#!/usr/bin/bash if [ $(/usr/bin/id -u) != 0 ]; then echo "only root can do that"; exit 2; fi ############################################################################## # This file is part of the CRYPTO BONE # File : cryptoboneexternd # Version : 2.0 (external cryptobone) # License : BSD-3.Clause # Date : 24 May 2025 # Contact : Please send enquiries and bug-reports to innovation@senderek.ie # # Copyright (c) 2015-2025 # Ralf Senderek, Ireland. All rights reserved. (https://senderek.ie) # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by Ralf Senderek. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. ############################################################################## # Author: Ralf Senderek # # license: BSD-3-Clause # description: Activates or deactivates the external cryptobone daemon via systemd # processname: cryptoboneexternd # config: none # for comments see: ../README.extern #-------------------------------------------------# start() { # load the SELinux policy for the daemon if selinuxenabled ; then echo "init selinux module" /usr/sbin/semodule -i /usr/lib/cryptobone/selinux/cryptobone.pp /usr/sbin/semodule -e cryptobone echo "selinux module enabled" fi if [ -L /usr/lib/cryptobone/ext/masterkey ]; then # ensure that the master key is no longer in /dev/shm/BOOT and that secrets.tgz is deleted /usr/bin/rm -rf /dev/shm/BOOT 2>/dev/null fi # produce some entropy in the background find / 2> /dev/null > /dev/random & if [ ! -L /usr/lib/cryptobone/ext/masterkey ]; then # initialize database and create a master key and local key echo "generate master key via /usr/lib/cryptobone/ext/initialkeysetup" /usr/lib/cryptobone/ext/initialkeysetup fi # update firewall setup? if [[ -r /usr/lib/cryptobone/ext/init.d/usefirewall ]]; then systemctl stop firewalld /usr/lib/cryptobone/ext/firewall red fi if grep cryptobone /etc/passwd >/dev/null 2>/dev/null; then echo "correct permissions after update" chown cryptobone /usr/lib/cryptobone /usr/lib/cryptobone/ext chown cryptobone /usr/lib/cryptobone/ext/cryptoboneshell fi # start the daemon echo "starting the daemon" rm -f /usr/lib/cryptobone/ext/secrets.sock /usr/lib/cryptobone/ext/cryptoboneexternd } ########################################################################## stop() { if [ -d /dev/shm/EXRAM ] then /usr/lib/cryptobone/ext/bin/savemessages fi killall cryptoboneexternd } ########################################################################## case "$1" in start) start ;; stop) stop ;; restart) echo "deliberately not implemented" ;; status) echo "deliberately not implemented" ;; force-reload) echo "deliberately not implemented" ;; *) echo "Usage: /usr/lib/cryptobone/ext/init.d/cryptoboneexternd {start|stop}" exit 1 esac exit 0