} # _pvfilter_find_dev_links() ================================================{{{ # What we want is: output the symlinks to a device node given as argument. Note # that 'udevadm info --query symlink --name DEVICE can give a different result, # some links being 'omitted' (not managed by udev, even if it has created them). _pvfilter_find_dev_links() { ${DEBUG} && echo "> _pvfilter_find_dev_links $@" >&2 if [ "${udev}" = "true" ]; then udevadm info --query symlink --name ${1} | sed 's, ,\n,g' else cd ${udev_root} find -L * -path fd -prune -o -samefile ${1} | grep -v "^\(${1}\|fd\)$" cd ${OLDPWD} fi } # ===========================================================================}}} # _pvfilter_accept_string() ================================================={{{ # What we want is: output a string in a valid format to be used directly inside # the square brackets in the 'filter' array. First argument is a directory # where to find symlinks to a device node, second argument is a basename of a # symlink in this directory, or a list of basenames, separated by pipes (|). _pvfilter_accept_string() { ${DEBUG} && echo "> _pvfilter_accept_string $@" >&2 [ -n "${2}" ] || return 1 [ "${B}" = "/" -o "${E}" = "/" ] && local B="|" E="|" if echo "${2}" | grep -q '|' then echo "a${B}${1:+^${1}}/(${2})\$${E}" else echo "a${B}${1:+^${1}}/${2}\$${E}" fi } # ===========================================================================}}} # _pvfilter_reject_string() ================================================={{{ # What we want is: output a string in a valid format to be used directly inside # the square brackets in the 'filter' array. First argument is a directory # where to find symlinks to a device node, second argument can be a basename of # a symlink in this directory or the basename of a subdirectory; or a list of # basenames, separated by pipes (|). The third argument, if it exists, can be # -f or -d, and says how to suffix the string. _pvfilter_reject_string() { ${DEBUG} && echo "> _pvfilter_reject_string $@" >&2 [ -n "${2}" ] || return 1 [ "${3}" = "-d" ] && local end="/.*" || local end="$" [ "${B}" = "/" -o "${E}" = "/" ] && local B="|" E="|" if echo "${2}" | grep -q '|' then echo "r${B}${1:+^${1}}/(${2})${end}${E}" else echo "r${B}${1:+^${1}}/${2}${end}${E}" fi } # ===========================================================================}}} # _pvfilter_list_tagged_devices() ==========================================={{{ # What we want is: output the list of the block devices that have been tagged # by udev with the tag given as argument (In Bilibop, this should be BILIBOP or # INSIDEV). _pvfilter_list_tagged_devices() { ${DEBUG} && echo "> _pvfilter_list_tagged_devices $@" >&2 grep '[[:digit:]]' /proc/partitions | while read major minor size node ; do [ -e "/run/udev/tags/${1}/b${major}:${minor}" ] && echo "${node}" done } # ===========================================================================}}} # _pvfilter_list_other_devices() ============================================{{{ # What we want is: output the list of physical and virtual block devices not # inside the computer nor on the same disk than the root filesystem. This is # based on udev tags. _pvfilter_list_other_devices() { ${DEBUG} && echo "> _pvfilter_list_other_devices $@" >&2 grep '[[:digit:]]' /proc/partitions | while read major minor size node ; do [ "${major}" = "11" ] && continue for TAG in $@ ; do [ -e "/run/udev/tags/${TAG}/b${major}:${minor}" ] && continue 2 done echo "${node}" done } # ===========================================================================}}} # _pvfilter_list_devices() =================================================={{{ # What we want is: output a list of devices that can be given as arguments; # otherwise the argument is a keyword. _pvfilter_list_devices() { ${DEBUG} && echo "> _pvfilter_list_devices $@" >&2 case "${1}" in all) device_nodes ;; insidev) _pvfilter_list_tagged_devices "INSIDEV" ;; bilibop) _pvfilter_list_tagged_devices "BILIBOP" ;; other) _pvfilter_list_other_devices "BILIBOP" "INSIDEV" ;; ${udev_root}/*) for i in ${*} ; do readlink -f ${i} ; done ;; esac } # ===========================================================================}}} # _pvfilter_list_filter_devices() ==========================================={{{ # What we want is: build a string usable in the lvm.conf 'filter' array for # accepted devices (can be a single device, or a class: bilibop, insidev, other) # We don't want to use device names, because they are dynamically assigned. But # some symlinks are dynamic too (as in /dev/block) or not managed by udev. # Finally, the only ones we can use are /dev/disk/by-id/* for physical devices # and /dev/mapper/* for dm devices. _pvfilter_list_filter_devices() { ${DEBUG} && echo "> _pvfilter_list_filter_devices $@" >&2 diskid= dmname= lvname= for dev in $(_pvfilter_list_devices ${1}) ; do dev=${dev##*/} echo "${ALREADY_DONE}" | grep -q "\<${dev}\>" && continue ALREADY_DONE="${ALREADY_DONE:+${ALREADY_DONE} }${dev}" ID_FS_TYPE= DM_LV_NAME= DM_VG_NAME= eval $(query_udev_envvar ${dev}) [ "${ID_FS_TYPE}" = "LVM2_member" ] || continue case "${dev}" in dm-*) for link in $(_pvfilter_find_dev_links ${dev}) ; do # A LV can also be used as PV for another VG if [ -n "${DM_VG_NAME}" -a -n "${DM_LV_NAME}" ] ; then [ "${link}" = "${DM_VG_NAME}/${DM_LV_NAME}" ] && lvname="${lvname:+${lvname}|}${link}" && break fi case "${link}" in mapper/*) dmname="${dmname:+${dmname}|}${link##*/}" break ;; disk/by-id/*) diskid="${diskid:+${diskid}|}${link##*/}" break ;; *) continue ;; esac done ;; *) for link in $(_pvfilter_find_dev_links ${dev}) ; do case "${link}" in disk/by-id/*) diskid="${diskid:+${diskid}|}${link##*/}" break ;; *) continue ;; esac done ;; esac done dmname="$(echo ${dmname} | sed 's,|,\n,g')" dmname="$(echo ${dmname} | sed 's, ,|,g')" diskid="$(echo ${diskid} | sed 's,|,\n,g')" diskid="$(echo ${diskid} | sed 's, ,|,g')" } # ===========================================================================}}} # _pvfilter_list_exclude_devices() =========================================={{{ # What we want is: build a string usable in the lvm.conf 'filter' array for # rejected devices (can be a single device, or a class: bilibop, insidev, other) # For the acceptance behaviour, only one device/symlink can be used, but to # ignore a device, we have to ignore all its symlinks, some of them being # dynamically attributed (as in /dev/block or /dev/disk/by-path). What we know # is that a PV has no symlink in /dev/disk/by-label and /dev/disk/by-uuid, and # links as /dev/disk/by-id/dm-uuid-* are static. Only physical block devices # can have a symlink in /dev/disk/by-path. The dmname of a dm device being # arbitrarly fixed by the user, links such as /dev/disk/by-id/dm-name-* and # /dev/mapper/* can be considered as static but are subject to changes. The # same can be said for a PV using a LV instead of a partition as its underlying # device: there can be symlinks to manage in /dev/. Arrrgh! And it # would be nice, for readability, to avoid duplicates. _pvfilter_list_exclude_devices() { ${DEBUG} && echo "> _pvfilter_list_exclude_devices $@" >&2 devlist= dirlist= for dev in $(_pvfilter_list_devices ${1}) ; do dev=${dev##*/} echo "${ALREADY_DONE}" | grep -q "\<${dev}\>" && continue ALREADY_DONE="${ALREADY_DONE:+${ALREADY_DONE} }${dev}" ID_FS_TYPE= eval $(query_udev_envvar ${dev}) [ "${ID_FS_TYPE}" = "LVM2_member" ] || continue devlist="${devlist:+${devlist}|}${dev}" for link in $(_pvfilter_find_dev_links ${dev}) ; do case "${link}" in block/*) [ -z "${reject_block}" ] && dirlist="${dirlist:+${dirlist}|}${link%/*}" && reject_block="done" ;; disk/by-path/*) [ -z "${reject_path}" ] && dirlist="${dirlist:+${dirlist}|}${link%/*}" && reject_path="done" ;; disk/by-id/*) devlist="${devlist:+${devlist}|}${link##*/}" ;; *) devlist="${devlist:+${devlist}|}${link}" ;; esac done done devlist="$(echo ${devlist} | sed 's,|,\n,g')" devlist="$(echo ${devlist} | sed 's, ,|,g')" dirlist="$(echo ${dirlist} | sed 's,|,\n,g')" dirlist="$(echo ${dirlist} | sed 's, ,|,g')" } # ===========================================================================}}} # _pvfilter_list_pv() ======================================================={{{ # What we want is: bypass the lvm.conf settings and list all possible Physical # Volumes (in fact, block devices with the LVM2_member fstype) and optionally # their symlinks: all symlinks (--show) or only those actually managed by udev # (--udev). _pvfilter_list_pv() { ${DEBUG} && echo "> _pvfilter_list_pv $@" >&2 local node for node in $(device_nodes) ; do ID_FS_TYPE= eval $(query_udev_envvar ${node}) [ "${ID_FS_TYPE}" = "LVM2_member" ] || continue echo ${udev_root}/${node} [ "${show}" = "true" -o "${udev}" = "true" ] && _pvfilter_find_dev_links ${node} | grep -v '^$' | sed "s,^,\t${udev_root}/," done } # ===========================================================================}}} # _pvfilter_init_lvm_configfile() ==========================================={{{ # What we want is: have valid 'obtain_device_list_from_udev' and 'filter' # variables in a valid 'devices' section in lvm.conf; all is missing (the file, # the section, the variables) must be created if necessary and possible. _pvfilter_init_lvm_configfile() { ${DEBUG} && echo "> _pvfilter_init_lvm_configfile $@" >&2 if [ ! -f "${LVM_CONF}" ] ; then if [ "${init}" = "true" ]; then if ! mkdir -p ${LVM_CONF%/*} 2>/dev/null ; then echo "${PROG}: unable to create ${LVM_CONF%/*}." >&2 return 10 fi if [ ! -w "${LVM_CONF%/*}" ] ; then echo "${PROG}: unable to create ${LVM_CONF}: no write permission on ${LVM_CONF%/*}." >&2 return 10 else cat >${LVM_CONF} <>${LVM_CONF} <>${LVM_CONF} <&2 echo "Use '--init' option to create it." >&2 return 10 fi else if [ "${init}" = "true" ]; then echo "${PROG}: what's the need to use '--init' option ?" >&2 return 1 else return 0 fi fi } # ===========================================================================}}} # _pvfilter_init_device_filters() ==========================================={{{ # What we want is: have a valid 'filter' variable in a valid 'devices' section # in lvm.conf; all is missing (the file, the section, the variable) must be # created if necessary and possible. _pvfilter_init_device_filters() { ${DEBUG} && echo "> _pvfilter_init_device_filters $@" >&2 local have_obtain="false" have_filter="false" have_global="false" have_devices="false" grep -q '^[[:blank:]]*obtain_device_list_from_udev[[:blank:]]*=' ${LVM_CONF} && have_obtain="true" grep -q '^[[:blank:]]*filter[[:blank:]]*=' ${LVM_CONF} && have_filter="true" grep -q '^[[:blank:]]*devices[[:blank:]]*{' ${LVM_CONF} && have_devices="true" if [ "${global_filter_is_supported}" = "true" ]; then grep -q '^[[:blank:]]*global_filter[[:blank:]]*=' ${LVM_CONF} && have_global="true" fi # 1. the 'devices' section does not exist, but one of its variables is set {{{ if [ "${have_devices}" = "false" ] && [ "${have_filter}" = "true" -o "${have_global}" = "true" -o "${have_obtain}" = "true" ] ; then # Inconsistency echo "${PROG}: ${LVM_CONF} seems to be inconsistent." >&2 return 13 # }}} # 2. the 'devices' section does not exist, and then it must be created now {{{ elif [ "${have_devices}" = "false" ] ; then # Add devices section with minimal content if [ "${init}" = "true" ]; then if [ ! -w "${LVM_CONF}" ] ; then echo "${PROG}: no write permission on ${LVM_CONF}" >&2 return 10 else cat >>${LVM_CONF} <>${LVM_CONF} <>${LVM_CONF} <&2 echo "Use '--init' option to create it." >&2 return 10 fi # }}} # 3. the 'devices' section exists, with all the needed variables {{{ elif [ "${global}" = "true" -a "${have_global}" = "true" -a "${have_obtain}" = "true" ] || [ "${global}" = "false" -a "${have_filter}" = "true" -a "${have_obtain}" = "true" ]; then if [ "${init}" = "true" ]; then echo "${PROG}: what's the need to use '--init' option ?" >&2 return 1 else return 0 fi # }}} # 4. the 'devices' section exists, but a needed variable is missing {{{ else if [ "${init}" = "true" -a ! -w "${LVM_CONF}" ] ; then echo "${PROG}: no write permission on ${LVM_CONF}" >&2 return 10 fi [ "${have_filter}" = "false" -a "${global}" = "false" ] && # Add 'filter' variable if [ "${init}" = "true" ]; then sed -i 's,^[[:blank:]]*devices[[:blank:]]*{.*,&\n filter = [ "a|.*|" ],' ${LVM_CONF} else echo "${PROG}: 'filter' variable is missing in ${LVM_CONF}." >&2 echo "Use '--init' option to create it." >&2 return 10 fi [ "${have_global}" = "false" -a "${global}" = "true" ] && # Add 'global_filter' variable if [ "${init}" = "true" ]; then sed -i 's,^[[:blank:]]*devices[[:blank:]]*{.*,&\n global_filter = [ ],' ${LVM_CONF} else echo "${PROG}: 'global_filter' variable is missing in ${LVM_CONF}." >&2 echo "Use '--init' option to create it." >&2 return 10 fi [ "${have_obtain}" = "false" ] && # Add 'obtain_device_list_from_udev' variable if [ "${init}" = "true" ]; then sed -i 's,^[[:blank:]]*devices[[:blank:]]*{.*,&\n obtain_device_list_from_udev = 1,' ${LVM_CONF} else echo "${PROG}: 'obtain_device_list_from_udev' variable is missing in ${LVM_CONF}." >&2 echo "Use '--init' option to create it." >&2 return 10 fi fi # }}} } # ===========================================================================}}} bilibop-0.4.20/lib/bilibop/disk0000755000000000000000000000027612244301766013163 0ustar #!/bin/sh # Output the underlying disk name of the root filesystem or of the # file/device/directory given as argument. set -e . /lib/bilibop/common.sh get_udev_root physical_hard_disk ${1} bilibop-0.4.20/lib/bilibop/rules.sh0000644000000000000000000000614212236272332013764 0ustar # /lib/bilibop/rules.sh # vim: set et sw=4 sts=4 ts=4 fdm=marker fcl=all: # The bilibop-rules functions need those of bilibop-common: . /lib/bilibop/common.sh get_bilibop_variables # See bilibop.conf(5) and udisks(7) manpage for details. # _udisks_system_internal() ================================================={{{ # What we want is: forbid user applications to (auto)mount listed filesystems. _udisks_system_internal() { ${DEBUG} && echo "> _udisks_system_internal $@" >&2 local skip for skip in ${BILIBOP_RULES_SYSTEM_INTERNAL_WHITELIST} do case "${skip}" in UUID=${ID_FS_UUID}|LABEL=${ID_FS_LABEL}|TYPE=${ID_FS_TYPE}|USAGE=${ID_FS_USAGE}) return 1 ;; esac done return 0 } # ===========================================================================}}} # _udisks_presentation_hide() ==============================================={{{ # What we want is: hide bilibop partitions to the desktop applications # (especially the file managers) based on Udisks: this includes Nautilus, # Thunar, PCManFM and Konkeror. Only the whitelisted filesystems will be # shown to the user. # NOTE: this function must be called from /lib/udev/bilibop_disk. The ID_FS_* # variables should be exported by udev, and so this functions don't need an # argument. The same rule applies to the two following functions. _udisks_presentation_hide() { ${DEBUG} && echo "> _udisks_presentation_hide $@" >&2 local skip for skip in ${BILIBOP_RULES_PRESENTATION_HIDE_WHITELIST} do case "${skip}" in UUID=${ID_FS_UUID}|LABEL=${ID_FS_LABEL}|TYPE=${ID_FS_TYPE}|USAGE=${ID_FS_USAGE}) return 1 ;; esac done return 0 } # ===========================================================================}}} # _udisks_presentation_icon() ==============================================={{{ # What we want is: use another icon than the default one to show