1#!/bin/bash
2# Copyright 2018 VMware, Inc. All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#    http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16set -x
17
18# Usage: copies entropy source to target system. Creates the following
19# executable in the target filesystem to launch the actual entropy source:
20# /bin/entropy - should exec the target binary with any arguments required
21#                inline and pass through any additional provided
22#
23# arg1: root of destination filesystem
24install-entropy () {
25    # copy rngd and libraries to target from current root
26    mkdir -p $1/{opt/config,bin/lib64}
27    cp -Ln /lib64/ld-linux-x86-64.so.2 $1/lib64/
28    cp -Ln /lib64/libc.so.6 $1/lib64/
29    cp -Ln /lib/libhavege.so.* $1/lib64/
30    cp /sbin/haveged $1/bin/haveged
31
32    # TODO(morris-jason): Hack allowing tether to launch the entropy process
33    cat - > $1/opt/config/entropy.txt <<ENTROPY
34/.tether/lib64/ld-linux-x86-64.so.2 --library-path /.tether/lib64 /.tether/bin/haveged -w 1024 -v 1 -F
35ENTROPY
36}
37
38# Usage: copies iptables tools to target system. Creates the following
39# executable in the target filesystem to launch iptables:
40# /bin/iptables - should exec the target binary with any arguments required
41#                 inline and pass through any additional provided
42#
43# arg1: root of destination filesystem
44#
45# ldd of xtables-multi yields the following list of libraries we need to
46# copy into our initrd.  We need these binaries in order to call iptables
47# before the switch-root.
48#                   linux-vdso.so.1 (0x00007ffc94d0d000)
49# libip4tc.so.0 => /baz/lib/libip4tc.so.0 (0x00007f97fc721000)
50# libip6tc.so.0 => /baz/lib/libip6tc.so.0 (0x00007f97fc519000)
51# libxtables.so.11 => /baz/lib/libxtables.so.11 (0x00007f97fc30c000)
52# libm.so.6 => /lib64/libm.so.6 (0x00007f97fc00e000)
53# libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f97fbdf7000)
54# libc.so.6 => /baz/lib/libc.so.6 (0x00007f97fba53000)
55# libdl.so.2 => /baz/lib/libdl.so.2 (0x00007f97fb84f000)
56# /lib64/ld-linux-x86-64.so.2 (0x00007f97fc929000)
57install-iptables () {
58    # copy iptables and all associated libraries to target from current root
59    mkdir -p $1/{bin,lib64}
60    cp -Ln /lib64/ld-linux-x86-64.so.2 $1/lib64/
61    cp -L /sbin/iptables $1/bin/iptables
62
63    # TODO: figure out what to do with the /etc/alternatives symlinks
64    # just copy the target of the link for now
65    cp -Ln /lib64/lib{m.*,m-*,gcc_s*,ip*tc*,xtables*,dl*,c.so*,c-*} $1/lib64/
66    cp -a /lib64/xtables $1/lib64/
67
68    # TODO: stop assuming bash - can we replace with:
69    # a. json config with rtld, rtld args, binary, binary args, chroot?
70    # b. Go plugins for tether extensions
71    cat - > $1/bin/iptables-wrapper <<IPTABLES
72#!/bin/sh
73exec chroot /.tether/ /lib64/ld-linux-x86-64.so.2 /bin/iptables "\$@"
74IPTABLES
75
76    chmod a+x $1/bin/iptables-wrapper
77}