From a018d40fc7fefd26a5214cf5b6faac4c7011132c Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Thu, 9 Jul 2020 10:23:29 +0200
Subject: [PATCH] checktrust: Let getty display a warning if trust is lost

Create a service "checktrust" which is run before getty is started. If
this service detects that the system has lost trust, a warning message
is dropped into /node/issue.d/notrust.issue.

Create a symlink for agetty in /etc/issue.d to the (only possibly
existing) file in the /node path. agetty shows this message before
the login prompt.

checktrust-for-getty: Use checktrust command
---
 checktrust/getty-checktrust         | 14 ++++++++++++++
 checktrust/getty-checktrust.service | 11 +++++++++++
 install.sh                          |  4 ++++
 3 files changed, 29 insertions(+)
 create mode 100755 checktrust/getty-checktrust
 create mode 100644 checktrust/getty-checktrust.service

diff --git a/checktrust/getty-checktrust b/checktrust/getty-checktrust
new file mode 100755
index 0000000..5e7dfc4
--- /dev/null
+++ b/checktrust/getty-checktrust
@@ -0,0 +1,14 @@
+#! /usr/bin/bash
+
+if [ "$(/usr/sbin/checktrust)" = "not trusted" ]; then
+    mkdir -p /node/issue.d
+    cat > /node/issue.d/notrust.issue <<EOF
+** WARNING: Loss of trust detected **
+** Looks like your machine lost the trust of our network. Maybe it was offline for too long. **
+** You won't be able to log in. **
+** Please contact IT Helpdesk: <helpdesk@molgen.mpg.de>, phone: -1708 **
+
+EOF
+else
+    rm -f /node/issue.d/notrust.issue
+fi
diff --git a/checktrust/getty-checktrust.service b/checktrust/getty-checktrust.service
new file mode 100644
index 0000000..2d301e3
--- /dev/null
+++ b/checktrust/getty-checktrust.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Check Mariux64 trust for getty
+Before=getty@.service
+
+[Install]
+WantedBy=getty@.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/getty-checktrust
+RemainAfterExit=yes
diff --git a/install.sh b/install.sh
index 11475d2..44c8e89 100755
--- a/install.sh
+++ b/install.sh
@@ -171,4 +171,8 @@ mkdir -p "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d"
 install_data checktrust/lightdm-use-wrapper.conf          "$DESTDIR$sysconfdir/xdg/lightdm/lightdm.conf.d/50-use-wrapper.conf"
 install_exec checktrust/lightdm-greeter-wrapper           "$DESTDIR$usr_exec_prefix/libexec/lightdm-greeter-wrapper"
 install_exec checktrust/lightdm-show-trust-warning        "$DESTDIR$usr_exec_prefix/libexec/lightdm-show-trust-warning"
+mkdir -p "$DESTDIR$sysconfdir/issue.d/"
+install_symlink /node/issue.d/notrust.issue               "$DESTDIR$sysconfdir/issue.d/notrust.issue"
+install_data checktrust/getty-checktrust.service          "$DESTDIR$systemdunitdir/getty-checktrust.service"
+install_exec checktrust/getty-checktrust                  "$DESTDIR$usr_exec_prefix/libexec/getty-checktrust"
 exit