live-persist 15.3 KB
Newer Older
1
2
#!/bin/bash

3
4
5
6
7
8
error ()
{
	echo "error: ${@}" >&2
	exit 1
}

anonym's avatar
anonym committed
9
10
11
12
13
warning ()
{
	echo "warning: ${@}" >&2
}

14
# import Cmdline_old()
15
16
. /lib/live/boot/9990-cmdline-old \
	|| error 'Could not source /lib/live/boot/9990-cmdline-old'
17

18
# Set variable names needed by get_custom_mounts(),
19
20
# and now initialized by live-boot in a file that we certainly
# don't want to source.
21
export persistence_list="persistence.conf"
22
export old_persistence_list="nonexistent"
23
24

# This will import the following functions and variables used below:
25
#   activate_custom_mounts()
26
27
#   get_custom_mounts()
#   open_luks_device()
28
#   probe_for_gpt_name()
29
30
31
#   removable_dev()
#   removable_usb_dev()
#   storage_devices()
32
#   where_is_mounted()
33
#   $custom_overlay_label
34
35
. /lib/live/boot/9990-misc-helpers.sh \
	|| error 'Could not source /lib/live/boot/9990-misc-helpers.sh'
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

usage ()
{
	local cmd=${0##*/}
	echo "Usage: ${cmd} [OPTION]... list [LABEL]...
List (on stdout) all GPT partitions with names among LABEL(s) that are
compatible with live-boot's overlay persistence, and that are adhering to
live-boot's persistence filters (e.g. persistent-media). If no LABEL is given
the default in live-boot is used ('${custom_overlay_label}').
   or: ${cmd} [OPTION]... activate VOLUME...
Activates persistence on the given VOLUME(s). Successes and failures are
written to stdout. There are no checks for whether the given volumes adhere
to live-boot's options.

Kernel command-line options are parsed just like in live-boot and have the same
effect (see live-boot(7) for more information)

Arguments to options must be passed using an equality sign. LISTs are coma
separated. Most options correspond to the persistent-* options of live-boot,
and will override the corresponging options parsed from the kernel command-line.

General options:
  --help                display this help and exit
  --log-file=FILE       log the bash execution trace to FILE

Options affecting the 'list' action:
  --encryption=LIST     override 'persistent-encryption'
  --media=VALUE         override 'persistent-media'

Options affecting the 'activate' action:
  --read-only           enable 'persistent-read-only'
  --read-write          disable 'persistent-read-only'
  --union=VALUE         override 'union'
"
}

72
73
74
75
escape() {
	printf "%s\n" "${2}" | sed --regexp-extended "s/[${1}]/\\\&/g"
}

kytv's avatar
kytv committed
76
escape_dots() {
77
	escape . "${@}"
78
79
}

anonym's avatar
anonym committed
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
add_persistence_preset()
{
	local PRESET="${1}"
	local PRESET_SOURCE="${2}"
	local CONFIG="${3}"
	if [ "${PERSISTENCE_READONLY}" = true ]
	then
		warning "We are trying to add a persistence preset while" \
		        "persistence is in read-only mode"
	else
		echo "${PRESET}	source=${PRESET_SOURCE}" \
		    >> "${CONFIG}" || error "Failed to make ${PRESET}: $?"
		warning "Successfully made ${PRESET} persistent"
	fi
}

96
97
98
99
remove_persistence_preset()
{
	local PRESET="${1}"
	local CONFIG="${2}"
anonym's avatar
anonym committed
100
101
102
103
104
	# The intent here is to simply remove the line starting with
	# $PRESET, but since it is a path, and sed uses / as delimiter
	# for patterns we can use together with d, we have to escape /
	# (and . as usual).
	sed -i "/^$(escape './' "${PRESET}")\s/d" "${CONFIG}"
105
106
}

anonym's avatar
anonym committed
107
108
109
110
111
112
113
114
is_preset_enabled() {
	local PRESET="${1}"
	local PRESET_SOURCE="${2}"
	local CONFIG="${3}"
	grep --extended-regexp --line-regex --quiet --no-messages \
	     -e "$(escape_dots ${PRESET})\s+source=${PRESET_SOURCE}" "$CONFIG"
}

