On Thu, 10 Dec 2015 at 12:15:33 +0100, Jonas Meurer wrote: > - redefine the purpose of files in conf-hooks.d to set variables that > are made available to mkinitramfs *and* the hook scripts.
On second thought it might not be ideal to use the same file for both,
as exporting all variable to the hooks can have unexpected side effects.
For instance the dropbear hook changes the default UMASK value to 0077
in order to protect the private key material (the SSH host keys). But
this variable is also used by other software to override the process's
umask(2); if it were to be set in the hooks, files within the initramfs
image might be created with the wrong permissions, which is certainly
not intended and might have unexpected side effects.
> # source package confs
> -for i in /usr/share/initramfs-tools/conf-hooks.d/*; do
> +for i in /usr/share/initramfs-tools/conf-hooks.d/*
> /etc/initramfs-tools/conf-hooks.d/*; do
> if [ -d "${i}" ]; then
> echo "Warning: ${i} is a directory instead of file, ignoring."
> elif [ -e "${i}" ]; then
> . "${i}"
> + hookvars="$(sed -e '/#.*$/d' -e '/^$/d' ${i} | cut -d= -f1)"
> + if [ -n "${hookvars}" ]; then
> + export ${hookvars}
> + fi
> fi
> done
If *all* variables are accessible in *all* hooks there must be some kind
of policy to prevents collisions. For instance packages a and b
shouldn't make use the same variable OPTIONS, since the assignment in
conf-hooks.d/b would override that in conf-hooks.d/a.
I should also add that Jonas and I would both like to avoid the easy &
dirty solution consisting of making the package ship a configuration
file for its hook in /etc/$package/initramfs-hook and source that file
in the hook. Some cleaner organization in the fashion of /etc/default
seems like the way to go.
--
Guilhem.
signature.asc
Description: PGP signature
