debian.package.unsafe: Add classical debian initramfs module

The module is unsafe because it collects metadata while being writable for files on the same system; It therefore cannot be relied upon for security purposes. It will however allow to use the agent for purposes of better system changes transparency where malicious changes are not expected.

debian.package.unsafe: Add classical debian initramfs module
The module is unsafe because it collects metadata while being writable for files on the same system; It therefore cannot be relied upon for security purposes. It will however allow to use the agent for purposes of better system changes transparency where malicious changes are not expected.
74e28313 · Leo Le Bouter · e7a6f910 · 74e28313 · 74e28313 · 74e28313
Commit 74e28313 authored Oct 14, 2020 by Leo Le Bouter
4 changed files
--- a/debian.package.unsafe/Makefile
+++ b/debian.package.unsafe/Makefile
+unsafe-boot-metadata-collect-agent.deb: unsafe-boot-metadata-collect-agent/usr/share/initramfs-tools/scripts/local-bottom/metadata-collect-agent
+	dpkg-deb --build unsafe-boot-metadata-collect-agent || rm -fv $@
+
+include initramfs-script-template.mk
+unsafe-boot-metadata-collect-agent/usr/share/initramfs-tools/scripts/local-bottom/metadata-collect-agent: unsafe-boot-metadata-collect-agent/sbin/metadata-collect-agent
+	@ if [ "${ERP5_USER}" = "" ]; then \
+		echo "Environment variable ERP5_USER not set"; \
+		exit 1; \
+	fi
+	@ if [ "${ERP5_PASS}" = "" ]; then \
+		echo "Environment variable ERP5_PASS not set"; \
+		exit 1; \
+	fi
+	@ if [ "${ERP5_BASE_URL}" = "" ]; then \
+		echo "Environment variable ERP5_BASE_URL not set"; \
+		exit 1; \
+	fi
+
+	echo "$${initramfs_script}" >> $@
+
+unsafe-boot-metadata-collect-agent/sbin/metadata-collect-agent:
+	cd ../ && ./rust-build-static.bash
+
+.PHONY: clean
+clean:
+	rm -fv unsafe-boot-metadata-collect-agent/usr/share/initramfs-tools/scripts/local-bottom/metadata-collect-agent unsafe-boot-metadata-collect-agent/sbin/metadata-collect-agent unsafe-boot-metadata-collect-agent.deb
\ No newline at end of file
--- a/debian.package.unsafe/initramfs-script-template.mk
+++ b/debian.package.unsafe/initramfs-script-template.mk
+define initramfs_script :=
+#!/bin/sh
+
+PREREQ=""
+prereqs()
+{
+	echo "$$PREREQ"
+}
+case $$1 in
+prereqs)
+	prereqs
+	exit 0
+	;;
+esac
+
+. /scripts/functions
+
+configure_networking
+
+DEFAULT_IF="$$(ip route show default | grep -Po "(?<=dev )\w+" | head -n 1)"
+DEFAULT_IF_MAC="$$(ip link show "$$DEFAULT_IF" | grep -Po '(?<= )\w{2}:\w{2}:\w{2}:\w{2}:\w{2}:\w{2}(?= )' | head -n 1)"
+
+ERP5_BASE_URL="$(ERP5_BASE_URL)"
+ERP5_USER="$(ERP5_USER)"
+ERP5_PASS="$(ERP5_PASS)"
+
+REFERENCE="COMP-MAC-$$(echo "$$DEFAULT_IF_MAC" | sed s/:/-/g).Metadata.Snapshot"
+
+/sbin/metadata-collect-agent "$$NEWROOT" "$$ERP5_USER" "$$ERP5_PASS" "$$REFERENCE" "$$ERP5_BASE_URL"
+endef
+
+export initramfs_script
\ No newline at end of file
--- a/debian.package.unsafe/unsafe-boot-metadata-collect-agent/DEBIAN/control
+++ b/debian.package.unsafe/unsafe-boot-metadata-collect-agent/DEBIAN/control
+Package: unsafe-boot-metadata-collect-agent
+Version: 0.1
+Section: custom
+Priority: optional
+Architecture: amd64
+Essential: no
+Maintainer: leo.le.bouter@nexedi.com
+Description: metadata-collect-agent with initramfs scripts
--- a/debian.package.unsafe/unsafe-boot-metadata-collect-agent/usr/share/initramfs-tools/hooks/metadata-collect-agent
+++ b/debian.package.unsafe/unsafe-boot-metadata-collect-agent/usr/share/initramfs-tools/hooks/metadata-collect-agent
+#!/bin/sh
+PREREQ=""
+prereqs()
+{
+	echo "$PREREQ"
+}
+case $1 in
+prereqs)
+	prereqs
+	exit 0
+	;;
+esac
+. /usr/share/initramfs-tools/hook-functions
+
+copy_exec /sbin/metadata-collect-agent /sbin
\ No newline at end of file