emerg-shutdown: Add shutdown timeout for preventing stuck shutdowns, briefly document feature set and usage

2025-11-26 00:18:24 -05:00 · 2025-07-29 21:16:51 -05:00 · 2025-07-29 21:16:51 -05:00 · 1a60da71ed
commit 1a60da71ed
parent e42078e90d
8 changed files with 257 additions and 26 deletions
--- a/usr/libexec/security-misc/emerg-shutdown
+++ b/usr/libexec/security-misc/emerg-shutdown
@ -39,9 +39,10 @@ if [ ! -f '/run/emerg-shutdown' ]; then
      printf "%s\n" 'Could not compile force-shutdown executable!'
      exit 1;
    }
-
 fi

+systemd-notify --ready
+
 ## memlockd daemonizes itself, so no need to background it.
 memlockd -c /usr/share/security-misc/security-misc-memlockd.cfg || true

--- a/usr/libexec/security-misc/ensure-shutdown
+++ b/usr/libexec/security-misc/ensure-shutdown
@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
+# See the file COPYING for copying conditions.
+
+set -o errexit
+set -o nounset
+set -o errtrace
+set -o pipefail
+
+source /usr/libexec/helper-scripts/strings.bsh
+
+## Make sure globs sort in a predictable, reproducible fashion
+export LC_ALL=C
+
+## Read emergency shutdown key configuration
+for config_file in /etc/security-misc/emerg-shutdown/*.conf; do
+  source "${config_file}"
+done
+if [ -z "${ENSURE_SHUTDOWN_TIMEOUT}" ] \
+  || ! is_whole_number "${ENSURE_SHUTDOWN_TIMEOUT}"; then
+  ENSURE_SHUTDOWN_TIMEOUT=30;
+fi
+
+/run/emerg-shutdown --monitor-fifo "--timeout=${ENSURE_SHUTDOWN_TIMEOUT}" &
+sleep 1
+disown
+exit 0