115
116
migrate_persistence_preset()
{
anonym's avatar
anonym committed
117
118
119
120
	local OLD="${1}"
	local OLD_SOURCE="${2}"
	local NEW="${3}"
	local NEW_SOURCE="${4}"
121
	local CONFIG="${5}"
anonym's avatar
anonym committed
122
123
	if   is_preset_enabled "${OLD}" "${OLD_SOURCE}" "${CONFIG}" && \
	   ! is_preset_enabled "${NEW}" "${NEW_SOURCE}" "${CONFIG}"
124
	then
anonym's avatar
anonym committed
125
126
		warning "Need to make ${NEW} persistent"
		add_persistence_preset "${NEW}" "${NEW_SOURCE}" \
anonym's avatar
anonym committed
127
		                       "${CONFIG}"
128
129
130
	fi
}

131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# We override live-boot's logging facilities to get more useful error messages
log_warning_msg ()
{
	warning ${@}
}

# We override live-boot's panic() since it does a lot of crazy stuff
panic ()
{
	error ${@}
}

list_gpt_volumes ()
{
	local labels=${@}

	local whitelistdev=""
148
	case "${PERSISTENCE_MEDIA}" in
149
150
		removable)
			whitelistdev="$(removable_dev)"
151
			[ -z "${whitelistdev}" ] && return
152
153
154
			;;
		removable-usb)
			whitelistdev="$(removable_usb_dev)"
155
			[ -z "${whitelistdev}" ] && return
156
157
			;;
		*)
158
159
160
161
162
163
164
165
166
			if grep -qs -w -E '(live-media|bootfrom)=removable-usb' /proc/cmdline ; then
				whitelistdev="$(removable_usb_dev)"
				[ -z "${whitelistdev}" ] && return
			elif grep -qs -w -E '(live-media|bootfrom)=removable' /proc/cmdline ; then
				whitelistdev="$(removable_dev)"
				[ -z "${whitelistdev}" ] && return
			else
				whitelistdev=""
			fi
167
168
169
			;;
	esac

170
	for dev in $(storage_devices "" "${whitelistdev}")
171
	do
172
		if ( is_luks_partition ${dev} >/dev/null 2>&1 && \
173
		     echo ${PERSISTENCE_ENCRYPTION} | grep -qve "\<luks\>" ) || \
174

175
		   ( ! is_luks_partition ${dev} >/dev/null 2>&1 && \
176
		     echo ${PERSISTENCE_ENCRYPTION} | grep -qve "\<none\>" )
177
178
179
		then
			continue
		fi
180
		local result="$(probe_for_gpt_name "${labels}" ${dev})"
181
182
183
184
185
186
187
188
189
		if [ -n "${result}" ]
		then
			echo ${result#*=}
		fi
	done

	exit 0
}

190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
mountpoint_has_correct_access_rights ()
{
	local mountpoint="$1"
	local expected_user=root
	local expected_group=root
	local expected_perms=775
	local expected_acl="user::rwx
user:tails-persistence-setup:rwx
group::rwx
mask::rwx
other::r-x"

	if [ $(stat -c %U "$mountpoint") != "$expected_user" ]
	then
		warning "'$mountpoint' is not owned by the '$expected_user' user"
		return 1
	fi
	if [ $(stat -c %G "$mountpoint") != "$expected_group" ]
	then
		warning "'$mountpoint' is not owned by the '$expected_group' group"
		return 2
	fi
	if [ $(stat -c %a "$mountpoint") != "$expected_perms" ]
	then
		warning "'$mountpoint' permissions are not $expected_perms"
		return 4
	fi
Tails developers's avatar
Tails developers committed
217
	if [ "$(getfacl --omit-header --skip-base "$mountpoint" 2>/dev/null | grep -v '^\s*$')" \
218
219
220
221
222
223
224
225
	      != "$expected_acl" ]
	then
		warning "'$mountpoint' has incorrect ACL"
		return 8
	fi
	return 0
}

