#!/usr/bin/false # This script is for SOURCING ONLY # Error codes export RELIANT_OK=0 export RELIANT_FAIL=1 export RELIANT_SECURITY_FAIL=2 export RELIANT_BUG=3 # Boolean values export RELIANT_TRUE=1 export RELIANT_FALSE=0 # Prints $1 to stderr reliant_warn() { echo "[WARN]: $*" 1>&2 } reliant_error() { echo "[ERROR]: $*" 1>&2 } # Converts the error code in $1 to a string reliant_err2str() { case "$1" in 0) echo "OK" ;; 1) echo "FAIL" ;; 2) echo "SECURITY FAIL" ;; 3) echo "BUG" ;; *) echo "UNKNOWN" ;; esac } # Performs the emergency shutdown operation reliant_emergency_shutdown() { echo 3 > /proc/sys/vm/drop_caches 2>/dev/null || true dmesg -C || true systemctl poweroff || true sudo poweroff || true poweroff } # Fails with a message from $1 and prints the help string if available reliant_fail() { reliant_error "$*" # Check if help information has been defined by the main script if [ "$(type reliant_print_help | head -1)" = "reliant_print_help is a function" ]; then echo reliant_print_help else echo echo "Help is not available." fi exit 1 } # Reads the configuration file from the path supplied in $1 reliant_read_config() { # Get the filename if [ "$#" -ne 1 ]; then reliant_error "reliant_read_config: invalid number of arguments, expected 1, got $#" return 1 fi # Ensure it exists if [ -z "$1" ] || [ ! -f "$1" ]; then reliant_error "reliant_read_config: configuration file $1 does not exist" return 1 fi # Default values RELIANT_SKIP_CHECKSUM="" RELIANT_SPARSE_SAMPLES=512 RELIANT_RW_DOMAINS="sys-net sys-whonix" RELIANT_PARANOID_="false" # Attempt to read it RELIANT_CONFIG_FILE="$1" while IFS="=" read -r key value; do case "$key" in "RELIANT_SECURE_DEVICE") RELIANT_SECURE_DEVICE="$value" ;; "RELIANT_SKIP_CHECKSUM") RELIANT_SKIP_CHECKSUM="$value" ;; "RELIANT_SPARSE_SAMPLES") RELIANT_SPARSE_SAMPLES="$value" ;; "RELIANT_RW_DOMAINS") RELIANT_RW_DOMAINS="$value" ;; "RELIANT_PARANOID") RELIANT_PARANOID_="$value" ;; *) reliant_error "reliant_read_config: invalid key in config: $key"; return 1 ;; esac done < "$RELIANT_CONFIG_FILE" # Ensure the required values have been assigned if [ -z "$RELIANT_SECURE_DEVICE" ]; then reliant_error "reliant_read_config: RELIANT_SECURE_DEVICE not present in config" return 1 fi # Perform some validation if [ ! -b "$RELIANT_SECURE_DEVICE" ]; then reliant_error "reliant_read_config: $RELIANT_SECURE_DEVICE does not exist or is not a block device" return 1 fi IFS=' ' for device in $RELIANT_SKIP_CHECKSUM; do if [ ! -b "$device" ]; then reliant_error "reliant_read_config: $device does not exist or is not a block device" return 1 fi done # RELIANT_PARANOID must be a boolean type case "$RELIANT_PARANOID_" in "true") RELIANT_PARANOID=$RELIANT_TRUE ;; "false") RELIANT_PARANOID=$RELIANT_FALSE ;; *) reliant_error "reliant_read_config: invalid value for RELIANT_PARANOID: $RELIANT_PARANOID, expected true or false"; return 1 ;; esac # RELIANT_SPARSE_SAMPLES must be an integer if ! [ "$RELIANT_SPARSE_SAMPLES" -eq "$RELIANT_SPARSE_SAMPLES" ] 2>/dev/null; then reliant_error "reliant_read_config: invalid value for RELIANT_SPARSE_SAMPLES: $RELIANT_SPARSE_SAMPLES, expected an integer" return 1 fi # Export the configuration export RELIANT_SPARSE_SAMPLES="$RELIANT_SPARSE_SAMPLES" export RELIANT_SECURE_DEVICE="$RELIANT_SECURE_DEVICE" export RELIANT_SKIP_CHECKSUM="$RELIANT_SKIP_CHECKSUM" export RELIANT_RW_DOMAINS="$RELIANT_RW_DOMAINS" export RELIANT_PARANOID="$RELIANT_PARANOID" # Done return 0 } # We assume that when sourcing this file, the origin script is likely # going to need the global configuration, so import it immediately reliant_read_config /etc/reliant.conf