1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
diff '--color=auto' --unified --recursive --text --color opt.old/google/endpoint-verification/bin/device_state.sh opt.new/google/endpoint-verification/bin/device_state.sh
--- opt/google/endpoint-verification/bin/device_state.sh 2000-01-01 00:00:00.000000000 +0100
+++ opt/google/endpoint-verification/bin/device_state.sh 2022-10-28 14:48:07.830135262 +0200
@@ -6,15 +6,12 @@
CAT=/bin/cat
CUT=/usr/bin/cut
DCONF=/usr/bin/dconf
-ECHO=/bin/echo
GREP=/bin/grep
GSETTINGS=/usr/bin/gsettings
LSBLK=/bin/lsblk
-MOUNTPOINT=/bin/mountpoint
PRINTF=/usr/bin/printf
-STAT=/usr/bin/stat
+REV=/usr/bin/rev
TR=/usr/bin/tr
-UDEVADM=/bin/udevadm
INSTALL_PREFIX=/opt/google/endpoint-verification
GENERATED_ATTRS_FILE="$INSTALL_PREFIX/var/lib/device_attrs"
@@ -32,40 +29,26 @@
fi
}
-get_disk_encrypted() {
- # Major number of the root device in hexadecimal
- ROOT_MAJ_HEX=$("$STAT" / --format="%D" | "$AWK" '{print substr($1, 1, length($1)-2)}')
- # Major number of the root device
- ROOT_MAJ=$("$PRINTF" "%d" 0x"$ROOT_MAJ_HEX")
- if [ "$ROOT_MAJ" = "" ]; then
- # Root device taken from boot command line (/proc/cmdline)
- # Ubuntu: BOOT_IMAGE=/vmlinuz-5.0.0-31-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash
- # Ubuntu: BOOT_IMAGE=/vmlinuz-5.0.0-31-generic root=UUID=2d1f8b16-ea0f-11e9-81b4-2a2ae2dbcce4 ro quiet splash
- # Random: console=ttyO0,115200n8 noinitrd mem=256M root=/dev/mmcblk0p2 rw rootfstype=ext4 rootwait=1 ip=none
- ROOT_DEV=$("$AWK" -v RS=" " '/^root=/ { print substr($0,6) }' /proc/cmdline)
- # udevadmin requires /dev/ file, but cmdline might refer to something else
- # or the line itself might have unexpected format.
- case "$ROOT_DEV" in
- /dev/*) ;;
- *) ROOT_DEV=$("$AWK" '$2 == "/" { print $1 }' /proc/mounts) ;;
- esac
- ROOT_MAJ=$("$UDEVADM" info --query=property "$ROOT_DEV" | "$GREP" MAJOR= | "$CUT" -f2 -d=)
- fi
-
- # Bail out if not a number
- case "$ROOT_MAJ" in
- ''|*[!0-9]*)
+get_disk_encrypted() {
+ PART_NAME=$("$CAT" /proc/self/mountstats | "$GREP" -i 'mounted on / with' | "$AWK" ' { print $2 }' | "$REV" | "$CUT" -f1 -d/ | "$REV")
+ PART_TYPE=($("$LSBLK" -o NAME,TYPE | "$GREP" -B 20 -i "$PART_NAME*" | "$REV" | "$CUT" -f1 -d ' ' | "$REV"))
+ length=$(( ${#PART_TYPE[@]} - 1 ))
+ for((i=length; i>=0; i--)); do
+ if [[ ${PART_TYPE[i]} != 'lvm' ]]; then
+ PART_TYPE=${PART_TYPE[i]}
+ break
+ fi
+ done
+ case "$PART_TYPE" in
+ '')
DISK_ENCRYPTED=UNKNOWN
- return
;;
- esac
-
- # Parent of the root device shares the same major number and minor is zero.
- ROOT_PARENT_DEV_TYPE=$("$LSBLK" -ln -o MAJ:MIN,TYPE | "$AWK" '$1 == "'"$ROOT_MAJ":0'" { print $2 }')
- case "$ROOT_PARENT_DEV_TYPE" in
- '') DISK_ENCRYPTED=UNKNOWN ;;
- 'crypt') DISK_ENCRYPTED=ENABLED ;;
- *) DISK_ENCRYPTED=DISABLED ;;
+ 'crypt')
+ DISK_ENCRYPTED=ENABLED
+ ;;
+ *)
+ DISK_ENCRYPTED=DISABLED
+ ;;
esac
}
@@ -77,7 +60,11 @@
*ubuntu*|*debian*)
OS_VERSION=$("$GREP" -i '^VERSION_ID=' "$OS_INFO_FILE" | "$AWK" -F= '{ print $2 }' | "$TR" -d '"')
;;
+ *arch*)
+ OS_VERSION="rolling"
+ ;;
*)
+ OS_VERSION=""
;;
esac
else
@@ -118,7 +105,7 @@
}
get_hostname() {
- HOSTNAME="$(/bin/hostname)"
+ HOSTNAME="$(hostname)"
}
get_model() {
|