From 5d6acf56af17449a32a17194059d0ad437c5f988 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel@debian.org>
Date: Tue, 5 Jun 2012 15:59:20 +0200
Subject: [PATCH] Converting read-only initramfs-tools pre-mount script into
 regular live-boot script.

---
 initramfs-tools/scripts/live-premount/readonly | 35 --------------------------
 scripts/boot.sh                                |  8 ++++++
 scripts/boot/arguments.sh                      |  4 +++
 scripts/boot/read-only.sh                      | 17 +++++++++++++
 4 files changed, 29 insertions(+), 35 deletions(-)
 delete mode 100755 initramfs-tools/scripts/live-premount/readonly
 create mode 100755 scripts/boot/read-only.sh

diff --git a/initramfs-tools/scripts/live-premount/readonly b/initramfs-tools/scripts/live-premount/readonly
deleted file mode 100755
index 71483bd..0000000
--- a/initramfs-tools/scripts/live-premount/readonly
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-
-#set -e
-
-# initramfs-tools header
-
-PREREQ="udev"
-
-prereqs()
-{
-	echo "${PREREQ}"
-}
-
-case "${1}" in
-	prereqs)
-		prereqs
-		exit 0
-		;;
-esac
-
-# live-boot script
-
-# make sure all harddisk devices are read-only
-# this is important for forensic investigations
-if grep -qe forensic -qe readonly /proc/cmdline
-then
-	for device in /dev/hd* /dev/sd* /dev/vd*
-	do
-		if [ -b "$device" ]
-		then
-			printf " * Setting device %-9s to read-only mode: " $device >/dev/console
-			blockdev --setro $device && printf "done [ execute \"blockdev --setrw %-9s\" to unlock]\n" $device >/dev/console || printf "failed\n" >/dev/console
-		fi
-	done
-fi
diff --git a/scripts/boot.sh b/scripts/boot.sh
index 5a64d70..eeaa4dc 100755
--- a/scripts/boot.sh
+++ b/scripts/boot.sh
@@ -472,6 +472,14 @@ mountroot ()
 
 	Arguments
 
+	# make sure all harddisk devices are read-only
+	# this is important for forensic investigations
+	case "${READ_ONLY}" in
+		true)
+			Read_only
+			;;
+	esac
+
 	maybe_break live-premount
 	log_begin_msg "Running /scripts/live-premount"
 	run_scripts /scripts/live-premount
diff --git a/scripts/boot/arguments.sh b/scripts/boot/arguments.sh
index 6b4e553..c526b9a 100755
--- a/scripts/boot/arguments.sh
+++ b/scripts/boot/arguments.sh
@@ -10,6 +10,10 @@ Arguments ()
 	for ARGUMENT in $(cat /proc/cmdline)
 	do
 		case "${ARGUMENT}" in
+			read-only)
+				READ_ONLY="true"
+				;;
+
 			skipconfig)
 				NOACCESSIBILITY="Yes"
 				NOFASTBOOT="Yes"
diff --git a/scripts/boot/read-only.sh b/scripts/boot/read-only.sh
new file mode 100755
index 0000000..c8990df
--- /dev/null
+++ b/scripts/boot/read-only.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+#set -e
+
+Read_only ()
+{
+	# Marking the usual block devices for harddisks read-only
+	for _DEVICE in /dev/sd* /dev/vd*
+	do
+		if [ -b "${_DEVICE}" ]
+		then
+			printf "Setting device %-9s to read-only mode:" ${_DEVICE} > /dev/console
+
+			blockdev --setro ${_DEVICE} && printf " done [ execute \"blockdev --setrw %-9s\" to unlock]\n" ${_DEVICE} > /dev/console || printf "failed\n" > /dev/console
+		fi
+	done
+}
-- 
2.1.4