forked from illiliti/tinyramfs
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
465b1fc
commit 7328361
Showing
9 changed files
with
339 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# vim: set ft=sh: | ||
# shellcheck shell=sh | ||
# | ||
# https://shellcheck.net/wiki/SC2154 | ||
# shellcheck disable=2154 | ||
|
||
[ "$luks_key" ] && { | ||
copy_file "${luks_key#*=}" /root/luks_key 0400 | ||
|
||
sed "s|${luks_key#*=}|/root/luks_key|" \ | ||
"${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_" | ||
|
||
mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config" | ||
} | ||
|
||
[ "$luks_header" ] && { | ||
copy_file "${luks_header#*=}" /root/luks_header 0400 | ||
|
||
sed "s|${luks_header#*=}|/root/luks_header|" \ | ||
"${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_" | ||
|
||
mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config" | ||
} | ||
|
||
for _mod in \ | ||
aes ecb xts lrw wp512 sha256 \ | ||
sha512 twofish serpent dm-crypt | ||
do | ||
copy_kmod "$_mod" | ||
done | ||
|
||
copy_exec cryptsetup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# vim: set ft=sh: | ||
# shellcheck shell=sh | ||
# | ||
# https://shellcheck.net/wiki/SC2154 | ||
# shellcheck disable=2154 | ||
|
||
# https://shellcheck.net/wiki/SC2034 | ||
# shellcheck disable=2034 | ||
DM_DISABLE_UDEV=1 | ||
|
||
mkdir -p /run/cryptsetup | ||
|
||
if [ -z "$luks_root" ]; then | ||
luks_root=$root | ||
fi | ||
|
||
luks_discard=${luks_discard:+--allow-discards} | ||
luks_header=${luks_header:+--header="$luks_header"} | ||
luks_key=${luks_key:+--key-file="$luks_key"} | ||
luks_name="${luks_name:-crypt-${device##*/}}" | ||
|
||
resolve_device "$luks_root" | ||
|
||
if [ -n "$luks_key" ] && [ ! -f "$luks_key" ]; then | ||
print_warn "Keyfile could not be opened. Reverting to passphrase." | ||
unset luks_key | ||
fi | ||
|
||
if [ -b "/dev/mapper/${luks_name}" ]; then | ||
print_warn "Device ${luks_name} already exists, not doing any crypt setup." | ||
else | ||
if cryptsetup isLuks "${device}" >/dev/null 2>&1; then | ||
luks_succeeded=0 | ||
|
||
# If keyfile exists, try to use that first | ||
if [ -n "$luks_key" ]; then | ||
if eval cryptsetup open ${luks_discard} ${luks_header} ${luks_key} -- "$device" "$luks_name"; then | ||
luks_succeeded=1 | ||
else | ||
print_warn "Invalid keyfile. Reverting to passphrase." | ||
fi | ||
fi | ||
|
||
# Ask for a passphrase | ||
if [ "$luks_succeeded" -ne "1" ]; then | ||
if [ -f "/usr/sbin/plymouthd" ] && \ | ||
[ -f /usr/bin/plymouth ] && \ | ||
[ -z "$plymouth_nosplash" ] && \ | ||
plymouth --ping 2>/dev/null; then | ||
plymouth ask-for-password \ | ||
--prompt="A password is required to access the ${luks_name} volume" \ | ||
--command="cryptsetup open --key-file=- ${luks_discard} ${luks_header} -- \"$device\" \"$luks_name\"" | ||
else | ||
echo "" | ||
echo "A password is required to access the ${luks_name} volume:" | ||
|
||
#loop until we get a real password | ||
while ! eval cryptsetup open ${luks_discard} ${luks_header} -- "$device" "$luks_name"; do | ||
sleep 2; | ||
done | ||
fi | ||
fi | ||
|
||
unset luks_succeeded | ||
|
||
if [ -e "/dev/mapper/${luks_name}" ]; then | ||
if [ "$luks_root" = "$root" ]; then | ||
root="/dev/mapper/${luks_name}" | ||
fi | ||
else | ||
panic "Password succeeded, but ${luks_name} creation failed, aborting..." | ||
fi | ||
|
||
else | ||
panic "Failed to open encryption mapping: The device ${device} is not a LUKS volume." | ||
fi | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,7 @@ | |
.SUFFIXES: | ||
.SUFFIXES: .test | ||
|
||
all: bare | ||
all: bare luks | ||
|
||
.test: | ||
./$< > $@.out 2>&1 | ||
|
Oops, something went wrong.