[SCM] live-boot branch, debian-next, updated. debian/3.0_a29-1-7-g1c1b9d1

Tue Jun 5 16:16:14 UTC 2012

The following commit has been merged in the debian-next branch:
commit 1c1b9d15d16b9adfe8fe8fb6f45f8544e3ede376
Author: Daniel Baumann <daniel at debian.org>
Date:   Tue Jun 5 18:16:05 2012 +0200

    Updating read-only handling to new parameter handling.

diff --git a/scripts/boot.sh b/scripts/boot.sh
index 2fe563e..d2a5c62 100755
--- a/scripts/boot.sh
+++ b/scripts/boot.sh
@@ -446,9 +446,7 @@ mountroot ()
 
 	Arguments
 
-	# make sure all harddisk devices are read-only
-	# this is important for forensic investigations
-	case "${READ_ONLY}" in
+	case "${LIVE_READ_ONLY}" in
 		true)
 			Read_only
 			;;
diff --git a/scripts/boot/arguments.sh b/scripts/boot/arguments.sh
index d352c6d..08fb051 100755
--- a/scripts/boot/arguments.sh
+++ b/scripts/boot/arguments.sh
@@ -7,16 +7,17 @@ Arguments ()
 	for ARGUMENT in $(cat /proc/cmdline)
 	do
 		case "${ARGUMENT}" in
+			live-boot.read-only|read-only)
+				LIVE_READ_ONLY="true"
+				export LIVE_READ_ONLY
+				;;
+
 			live-boot.verify-checksums|verify-checksums)
 				LIVE_VERIFY_CHECKSUMS="true"
 				export LIVE_VERIFY_CHECKSUMS
 				;;
 
 			# parameters below need review
-			read-only)
-				READ_ONLY="true"
-				;;
-
 			skipconfig)
 				NOFASTBOOT="true"
 				NOFSTAB="true"
diff --git a/scripts/boot/read-only.sh b/scripts/boot/read-only.sh
index c8990df..48aa06c 100755
--- a/scripts/boot/read-only.sh
+++ b/scripts/boot/read-only.sh
@@ -4,14 +4,30 @@
 
 Read_only ()
 {
-	# Marking the usual block devices for harddisks read-only
-	for _DEVICE in /dev/sd* /dev/vd*
+	# Marking some block devices as read-only to ensure that nothing
+	# gets written as linux still writes to 'only' read-only mounted filesystems.
+	_DEVICES="/dev/sd* /dev/vd*"
+
+	for _DEVICE in ${_DEVICES}
 	do
-		if [ -b "${_DEVICE}" ]
+		if [ ! -b "${_DEVICE}" ]
 		then
-			printf "Setting device %-9s to read-only mode:" ${_DEVICE} > /dev/console
-
-			blockdev --setro ${_DEVICE} && printf " done [ execute \"blockdev --setrw %-9s\" to unlock]\n" ${_DEVICE} > /dev/console || printf "failed\n" > /dev/console
+			continue
 		fi
+
+		echo -n "Setting ${_DEVICE} read-only..." > /dev/console
+
+		blockdev --setro ${_DEVICE}
+		_RETURN="${?}"
+
+		case "${_RETURN}" in
+			0)
+				echo " done, use 'blockdev --setrw ${_DEVICE}' to set read-write." > /dev/console
+				;;
+
+			*)
+				echo " failed." > /dev/console
+				;;
+		esac
 	done
 }

-- 
live-boot

