Support read-only operation on hard disk devices (forensic)
authorMichael Prokop <mika@grml.org>
Fri, 20 Feb 2009 16:31:36 +0000 (17:31 +0100)
committerMichael Prokop <mika@grml.org>
Sun, 22 Feb 2009 17:35:11 +0000 (18:35 +0100)
debian/changelog
debian/patches/00list
debian/patches/08_readonly_devices.dpatch [new file with mode: 0755]

index 386a55a..7105914 100644 (file)
@@ -1,8 +1,9 @@
 live-initramfs (1.156.1-1grml.01) unstable; urgency=low
 
   * Disable 04_fix_no_medium_found_error.dpatch (fixed upstream).
+  * New patch 08_readonly_devices.dpatch to support read-only operation
+    on hard disk devices when using bootoption 'forensic'.
   * Sync with Debian 1.156.1-1 (mentioning just the relevant changes):
-    [ Daniel Baumann ]
     * Adding note about URL limitations in live-initramfs manpage when
       using fetch parameter.
     * Replacing casper with live in live-new-uuid.
@@ -21,7 +22,7 @@ live-initramfs (1.156.1-1grml.01) unstable; urgency=low
     * Merging casper 1.156.
     * Updating parameters.txt.
 
- -- Michael Prokop <mika@grml.org>  Fri, 20 Feb 2009 17:13:56 +0100
+ -- Michael Prokop <mika@grml.org>  Fri, 20 Feb 2009 17:29:53 +0100
 
 live-initramfs (1.154.4-1grml.02) unstable; urgency=low
 
index 83f28be..551f94e 100644 (file)
@@ -4,3 +4,4 @@
 05_boot_failure_message_grml.dpatch
 06_support_fromiso_isofrom.dpatch
 07_support_findiso.dpatch
+08_readonly_devices.dpatch
diff --git a/debian/patches/08_readonly_devices.dpatch b/debian/patches/08_readonly_devices.dpatch
new file mode 100755 (executable)
index 0000000..01c7d97
--- /dev/null
@@ -0,0 +1,71 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 08_readonly_devices.dpatch by  <mika@grml.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: set all harddisk devices to read-only mode for forensics investigations
+
+@DPATCH@
+diff -urNad live-initramfs-grml~/debian/rules live-initramfs-grml/debian/rules
+--- live-initramfs-grml~/debian/rules  2009-02-22 15:43:59.000000000 +0100
++++ live-initramfs-grml/debian/rules   2009-02-22 18:32:20.021999087 +0100
+@@ -59,6 +59,8 @@
+       install -m 755 grml/23networking \
+         ./debian/live-initramfs/usr/share/initramfs-tools/scripts/live-bottom/23networking
++      chmod 755 ./debian/live-initramfs/usr/share/initramfs-tools/scripts/live-premount/readonly
++
+       # Removing double files
+       rm -f debian/live-initramfs/usr/share/doc/live-initramfs/COPYING
+       rm -f debian/live-initramfs/usr/share/doc/live-initramfs/ChangeLog
+diff -urNad live-initramfs-grml~/hooks/live live-initramfs-grml/hooks/live
+--- live-initramfs-grml~/hooks/live    2009-02-22 18:32:19.815331281 +0100
++++ live-initramfs-grml/hooks/live     2009-02-22 18:32:20.021999087 +0100
+@@ -163,6 +163,12 @@
+       copy_exec /usr/bin/wget /bin
+ fi
++# Program: blockdev
++if [ -x /sbin/blockdev ]
++then
++      copy_exec /sbin/blockdev /sbin
++fi
++
+ # FUSE kernel module
+ manual_add_modules fuse
+diff -urNad live-initramfs-grml~/scripts/live-premount/readonly live-initramfs-grml/scripts/live-premount/readonly
+--- live-initramfs-grml~/scripts/live-premount/readonly        1970-01-01 01:00:00.000000000 +0100
++++ live-initramfs-grml/scripts/live-premount/readonly 2009-02-22 18:34:53.115350292 +0100
+@@ -0,0 +1,32 @@
++#!/bin/sh
++
++#set -e
++
++# initramfs-tools header
++
++PREREQ="udev"
++
++prereqs()
++{
++      echo "${PREREQ}"
++}
++
++case "${1}" in
++      prereqs)
++              prereqs
++              exit 0
++              ;;
++esac
++
++# live-initramfs script
++
++# make sure all harddisk devices are read-only
++# this is important for forensic investigations
++if grep -qe forensic -qe readonly /proc/cmdline ; then
++   for device in /dev/hd* /dev/sd* ; do
++      if [ -b "$device" ] ; then
++       /usr/bin/printf " * Setting device %-9s to read-only mode: " $device >/dev/console
++         blockdev --setro $device && printf "done [ execute \"blockdev --setrw %-9s\" to unlock]\n" $device >/dev/console || printf "failed\n" >/dev/console
++       fi
++   done
++fi