1#!/bin/bash 2# Copyright 2018 VMware, Inc. All Rights Reserved. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16set -x 17 18# Usage: copies entropy source to target system. Creates the following 19# executable in the target filesystem to launch the actual entropy source: 20# /bin/entropy - should exec the target binary with any arguments required 21# inline and pass through any additional provided 22# 23# arg1: root of destination filesystem 24install-entropy () { 25 # copy rngd and libraries to target from current root 26 mkdir -p $1/{opt/config,bin/lib64} 27 cp -Ln /lib64/ld-linux-x86-64.so.2 $1/lib64/ 28 cp -Ln /lib64/libc.so.6 $1/lib64/ 29 cp -Ln /lib/libhavege.so.* $1/lib64/ 30 cp /sbin/haveged $1/bin/haveged 31 32 # TODO(morris-jason): Hack allowing tether to launch the entropy process 33 cat - > $1/opt/config/entropy.txt <<ENTROPY 34/.tether/lib64/ld-linux-x86-64.so.2 --library-path /.tether/lib64 /.tether/bin/haveged -w 1024 -v 1 -F 35ENTROPY 36} 37 38# Usage: copies iptables tools to target system. Creates the following 39# executable in the target filesystem to launch iptables: 40# /bin/iptables - should exec the target binary with any arguments required 41# inline and pass through any additional provided 42# 43# arg1: root of destination filesystem 44# 45# ldd of xtables-multi yields the following list of libraries we need to 46# copy into our initrd. We need these binaries in order to call iptables 47# before the switch-root. 48# linux-vdso.so.1 (0x00007ffc94d0d000) 49# libip4tc.so.0 => /baz/lib/libip4tc.so.0 (0x00007f97fc721000) 50# libip6tc.so.0 => /baz/lib/libip6tc.so.0 (0x00007f97fc519000) 51# libxtables.so.11 => /baz/lib/libxtables.so.11 (0x00007f97fc30c000) 52# libm.so.6 => /lib64/libm.so.6 (0x00007f97fc00e000) 53# libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f97fbdf7000) 54# libc.so.6 => /baz/lib/libc.so.6 (0x00007f97fba53000) 55# libdl.so.2 => /baz/lib/libdl.so.2 (0x00007f97fb84f000) 56# /lib64/ld-linux-x86-64.so.2 (0x00007f97fc929000) 57install-iptables () { 58 # copy iptables and all associated libraries to target from current root 59 mkdir -p $1/{bin,lib64} 60 cp -Ln /lib64/ld-linux-x86-64.so.2 $1/lib64/ 61 cp -L /sbin/iptables $1/bin/iptables 62 63 # TODO: figure out what to do with the /etc/alternatives symlinks 64 # just copy the target of the link for now 65 cp -Ln /lib64/lib{m.*,m-*,gcc_s*,ip*tc*,xtables*,dl*,c.so*,c-*} $1/lib64/ 66 cp -a /lib64/xtables $1/lib64/ 67 68 # TODO: stop assuming bash - can we replace with: 69 # a. json config with rtld, rtld args, binary, binary args, chroot? 70 # b. Go plugins for tether extensions 71 cat - > $1/bin/iptables-wrapper <<IPTABLES 72#!/bin/sh 73exec chroot /.tether/ /lib64/ld-linux-x86-64.so.2 /bin/iptables "\$@" 74IPTABLES 75 76 chmod a+x $1/bin/iptables-wrapper 77}