a device to # the user. _udisks_presentation_icon() { ${DEBUG} && echo "> _udisks_presentation_icon $@" >&2 local icon for icon in ${BILIBOP_RULES_PRESENTATION_ICON} do case "${icon}" in UUID=${ID_FS_UUID}:*|LABEL=${ID_FS_LABEL}:*|TYPE=${ID_FS_TYPE}:*|USAGE=${ID_FS_USAGE}:*) echo "${icon##*:}" return 0 ;; esac done return 1 } # ===========================================================================}}} # _udisks_presentation_name() ==============================================={{{ # What we want is: use another icon than the default one to show a device to # the user. _udisks_presentation_name() { ${DEBUG} && echo "> _udisks_presentation_name $@" >&2 local name for name in ${BILIBOP_RULES_PRESENTATION_NAME} do case "${name}" in UUID=${ID_FS_UUID}:*|LABEL=${ID_FS_LABEL}:*|TYPE=${ID_FS_TYPE}:*|USAGE=${ID_FS_USAGE}:*) echo "${name##*:}" return 0 ;; esac done return 1 } # ===========================================================================}}} bilibop-0.4.20/lib/bilibop/lockfs.sh0000644000000000000000000006056712244111660014121 0ustar # /lib/bilibop/lockfs.sh # vim: set et sw=4 sts=4 ts=4 fdm=marker fcl=all: # The bilibop-lockfs functions need those of bilibop-common: . /lib/bilibop/common.sh # lock_file() ==============================================================={{{ # What we want is: add a filename to the list of files that have been modified # by the 'bilibop-lockfs' local-bottom initramfs script. lock_file() { ${DEBUG} && echo "> lock_file $@" >&2 grep -q "^${1}$" ${BILIBOP_RUNDIR}/lock || echo "${1}" >>${BILIBOP_RUNDIR}/lock } # ===========================================================================}}} # remount_ro() =============================================================={{{ # What we want is: remount as readonly the lower branch of an aufs mountpoint # given as argument. remount_ro() { ${DEBUG} && echo "> remount_ro $@" >&2 is_aufs_mountpoint -q "${1}" || return 1 mount -o remount,ro $(aufs_readonly_branch "${1}") } # ===========================================================================}}} # remount_rw() =============================================================={{{ # What we want is: remount as writable the lower branch of an aufs mountpoint # given as argument. remount_rw() { ${DEBUG} && echo "> remount_rw $@" >&2 is_aufs_mountpoint -q "${1}" || return 1 mount -o remount,rw $(aufs_readonly_branch "${1}") } # ===========================================================================}}} # blockdev_root_subtree() ==================================================={{{ # What we want is: set 'ro' or 'rw' the filesystem and its hosting disk given # as arguments, and all other devices between them. For example, if the first # one is a Logical Volume (/dev/dm-3) onto a LUKS partition (/dev/sdb1), this # will modify settings for /dev/dm-3, /dev/sdb, /dev/dm-0 and /dev/sdb1. The # main option (--setro or --setrw) must be the first argument, and the disk # node the last one. # See also the NOTE in 'set_readonly_lvm_settings()' about why we don't use # 'lvm lvchange --permission r' to set a LV as readonly. blockdev_root_subtree() { ${DEBUG} && echo "> blockdev_root_subtree $@" >&2 local dev="${2}" # Here blockdev must be called two times (give the two arguments in the # same command line don't work with the busybox's blockdev implementation). blockdev --set"${1}" "${2}" blockdev --set"${1}" "${3}" while true do case "${dev##*/}" in dm-*) dev="$(parent_device_from_dm ${dev})" ;; loop*) dev="$(underlying_device_from_loop "${dev}")" ;; *) # If a logical partition has to be locked, lock the # primary extended partition too. Only for ms-dos # partition tables. extended="$(extended_partition "${3}")" || return 0 [ $(cat /sys/class/block/${dev##*/}/partition) -gt 4 ] && dev="${extended}" || return 0 ;; esac blockdev --set"${1}" "${dev}" done } # ===========================================================================}}} # get_device_node() ========================================================={{{ # What we want is: output the device node from a given argument of the form # /dev/*, LABEL=* or UUID=* such as they can be found in fstab. This means # the LABEL may contain '/' characters that need to be translated to their # hex value, but cannot contain space characters, as they are not managed by # fstab parsers (i.e. mount). get_device_node() { ${DEBUG} && echo "> get_device_node $@" >&2 local symlink case "${1}" in ${UDEV_ROOT}/*) symlink="$(echo "${1}" | sed "s,^${UDEV_ROOT},${udev_root},")" ;; UUID=*) symlink="${udev_root}/disk/by-uuid/${1#UUID=}" ;; LABEL=*) symlink="${udev_root}/disk/by-label/$(echo "${1#LABEL=}" | sed -e 's,/,\\x2f,g')" ;; esac if [ -e "${symlink}" ]; then readlink -f ${symlink} else return 1 fi } # ===========================================================================}}} # get_swap_policy() ========================================================={{{ # What we want is: output the policy to apply for swap devices. If it is set in # bilibop.conf, apply it; otherwise, the fallback depends on the 'removable' # flag in the sysfs attributes. get_swap_policy() { ${DEBUG} && echo "> get_swap_policy $@" >&2 case "${BILIBOP_LOCKFS_SWAP_POLICY}" in soft|hard|noauto|crypt|random) echo "${BILIBOP_LOCKFS_SWAP_POLICY}" ;; *) # If BILIBOP_LOCKFS_SWAP_POLICY is not set to # a known value, use a heuristic to know what # to do: is_removable "${BILIBOP_DISK}" && echo "hard" || echo "crypt" ;; esac } # ===========================================================================}}} # is_a_crypt_target() ======================================================={{{ # What we want is: parse /etc/crypttab and if the device (/dev/mapper/*) is # encountered as being the target, return 0; otherwise, return 1. is_a_crypt_target() { ${DEBUG} && echo "> is_a_crypt_target $@" >&2 while read TARGET SOURCE KEY_FILE CRYPT_OPTS do if [ "${TARGET}" != "${1##*/}" ] then unset TARGET SOURCE KEY_FILE CRYPT_OPTS else return 0 fi done <${CRYPTTAB} return 1 } # ===========================================================================}}} # is_encrypted() ============================================================{{{ # What we want is: know if a mapped device name (/dev/mapper/something) given # as argument is or will be encrypted with cryptsetup (we don't manage other # programs such as cryptmount or mount.crypt). is_encrypted() { ${DEBUG} && echo "> is_encrypted $@" >&2 [ -f "${CRYPTTAB}" ] || return 1 local dev="$(get_device_node "${1}")" while true do case "${dev}" in ${udev_root}/dm-*) # This may be an encrypted swap device, but also a Logical Volume # containing a swap filesystem. In the last case, is the Volume # Group inside an encrypted container? is_a_crypt_target "$(mapper_name_from_dm_node "${dev}")" && return 0 dev="$(parent_device_from_dm ${dev})" ;; *) # This is not an encrypted swap device, or we don't know how to # manage it. return 1 ;; esac done return 1 } # ===========================================================================}}} # is_randomly_encrypted() ==================================================={{{ # What we want is: parse /etc/crypttab and if the device (/dev/mapper/*) is # encountered as being the target with a random key, return 0; otherwise, # return 1. is_randomly_encrypted() { ${DEBUG} && echo "> is_randomly_encrypted $@" >&2 while read TARGET SOURCE KEY_FILE CRYPT_OPTS do if [ "${TARGET}" != "${1##*/}" ] then unset TARGET SOURCE KEY_FILE CRYPT_OPTS else case "${KEY_FILE}" in ${UDEV_ROOT}/random|${UDEV_ROOT}/urandom) return 0 ;; *) ;; esac fi done <${CRYPTTAB} return 1 } # ===========================================================================}}} # apply_swap_policy() ======================================================={{{ # What we want is: modify temporary /etc/fstab and /etc/crypttab by commenting # swap entries or modifying their options. apply_swap_policy() { ${DEBUG} && echo "> apply_swap_policy $@" >&2 case "$(get_swap_policy)" in soft) # Nothing to do ;; hard) sed -i "s|^\s*${1}\s\+none\s\+swap\s.*|${comment}\n#&\n|" ${FSTAB} CRYPTTAB="${rootmnt}/etc/crypttab" if is_encrypted "${1}" then sed -i "s|^\s*${TARGET}\s\+${SOURCE}.*|${comment}\n#&\n|" ${CRYPTTAB} lock_file "/etc/crypttab" fi ;; noauto) noauto="${1} none swap noauto 0 0" sed -i "s|^\s*${1}\s\+none\s\+swap\s.*|${comment}\n#&\n${replace}\n${noauto}\n|" ${FSTAB} CRYPTTAB="${rootmnt}/etc/crypttab" if is_encrypted "${1}" then noauto="${TARGET} ${SOURCE} ${KEY_FILE} ${CRYPT_OPTS},noauto" sed -i "s|^\s*${TARGET}\s\+${SOURCE}.*|${comment}\n#&\n${replace}\n${noauto}\n|" ${CRYPTTAB} && lock_file "/etc/crypttab" fi ;; crypt) CRYPTTAB="${rootmnt}/etc/crypttab" is_encrypted "${1}" || sed -i "s|^\s*${1}\s\+none\s\+swap\s.*|${comment}\n#&\n|" ${FSTAB} ;; random) CRYPTTAB="${rootmnt}/etc/crypttab" is_randomly_encrypted "${1}" || sed -i "s|^\s*${1}\s\+none\s\+swap\s.*|${comment}\n#&\n|" ${FSTAB} ;; esac } # ===========================================================================}}} # parse_and_modify_fstab() =================================================={{{ # What we want is: modify some entries in /etc/fstab and optionally in # /etc/crypttab. This should apply only on block devices, and only on those # that have not been whitelisted in bilibop.conf(5). Replace the fstype by # 'lockfs', and modify options to remember the original fstype. This will be # used by the mount.lockfs helper. parse_and_modify_fstab() { ${DEBUG} && echo "> parse_and_modify_fstab $@" >&2 grep -v '^[[:blank:]]*\(#\|$\)' ${FSTAB} | while read device mntpnt fstype option dump pass do # Due to the pipe (|) before the 'while' loop, we are now in a # subshell. The variables just previously set (device, mntpnt, # fstype, option, dump, pass) have no sense outside of this loop. # Don't use them later (after the 'done'). case "${fstype}" in swap) # Special settings for swap devices apply_swap_policy "${device}" continue ;; none|ignore|tmpfs|lockfs) # Don't modify some entries continue ;; esac # Don't modify the "noauto" mount lines nor the binded mounts: echo "${option}" | grep -q '\<\(noauto\|r\?bind\)\>' && continue # Skip what we are sure that it is not a local block device (or a # local file): case "${device}" in UUID=*|LABEL=*|/*) ;; *) continue ;; esac # Skip locking device if whitelisted by the sysadmin. Three formats # are accepted: the mountpoint itself, a (symlink to a) device name, # or a metadata about the filesystem (allowing to use something like # TYPE=vfat for any mountpoint). for skip in ${BILIBOP_LOCKFS_WHITELIST} do case "${skip}" in ${device}|${mntpnt}|TYPE=${fstype}) [ -f "/etc/lvm/bilibop" ] && unlock_logical_volume ${device} continue 2 ;; esac done # For each filesystem to lock, modify the line in fstab. A mount # helper script will manage it later: #log_warning_msg "${0##*/}: Preparing to lock: ${mntpnt}." sed -i "s|^\s*${device}\s\+${mntpnt}\s.