226
227
228
persistence_conf_file_has_correct_access_rights ()
{
	local conf="$1"
229
	local expected_perms="$2"
230
231
	local expected_user=tails-persistence-setup
	local expected_group=tails-persistence-setup
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
	local expected_acl=""

	if [ $(stat -c %U "$conf") != "$expected_user" ]
	then
		warning "'$conf' is not owned by the '$expected_user' user"
		return 1
	fi
	if [ $(stat -c %G "$conf") != "$expected_group" ]
	then
		warning "'$conf' is not owned by the '$expected_group' group"
		return 2
	fi
	if [ $(stat -c %a "$conf") != "$expected_perms" ]
	then
		warning "'$conf' permissions are not $expected_perms"
		return 4
	fi
Tails developers's avatar
Tails developers committed
249
	if [ "$(getfacl --omit-header --skip-base "$conf" 2>/dev/null | grep -v '^\s*$')" \
250
251
252
253
254
255
256
257
	      != "$expected_acl" ]
	then
		warning "'$conf' has incorrect ACL"
		return 8
	fi
	return 0
}

258
259
260
disable_and_create_empty_persistence_conf_file ()
{
	local conf="$1"
261
	local mode="$2"
262

263
264
265
266
267
	if [ -z "$mode" ]
	then
		mode=0600
	fi

268
	mv "$conf" "${conf}.insecure_disabled" \
269
		|| error "Failed to disable '$conf': $?"
270
	create_empty_persistence_conf_file "$conf" "$mode"
271
272
273
274
275
}

create_empty_persistence_conf_file ()
{
	local conf="$1"
276
	local mode="$2"
277

278
	install --owner tails-persistence-setup \
279
		--group tails-persistence-setup --mode "$mode" \
280
281
282
283
		/dev/null "$conf" \
		|| error "Failed to create empty '$conf': $?"
}

284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
activate_volumes ()
{
	local volumes=${@}
	local ret=0
	local open_volumes=""
	local successes=""
	local failures=""

	# required by open_luks_device()
	exec 6>&1

	for vol in ${volumes}
	do
		if [ ! -b "${vol}" ]
		then
			warning "${vol} is not a block device"
			failures="${failures} ${vol}"
			ret=1
			continue
		fi
		if [ -n "$(what_is_mounted_on ${dev})" ]
		then
			warning "${vol} is already mounted"
			failures="${failures} ${vol}"
			ret=1
			continue
		fi
		local luks_vol=""
		if /sbin/cryptsetup isLuks ${vol} >/dev/null 2>&1 
		then
			if luks_vol=$(open_luks_device "${vol}")
			then
				open_volumes="${open_volumes} ${luks_vol}"
			else
				failures="${failures} ${vol}"
			fi
		else
			open_volumes="${open_volumes} ${vol}"
		fi
	done

	custom_mounts="$(mktemp /tmp/custom_mounts-XXXXXX.list)"
326
	get_custom_mounts ${custom_mounts} ${open_volumes}
327
328
	# ... and now the persistent volumes should be mounted.

329
	# Enable the acl mount option on all persistent filesystems.
330
	for mountpoint in $(ls -d /live/persistence/*_unlocked || true)
331
332
333
334
	do
		mount -o remount,acl "$mountpoint"
	done

335
	# Detect if we have incorrect ownership, permissions and ACL.
336
	ACCESS_RIGHTS_ARE_CORRECT=true
337
	for mountpoint in $(ls -d /live/persistence/*_unlocked || true)
338
339
340
	do
		if ! mountpoint_has_correct_access_rights "$mountpoint"
		then
341
			ACCESS_RIGHTS_ARE_CORRECT=false
342
343
344
			break
		fi
	done
Tails developers's avatar
TODO++  
Tails developers committed
345

anonym's avatar
anonym committed
346
	# Create live-additional-software.conf if there is none
347
348
349
350
	for mountpoint in $(ls -d /live/persistence/*_unlocked || true)
	do
		if test ! -f "$mountpoint/live-additional-software.conf"
		then
351
			create_empty_persistence_conf_file "$mountpoint/live-additional-software.conf" "0644"
352
353
354
		fi
	done

355
356
357
358
359
360
361
362
363
364
	# Disable all persistence configuration files if the mountpoint
	# has wrong access rights.
	if [ "$ACCESS_RIGHTS_ARE_CORRECT" != true ]
	then
		for f in $(ls /live/persistence/*_unlocked/persistence.conf \
		              /live/persistence/*_unlocked/live-additional-software.conf || true)
		do
			warning "Disabling '$f': persistent volume has unsafe access rights"
			disable_and_create_empty_persistence_conf_file "$f"
		done
365
	fi
366

