diff --git a/build-deb.sh b/build-deb.sh index 90ae7ea..2c7e42f 100755 --- a/build-deb.sh +++ b/build-deb.sh @@ -2,10 +2,12 @@ chmod u=rwx src/etc/initramfs-tools/hooks/*.sh chmod u=rwx src/etc/initramfs-tools/scripts/init-premount/*.sh +chmod u=rwx src/etc/initramfs-tools/scripts/init-bottom/*.sh chmod u=rwx src/lib/cryptsetup/scripts/wget_or_ask chmod og=rx src/etc/initramfs-tools/hooks/*.sh chmod og=rx src/etc/initramfs-tools/scripts/init-premount/*.sh +chmod og=rx src/etc/initramfs-tools/scripts/init-bottom/*.sh chmod og=rx src/lib/cryptsetup/scripts/wget_or_ask -dpkg-deb -b src dist \ No newline at end of file +dpkg-deb -b src dist diff --git a/src/etc/initramfs-tools/scripts/init-bottom/networking.sh b/src/etc/initramfs-tools/scripts/init-bottom/networking.sh new file mode 100755 index 0000000..d99c17f --- /dev/null +++ b/src/etc/initramfs-tools/scripts/init-bottom/networking.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +PREREQ="" + +prereqs() { + echo "$PREREQ" +} + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions + +# Bring all interfaces down or set variable IFACE to none +IFDOWN=* + +if [ "$BOOT" != nfs ] && [ "$IFDOWN" != none ]; then + for IFACE in /sys/class/net/$IFDOWN; do + [ -e "$IFACE" ] || continue + IFACE="${IFACE#/sys/class/net/}" + log_begin_msg "Bringing down $IFACE" + ip link set dev "$IFACE" down + ip address flush dev "$IFACE" + ip route flush dev "$IFACE" + log_end_msg + done +fi diff --git a/src/etc/initramfs-tools/scripts/init-premount/networking.sh b/src/etc/initramfs-tools/scripts/init-premount/networking.sh index cfec598..defa181 100755 --- a/src/etc/initramfs-tools/scripts/init-premount/networking.sh +++ b/src/etc/initramfs-tools/scripts/init-premount/networking.sh @@ -1,32 +1,49 @@ #!/bin/sh -set -e -PREREQ="" +PREREQ="udev" -prereqs() -{ +prereqs() { echo "$PREREQ" } -case $1 in +case "$1" in prereqs) prereqs exit 0 - ;; + ;; esac . /scripts/functions -# The more sensible approach might be use the configure_networking function -# but I struggled to make this work well independently of configuring NFS -wait_for_udev 10 -ipconfig -t 30 -c dhcp -d eth0 - - -# Cloudflare -echo 'nameserver 1.1.1.1' > /etc/resolv.conf -echo 'nameserver 1.0.0.1' >> /etc/resolv.conf - -# Quad 9 -echo 'nameserver 9.9.9.9' >> /etc/resolv.conf -echo 'nameserver 9.9.9.10' >> /etc/resolv.conf \ No newline at end of file +# Network is manually configured. +[ "$IP" != off ] && [ "$IP" != none ] || exit 0 + +# Always run configure_networking() before fetching the key; on NFS +# mounts this has been already done +[ "$BOOT" != nfs ] && configure_networking + +# Waiting a moment to get a valid network connection before +# configuring resolv.conf +connection_wait=30 +seconds=0 +while [ $seconds -le $connection_wait ]; do + if [ "$(/sbin/ip addr | grep -c inet )" -ne 0 ]; then + break + fi + if [ $seconds -ge $connection_wait ]; then + log_failure_msg "No working networking connection found in $connection_wait seconds" + fi + sleep 1 + seconds=$(( seconds + 1)) +done + +# Configure a basic resolv.conf just to get domain name resolving +# working. +if ! [ -s /etc/resolv.conf ]; then + # Cloudflare + [ -z "$IPV4DNS0" ] && IPV4DNS0="1.1.1.1" + # Quad9 + [ -z "$IPV4DNS1" ] && IPV4DNS1="9.9.9.9" + echo "nameserver $IPV4DNS0" > /etc/resolv.conf + echo "nameserver $IPV4DNS1" >> /etc/resolv.conf +fi diff --git a/tests/shellcheck.sh b/tests/shellcheck.sh index 242c87f..bc376b9 100644 --- a/tests/shellcheck.sh +++ b/tests/shellcheck.sh @@ -3,4 +3,5 @@ SC_EXCLUDE="SC2181,SC2162,SC1091,SC2129" shellcheck -s sh --exclude="$SC_EXCLUDE" src/lib/cryptsetup/scripts/wget_or_ask \ src/etc/initramfs-tools/hooks/*.sh \ - src/etc/initramfs-tools/scripts/init-premount/networking.sh \ No newline at end of file + src/etc/initramfs-tools/scripts/init-premount/networking.sh + src/etc/initramfs-tools/scripts/init-bottom/networking.sh