*|${comment}\n#&\n${replace}\n${device} ${mntpnt} lockfs fstype=${fstype},${option} ${dump} ${pass}\n|" ${FSTAB} done } # ===========================================================================}}} # add_lockfs_mount_helper() ================================================={{{ # What we want is: add a mount helper script (or a symlink to it) to an aufs # mountpoint given as argument (this should be the next root of the system from # the point of view of the initramfs). add_lockfs_mount_helper() { ${DEBUG} && echo "> add_lockfs_mount_helper $@" >&2 if [ -x ${1}/lib/bilibop/lockfs_mount_helper ] then # lockfs_mount_helper is usable as is, so symlink it: ln -s /lib/bilibop/lockfs_mount_helper ${1}/sbin/mount.lockfs elif [ -f ${1}/lib/bilibop/lockfs_mount_helper ] then # lockfs_mount_helper is not executable cp ${1}/lib/bilibop/lockfs_mount_helper ${1}/sbin/mount.lockfs chmod +x ${1}/sbin/mount.lockfs else # lockfs_mount_helper is missing. Create a fallback script. # It will not set an aufs and its lower and upper branches, # but only recalls 'mount' with valid options. cat >${1}/sbin/mount.lockfs < check_mount_lockfs $@" >&2 if [ -h ${1}/sbin/mount.lockfs ] then # /sbin/mount.lockfs already exist and is a symlink. # Is it absolute or relative ? helper="$(readlink ${1}/sbin/mount.lockfs)" case "${helper}" in /*) helper="${1}${helper}" ;; ?*) helper="${1}/sbin/${helper}" ;; esac if [ ! -f "${helper}" -o ! -x "${helper}" ] then # There is a problem with the target. So, remove the # symlink and add a new lockfs mount helper. rm -rf ${1}/sbin/mount.lockfs add_lockfs_mount_helper "${1}" fi elif [ -f ${1}/sbin/mount.lockfs -a -x ${1}/sbin/mount.lockfs ] then # This probably means the sysadmin has written its own helper # program. Don't modify this. : else rm -rf ${1}/sbin/mount.lockfs add_lockfs_mount_helper "${1}" fi } # ===========================================================================}}} # initialize_lvm_conf() ====================================================={{{ # What we want is: create lvm.conf or modify it if the file itself, or a # required (for our purpose) section, or a required (for our purpose) # variable/array is missing. initialize_lvm_conf() { ${DEBUG} && echo "> initialize_lvm_conf $@" >&2 if [ ! -f "${LVM_CONF}" ] then mkdir -p ${LVM_CONF%/*} cat >${LVM_CONF} <>${LVM_CONF} <>${LVM_CONF} <>${LVM_CONF} < blacklist_bilibop_devices $@" >&2 local node for node in $(device_nodes) do [ "${udev_root}/${node}" = "${BILIBOP_DISK}" ] && continue [ "$(physical_hard_disk ${udev_root}/${node})" != "${BILIBOP_DISK}" ] && continue blacklist= ID_FS_TYPE= DEVLINKS= eval $(query_udev_envvar ${node}) [ "${ID_FS_TYPE}" = "LVM2_member" ] || continue DEVLINKS="$(echo ${DEVLINKS} | sed "s,${udev_root}/,,g")" [ "${udev_root}/${node}" = "${BILIBOP_PART}" ] && DEVLINKS="${BILIBOP_COMMON_BASENAME}/part ${DEVLINKS}" blacklist="$(echo ${node} ${DEVLINKS} | sed 's, \+,|,g')" sed -i "s;^\s*\(global_\)\?filter\s*=\s*\[\s*;&\"r#^${UDEV_ROOT}/(${blacklist})\$#\", ;" ${LVM_CONF} done } # ===========================================================================}}} # set_readonly_lvm_settings() ==============================================={{{ # What we want is: overwrite temporary lvm.conf (into initrd or on aufs) and # set some variables to make VG and LV read-only (content + metadata). # In 'global' section: # locking_type = 4 # metadata_read_only = 1 # In 'activation' section: # read_only_volume_list = [ "vg0/lv0", "vg0/lv1", "vg1/lv0", "vg1/lv1", "vg1/lv2" ] # # NOTE: we cannot use 'lvchange --permission r' here or elsewhere, because # (unlike 'blockdev --setro'), this makes the readonly setup persistent, and # this would need additional stuff to undo that at the good time by running # 'lvchange --permission rw'. Additionally, this changes LV metadata, and this # is exactly what we want to avoid. set_readonly_lvm_settings() { ${DEBUG} && echo "> set_readonly_lvm_settings $@" >&2 sed -i 's|^\(\s*locking_type\s*=\s*\).*|\14|' ${LVM_CONF} sed -i 's|^\(\s*metadata_read_only\s*=\s*\).*|\11|' ${LVM_CONF} for lvm in $(cat /etc/lvm/bilibop) do ROVL="${ROVL:+${ROVL}, }\"${lvm}\"" done [ -n "${ROVL}" ] || return 0 if grep -q '^[[:blank:]]*read_only_volume_list[[:blank:]]*=' ${LVM_CONF} ; then sed -i "s|^\s*read_only_volume_list\s*=\s*[|& ${ROVL},|" ${LVM_CONF} else sed -i "s|^\s*activation\s*{.