367
368
	# Regardless of the mountpoint access rights, disable persistence
	# configuration files with wrong access rights.
369
	for f in $(ls /live/persistence/*_unlocked/persistence.conf || true)
370
	do
371
		if ! persistence_conf_file_has_correct_access_rights "$f" "600"
372
373
374
375
376
		then
			warning "Disabling '$f', that has unsafe access rights"
			disable_and_create_empty_persistence_conf_file "$f"
		fi
	done
377
378
	for f in $(ls /live/persistence/*_unlocked/live-additional-software.conf || true)
	do
379
		if persistence_conf_file_has_correct_access_rights "$f" "600"
Alan's avatar
Alan committed
380
		then
381
382
			chmod 0644 "$f"
		fi
383
		if ! persistence_conf_file_has_correct_access_rights "$f" "644"
384
385
386
387
388
		then
			warning "Disabling '$f', that has unsafe access rights"
			disable_and_create_empty_persistence_conf_file "$f"
		fi
	done
389

390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
	# Fix permissions on persistent directories that were created
	# with unsafe permissions.
	for persistent_fs in $(ls -d /live/persistence/*_unlocked || true)
	do
		[ -d "$persistent_fs" ] || continue
		for child in $(ls "$persistent_fs" || true)
		do
			subdir="$persistent_fs/$child"
			[ -d "$subdir" ] || continue
			# Note: we chmod even custom persistent directories.
			# This may break things by changing otherwise correct
			# permissions copied from the directory that was made
			# persistent, so we only do that if the persistent directory
			# is owned by amnesia:amnesia, and thus unlikely to be
			# a system directory. This e.g. avoids setting wrong
			# permissions on the APT, CUPS and NetworkManager
			# persistent directories.
			[ $(stat -c '%U' "$subdir") = 'amnesia' ] || continue
			[ $(stat -c '%G' "$subdir") = 'amnesia' ] || continue
			if [ "$PERSISTENCE_READONLY" = true ]
			then
				warning "Permissions of '$subdir' may need to be fixed, but read only was selected; please retry in read-write mode"
			else
				chmod go= "$subdir"
			fi
		done
	done

418
	# Load the new persistence.conf.
419
	custom_mounts="$(mktemp /tmp/custom_mounts-XXXXXX.list)"
420
	get_custom_mounts ${custom_mounts} ${open_volumes}
421

422
423
	if [ -s "${custom_mounts}" ]
	then
424
425
426
427
		OLD_UMASK="$(umask)"
		# Have activate_custom_mounts create new directories
		# with safe permissions (#7443)
		umask 0077
428
		activate_custom_mounts ${custom_mounts} &> /dev/null
429
		umask "$OLD_UMASK"
430
431
432
	fi
	rm -f ${custom_mounts} 2> /dev/null

433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
	# Update persistent GnuPG configuration for Stretch
	if mountpoint --quiet /home/amnesia/.gnupg ; then
		# Install current dirmngr.conf if there is no persistent one
		if [ ! -e /home/amnesia/.gnupg/dirmngr.conf ]
		then
			install --owner amnesia --group amnesia --mode 0600 \
			        /etc/skel/.gnupg/dirmngr.conf \
			        /home/amnesia/.gnupg/dirmngr.conf \
			|| warning "Could not install dirmngr.conf"
		fi
		# Disable gpg.conf settings that either are obsolete,
		# or would break communication with keyservers
		if [ -e /home/amnesia/.gnupg/gpg.conf ]
		then
			obsolete_keyserver_options_str='http-proxy|ca-cert-file'
			obsolete_keyserver_options_bool='no-try-dns-srv|no-honor-keyserver-url'
			sed -i --regexp-extended \
			    "s/^(keyserver\s+)/#\1/ ; \
			     s/^(keyserver-options\s+($obsolete_keyserver_options_str)=)/\#\\1/ ; \
			     s/^(keyserver-options\s+($obsolete_keyserver_options_bool))\$/\#\\1/" \
			    /home/amnesia/.gnupg/gpg.conf \
			|| warning "Could not update gpg.conf"
		fi
	fi

