live-build/helpers/lh_binary_encryption

142 lines
3.2 KiB
Plaintext
Raw Normal View History

2007-09-23 08:04:46 +00:00
#!/bin/sh
# lh_binary_encryption(1) - encrypts rootfs
# Copyright (C) 2006-2009 Daniel Baumann <daniel@debian.org>
2007-09-23 08:04:48 +00:00
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
# This is free software, and you are welcome to redistribute it
# under certain conditions; see COPYING for details.
2007-09-23 08:04:46 +00:00
set -e
2007-09-23 08:05:11 +00:00
# Including common functions
. "${LH_BASE:-/usr/share/live-helper}"/functions.sh
2007-09-23 08:04:46 +00:00
2007-09-23 08:05:11 +00:00
# Setting static variables
DESCRIPTION="$(Echo 'encrypts rootfs')"
2007-09-23 08:04:48 +00:00
HELP=""
USAGE="${PROGRAM} [--force]"
Arguments "${@}"
2007-09-23 08:04:46 +00:00
# Reading configuration files
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
2007-09-23 08:04:46 +00:00
Set_defaults
case "${LH_ENCRYPTION}" in
aes128|aes192|aes256)
;;
""|disabled)
exit 0
;;
*)
Echo_error "Encryption type %s not supported." "${LH_ENCRYPTION}"
exit 1
;;
esac
case "${LH_CHROOT_FILESYSTEM}" in
ext2|squashfs)
;;
*)
Echo_error "Encryption not yet supported on %s filesystems." "${LH_CHROOT_FILESYSTEM}"
exit 1
;;
esac
2007-09-23 08:04:46 +00:00
2007-09-23 08:05:11 +00:00
Echo_message "Begin encrypting root filesystem image..."
2007-09-23 08:04:46 +00:00
2007-09-23 08:04:49 +00:00
# Requiring stage file
Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs
2007-09-23 08:04:46 +00:00
2007-09-23 08:04:50 +00:00
# Checking stage file
Check_stagefile .stage/binary_encryption
2007-09-23 08:04:49 +00:00
# Checking lock file
Check_lockfile .lock
2007-09-23 08:04:46 +00:00
2007-09-23 08:04:49 +00:00
# Creating lock file
Create_lockfile .lock
2007-09-23 08:04:46 +00:00
2007-09-23 08:04:52 +00:00
case "${LH_INITRAMFS}" in
casper)
INITFS="casper"
;;
live-initramfs)
INITFS="live"
;;
esac
2007-09-23 08:04:51 +00:00
# Checking depends
Check_package chroot/usr/bin/aespipe aespipe
2007-09-23 08:04:48 +00:00
2007-09-23 08:05:15 +00:00
# Restoring cache
Restore_cache cache/packages_binary
2007-09-23 08:04:51 +00:00
# Installing depends
Install_package
2007-09-23 08:04:49 +00:00
Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LH_CHROOT_FILESYSTEM}" "${LH_ENCRYPTION}"
2007-09-23 08:04:49 +00:00
if [ "${LH_CHROOT_BUILD}" = "enabled" ]
then
# Moving image
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
fi
2007-09-23 08:04:46 +00:00
2007-09-23 08:04:48 +00:00
while true
do
echo
echo " **************************************"
Echo " ** Configuring encrypted filesystem **"
echo " **************************************"
Echo " (Passwords must be at least 20 characters long)"
echo
case "${LH_CHROOT_BUILD}" in
enabled)
if Chroot chroot aespipe -e ${LH_ENCRYPTION} -T \
< chroot/filesystem.${LH_CHROOT_FILESYSTEM} \
> chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
then
mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
break
fi
;;
disabled)
if aespipe -e ${LH_ENCRYPTION} -T \
< binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \
> binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
then
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
break
fi
;;
esac
2007-09-23 08:04:48 +00:00
printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
2007-09-23 08:04:48 +00:00
read ANSWER
2007-09-23 08:04:46 +00:00
if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
2007-09-23 08:04:48 +00:00
then
unset ANSWER
break
fi
done
# Cleanup temporary filesystems
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
2007-09-23 08:04:48 +00:00
2007-09-23 08:05:15 +00:00
# Saving cache
Save_cache cache/packages_binary
2007-09-23 08:04:46 +00:00
2007-09-23 08:04:51 +00:00
# Removing depends
Remove_package
2007-09-23 08:04:49 +00:00
# Creating stage file
Create_stagefile .stage/binary_encryption