*|&\n read_only_volume_list = [ ${ROVL} ]|" ${LVM_CONF} fi } # ===========================================================================}}} # activate_bilibop_lv() ====================================================={{{ # What we want is: activate Logical Volumes listed in /etc/lvm/bilibop. It can # happen that some LV are not yet activated at this point: the initramfs lvm2 # script activates $ROOT and $resume only (the initramfs cryptroot script is # less selective). After 'blacklist_bilibop_devices()', there will be no way # for the lvm init script to activate missing LV, and mount (between others) # will fail. activate_bilibop_lv() { ${DEBUG} && echo "> activate_bilibop_lv $@" >&2 [ -f /etc/lvm/bilibop ] || return 0 local vg_lv for vg_lv in $(cat /etc/lvm/bilibop); do if [ ! -e "${udev_root}/${vg_lv}" ]; then lvm lvchange -a y --sysinit ${vg_lv} fi done } # ===========================================================================}}} # unlock_logical_volume() ==================================================={{{ # What we want is: avoid mount errors for whitelisted devices/mountpoints. For # that, we have to override, from the local-bottom script, some settings done # from the init-top script: reset readonly attribute of a whitelisted Logical # Volume, and remove it from the list of the Logical Volumes to set read-only. # This function is called from parse_and_modify_fstab(). unlock_logical_volume() { ${DEBUG} && echo "> unlock_logical_volume $@" >&2 local dev="$(get_device_node ${1})" for lvm in $(cat /etc/lvm/bilibop) do [ -e "${udev_root}/${lvm}" ] || continue if [ "$(readlink -f ${udev_root}/${lvm})" = "${dev}" ] then sed -i "/^${lvm}$/d" /etc/lvm/bilibop blockdev --setrw ${dev} break fi done } # ===========================================================================}}} # plymouth_message() ========================================================{{{ # What we want is: tell plymouth daemon to display a message. (Plymouth is the # name of the standard graphical boot splash on Linux) plymouth_message() { ${DEBUG} && echo "> plymouth_message $@" >&2 if [ -x /bin/plymouth ] && plymouth --ping then plymouth message --text="$@" fi } # ===========================================================================}}} # is_physically_locked() ===================================================={{{ # What we want is: return 0 if a drive given as argument (generally a USB key # or a SD/MMC card) is write-protected, i.e. physically locked by a switch, # and 1 otherwise. Since this function relies on the output of dmesg, it must # be called very early (or it may happen that the relevant info is flushed or # unbuffered). As far as I know, only USB keys and Flash memory cards may have # a switch to lock them; there are two 'syntaxes', depending on the media type. is_physically_locked() { ${DEBUG} && echo "> is_physically_locked $@" >&2 case "${1}" in sd?) if dmesg | grep -q "\[${1}\] [Ww]rite [Pp]rotect [Ii]s [Oo]n$"; then return 0 fi ;; mmcblk?|mspblk?) if dmesg | grep -q "[[:blank:]]${1}: .* [1-9][0-9]*\(\.[0-9]\+\)\? [GM]i\?B (ro)$"; then return 0 fi ;; esac return 1 } # ===========================================================================}}} bilibop-0.4.20/lib/udev/0000755000000000000000000000000012244300427011612 5ustar bilibop-0.4.20/lib/udev/bilibop_disk0000755000000000000000000000552012244300427014174 0ustar #!/bin/sh # vim: set et ts=4 sts=4 sw=4: # /lib/udev/bilibop_disk {{{ # This script must be called from /lib/udev/rules.d/66-bilibop.rules # (or any other udev rules filename). # # Usage: # PROGRAM=="bilibop_disk [OPTION] %r/%k" # RUN+="bilibop_disk [OPTION] %r/%k" # # with options: # -d, --disk # -h, --hide # -i, --icon # -l, --lock # -n, --name # -p, --part # -r, --root # -t, --test # No option is the same as --test. # }}} PATH="/bin" device="" option="test" for arg do case "${arg}" in -d|--disk) option="disk" ;; -h|--hide) option="hide" ;; -i|--icon) option="icon" ;; -l|--lock) option="lock" ;; -n|--name) option="name" ;; -p|--part) option="part" ;; -r|--root) option="root" ;; -t|--test) option="test" ;; /*) device="$arg" ;; -*) exit 99 ;; esac done # Check if the block device given as argument exists, or go away. [ -b "${device}" ] || exit 3 udev_root="${device%/*}" # dirname node_name="${device##*/}" # basename # Load bilibop shell functions . /lib/bilibop/rules.sh # Avoid running some functions if not necessary; take care with the exit code. case "${option}" in hide) [ "${BILIBOP_RULES_PRESENTATION_HIDE}" = "false" ] && exit 1 ;; lock) [ "${BILIBOP_RULES_SYSTEM_INTERNAL}" = "false" ] && exit 1 ;; esac # Set BILIBOP_DISK. If a link to the physical hard disk already exists, follow # it to know the device name. Otherwise, find it with the bilibop functions. [ -h ${udev_root}/${BILIBOP_COMMON_BASENAME}/disk ] && BILIBOP_DISK="$(readlink -f ${udev_root}/${BILIBOP_COMMON_BASENAME}/disk)" || BILIBOP_DISK="$(physical_hard_disk /)" ### RUN NOW ### case "${option}" in test) [ "$(physical_hard_disk ${device})" = "${BILIBOP_DISK}" ] || exit 1 ;; disk) echo "${BILIBOP_COMMON_BASENAME}/disk" ;; root) [ -h ${udev_root}/${BILIBOP_COMMON_BASENAME}/part ] && BILIBOP_PART="$(readlink -f ${udev_root}/${BILIBOP_COMMON_BASENAME}/part)" || BILIBOP_PART="$(underlying_partition /)" [ "${BILIBOP_PART}" = "${device}" ] && echo "${BILIBOP_COMMON_BASENAME}/part" [ -h ${udev_root}/${BILIBOP_COMMON_BASENAME}/root ] && BILIBOP_ROOT="$(readlink -f ${udev_root}/${BILIBOP_COMMON_BASENAME}/root)" || BILIBOP_ROOT="$(underlying_device_from_file /)" [ "${BILIBOP_ROOT}" = "${device}" ] && echo "${BILIBOP_COMMON_BASENAME}/root" ;; part) underlying_partition "${device}" ;; lock) _udisks_system_internal || exit 1 ;; hide) _udisks_presentation_hide || exit 1 ;; icon) _udisks_presentation_icon || exit 1 ;; name) _udisks_presentation_name || exit 1 ;; esac exit 0 bilibop-0.4.20/etc/0000755000000000000000000000000012165414757010672 5ustar bilibop-0.4.20/etc/bilibop/0000755000000000000000000000000012165414757012312 5ustar bilibop-0.4.20/etc/bilibop/bilibop.conf0000644000000000000000000000045712165414757014607 0ustar # /etc/bilibop/bilibop.conf # Global configuration file for bilibop-* packages. For a comprehensive list # of possible default or custom settings, read the bilibop.conf(5) manpage, # and see the examples provided by each concerned bilibop-* package in # /usr/share/doc/bilibop-*/examples/bilibop.conf bilibop-0.4.20/etc/xdg/0000755000000000000000000000000012165414757011454 5ustar bilibop-0.4.20/etc/xdg/autostart/0000755000000000000000000000000012165414757013502 5ustar bilibop-0.4.20/etc/xdg/autostart/lockfs-notify.desktop0000644000000000000000000000052512165414757017666 0ustar [Desktop Entry] Version=1.0 Encoding=UTF-8 Type=Application Exec=lockfs-notify Icon=changes-prevent Name=bilibop-lockfs Comment=Notification of locking of the filesystems Comment[en]=Notification of locking of the filesystems Comment[fr]=Notification de verrouillage des systèmes de fichiers StartupNotify=false Terminal=false Hidden=false bilibop-0.4.20/bin/0000755000000000000000000000000012244232546010657 5ustar bilibop-0.4.20/bin/lsbilibop0000644000000000000000000001074412244217667012576 0ustar #!/bin/sh set -e # /bin/lsbilibop # List BILIBOP tagged devices, display some udev properties about them, # or trigger uevents to update their properties. PATH="/sbin:/bin" PROG="${0##*/}" TAG_DIR="/run/udev/tags/BILIBOP" info="false" list="false" trigger="false" action="" short_usage() { cat < -l > -i > -a = -c: # -h (help) overrides unconditionally all other options. # -l (list) overrides unconditionally -i, -a and -c. # -i (info) overrides unconditionally -a (add) and -c (change). while getopts :achil opt; do case "${opt}" in h) usage exit 0 ;; a) trigger="true" action="add" ;; c) trigger="true" action="change" ;; i) info="true" ;; l) list="true" ;; '?') echo "${PROG}: unrecognized option '-${OPTARG}'." >&2 short_usage >&2 exit 1 ;; esac done if [ "${list}" = "true" ]; then bilibop_list exit $? elif [ "${info}" = "true" ]; then trigger="false" fi shift $((OPTIND-1)) if [ "${1}" = "--" ]; then shift; fi # At least, check if BILIBOP tagged devices exist, or exit with a useful # message: if [ ! -d "${TAG_DIR}" ]; then echo "${PROG}: ${TAG_DIR}: no such directory.\n" >&2 if [ -f "/etc/udev/rules.d/66-bilibop.rules" ]; then cat >&2 <&2 <&2 <', 'udevadm trigger --sysname-match ' and 'udevadm test ' can help you, if they are applied to the following device nodes: EOF bilibop_list >&2 echo >&2 echo "But maybe your system is not running from a writable and removable media ?" >&2 exit 8 fi # Trigger uevents can only be done by root, but if it is tried by a # unprivileged user, udevadm will silently do NOTHING without failure # (i.e. with exit code = 0). So we place a poor checkpoint here. if [ "${trigger}" = "true" ]; then if [ "${USER}" != "root" ]; then echo "${0##*/}: only root can use the '-a' or '-c' options." >&2 exit 4 fi fi # Get/set udev_root variable. It should be '/dev', but... if [ -f /etc/udev/udev.conf ]; then . /etc/udev/udev.conf fi udev_root="${udev_root:-/dev}" # Store device names given as arguments, if any: for arg; do if [ -b "${arg}" ]; then arg="$(readlink -f ${arg})" DEVICE="${DEVICE:+${DEVICE} }${arg}" fi done # If ALL arguments are invalid, exit. if [ -n "$*" -a -z "${DEVICE}" ]; then echo "${PROG}: bad argument(s) '$@'." >&2 short_usage >&2 exit 2 fi # Trigger uevents for all BILIBOP tagged devices, and exit: if [ -z "${DEVICE}" -a "${trigger}" = "true" ]; then udevadm trigger --tag-match="BILIBOP" --action="${action}" exit $? fi grep '[[:digit:]]' /proc/partitions | while read major minor size node; do # Skip devices that are not tagged 'BILIBOP': [ ! -e "/run/udev/tags/BILIBOP/b${major}:${minor}" ] && continue # Filter by device names given as arguments: if [ -n "${DEVICE}" ]; then for device in ${DEVICE}; do [ "${device}" = "${udev_root}/${node}" ] && break done [ "${device}" = "${udev_root}/${node}" ] || continue fi if [ "${info}" = "true" ]; then echo "DEVNAME='${udev_root}/${node}'" udevadm info --query property --export --name ${node} | grep -E '^(BILIBOP_(DISK|(UNDERLYING_)?PARTITION)|DEVLINKS|UDISKS_(IGNORE|SYSTEM(_INTERNAL)?|(PRESENTATION_)?(ICON_)?NAME|PRESENTATION_HIDE|CAN_POWER_OFF)|ID_(FS_(UUID|LABEL|TYPE|USAGE)|DRIVE_DETACHABLE))=' echo elif [ "${trigger}" = "true" ]; then udevadm trigger --sysname-match="${node}" --action="${action}" else echo "${udev_root}/${node}" fi done # vim: ts=4 sts=4 sw=4