458
459
460
461
462
463
464
465
	# Get rid of any Enigmail configuredVersion that we previously used
	# to set in a way that would persistently override the value maintained
	# by Enigmail itself (#12680, #15693). We stopped writing this pref
	# there a long time ago but recently instructed users to reintroduce
	# this problem as a workaround (#15692).
	tb_profile="$(dirname "${conf}")/thunderbird/profile.default"
	rm -f "${tb_profile}/preferences/0000tails.js"

466
467
	for vol in ${open_volumes}
	do
468
		if grep -qe "^${vol}\>" /proc/mounts
469
		then
470
471
			successes="${successes} ${vol}"
		else
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
			failures="${failures} ${vol}"
			ret=1
		fi
	done

	if [ -n "${successes}" ]
	then
		echo "Successes:"
		for vol in ${successes}
		do
			echo "  - ${vol}"
		done
	fi

	if [ -n "${failures}" ]
	then
		echo "Failures:"
		for vol in ${failures}
		do
			echo "  - ${vol}"
		done
	fi
	exit ${ret}
}

497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
close_volumes ()
{
	local volumes=${@}
	local custom_mounts="$(mktemp /tmp/custom_mounts-XXXXXX.list)"
	get_custom_mounts ${custom_mounts} ${volumes}
	while read device source dest options # < ${custom_mounts}
	do
		if [ "${options}" != linkfiles ]
		then
			umount ${dest} 2> /dev/null
		fi
	done < ${custom_mounts}
	rm -f ${custom_mounts} 2> /dev/null
	for vol in ${volumes}
	do
		local backing=$(where_is_mounted ${vol})
		umount ${backing}
	done
}

517
518
519
520
521
522
523
524
main ()
{
	# tracing get's activated by Arguments() if "debug" is in /proc/cmdline
	# which may be something we don't want to flood stderr
	exec 3<>"/dev/null"
	BASH_XTRACEFD="3"

	# parse the kernel cmdline for live-boot's configuration as defaults
525
	Cmdline_old
526
527
528
529
530

	# note that this is not enough for disabling tracing. we need to do the
	# $BASH_XTRACEFD stuff above to avoid tracing until this point.
	set +x

531
	export PERSISTENCE="true"
532
	export NOPERSISTENCE=""
533
534
535
536
537
538
539
540

	# Should be set empty since live-boot already changed root for us
	export rootmnt=""

	while echo "${1}" | grep -qe "^--[^ ]\+\>"
	do
		case "${1}" in
			--encryption=*)
541
				export PERSISTENCE_ENCRYPTION="${1#*=}"
542
543
544
545
546
547
548
549
550
551
552
553
				;;
			--help)
				usage
				exit 0
				;;
			--log-file=*)
				local log_file="${1#*=}"
				[ -e "${log_file}" ] && rm -f "${log_file}"
				exec 3<>"${log_file}"
				set -x
				;;
			--media=*)
554
				export PERSISTENCE_MEDIA="${1#*=}"
555
556
				;;
			--read-only)
557
				export PERSISTENCE_READONLY="true"
558
559
				;;
			--read-write)
560
				export PERSISTENCE_READONLY=""
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
				;;
			--union=*)
				export UNIONTYPE="${1#*=}"
				;;
			*)
				error "unrecognized option: ${1}"
				;;
		esac
		shift
	done

	local action="${1}"
	shift
	case "${action}" in
		list)
			local labels=${@}
			if ! echo ${labels} | grep -qe "[^[:space:]]"
			then
				# use default from live-helpers
				labels=${custom_overlay_label}
			fi
			list_gpt_volumes ${labels}
			;;
584
		activate|close)
585
586
587
588
			if ! echo ${@} | grep -qe "[^[:space:]]"
			then
				error "you must specify at least one volume"
			fi
589
			${action}_volumes "${@}"
590
591
592
593
594
595
596
597
598
599
600
			;;
		"")
			error "no action specified"
			;;
		*)
			error "unrecognized action: ${action}"
			;;
	esac
}

main ${@}