2007-09-23 08:04:46 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
2010-09-02 11:12:37 +00:00
|
|
|
## live-build(7) - System Build Scripts
|
2011-01-11 12:56:42 -01:00
|
|
|
## Copyright (C) 2006-2011 Daniel Baumann <daniel@debian.org>
|
2010-09-02 11:12:37 +00:00
|
|
|
##
|
|
|
|
## live-build comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
|
|
|
|
## This is free software, and you are welcome to redistribute it
|
|
|
|
## under certain conditions; see COPYING for details.
|
|
|
|
|
2007-09-23 08:04:46 +00:00
|
|
|
|
|
|
|
set -e
|
|
|
|
|
2007-09-23 08:05:11 +00:00
|
|
|
# Including common functions
|
2010-09-07 13:11:20 +00:00
|
|
|
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:05:11 +00:00
|
|
|
# Setting static variables
|
2009-01-15 01:37:42 -01:00
|
|
|
DESCRIPTION="$(Echo 'encrypts rootfs')"
|
2007-09-23 08:04:48 +00:00
|
|
|
HELP=""
|
|
|
|
USAGE="${PROGRAM} [--force]"
|
|
|
|
|
|
|
|
Arguments "${@}"
|
|
|
|
|
2007-09-23 08:04:46 +00:00
|
|
|
# Reading configuration files
|
2008-10-28 14:26:17 -01:00
|
|
|
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
|
2007-09-23 08:04:46 +00:00
|
|
|
Set_defaults
|
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
if [ "${LB_BINARY_IMAGES}" = "virtual-hdd" ]
|
2009-02-25 07:51:28 -01:00
|
|
|
then
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
case "${LB_ENCRYPTION}" in
|
2008-03-23 03:21:47 -01:00
|
|
|
aes128|aes192|aes256)
|
|
|
|
;;
|
2009-12-13 19:17:45 -01:00
|
|
|
""|false)
|
2008-03-23 03:21:47 -01:00
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
*)
|
2010-09-07 13:11:20 +00:00
|
|
|
Echo_error "Encryption type %s not supported." "${LB_ENCRYPTION}"
|
2008-03-23 03:21:47 -01:00
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
case "${LB_CHROOT_FILESYSTEM}" in
|
2008-03-23 03:21:47 -01:00
|
|
|
ext2|squashfs)
|
|
|
|
;;
|
|
|
|
|
|
|
|
*)
|
2010-09-07 13:11:20 +00:00
|
|
|
Echo_error "Encryption not yet supported on %s filesystems." "${LB_CHROOT_FILESYSTEM}"
|
2008-03-23 03:21:47 -01:00
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:05:11 +00:00
|
|
|
Echo_message "Begin encrypting root filesystem image..."
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
# Requiring stage file
|
2008-10-14 19:32:50 +00:00
|
|
|
Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:50 +00:00
|
|
|
# Checking stage file
|
|
|
|
Check_stagefile .stage/binary_encryption
|
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
# Checking lock file
|
|
|
|
Check_lockfile .lock
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
# Creating lock file
|
|
|
|
Create_lockfile .lock
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
case "${LB_INITRAMFS}" in
|
2007-09-23 08:04:52 +00:00
|
|
|
casper)
|
|
|
|
INITFS="casper"
|
|
|
|
;;
|
|
|
|
|
2010-09-04 10:52:01 +00:00
|
|
|
live-initramfs|live-boot)
|
2007-09-23 08:04:52 +00:00
|
|
|
INITFS="live"
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2007-09-23 08:04:51 +00:00
|
|
|
# Checking depends
|
|
|
|
Check_package chroot/usr/bin/aespipe aespipe
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2007-09-23 08:05:15 +00:00
|
|
|
# Restoring cache
|
|
|
|
Restore_cache cache/packages_binary
|
|
|
|
|
2007-09-23 08:04:51 +00:00
|
|
|
# Installing depends
|
|
|
|
Install_package
|
2007-09-23 08:04:49 +00:00
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LB_CHROOT_FILESYSTEM}" "${LB_ENCRYPTION}"
|
2007-09-23 08:04:49 +00:00
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
if [ "${LB_BUILD_WITH_CHROOT}" = "true" ]
|
2008-03-23 03:20:31 -01:00
|
|
|
then
|
|
|
|
# Moving image
|
2010-09-07 13:11:20 +00:00
|
|
|
mv binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM} chroot
|
2008-03-23 03:20:31 -01:00
|
|
|
fi
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
while true
|
|
|
|
do
|
2008-03-23 03:20:31 -01:00
|
|
|
echo
|
2009-01-15 01:01:40 -01:00
|
|
|
echo " **************************************"
|
2008-08-14 19:48:51 +00:00
|
|
|
Echo " ** Configuring encrypted filesystem **"
|
2009-01-15 01:01:40 -01:00
|
|
|
echo " **************************************"
|
2008-08-14 19:48:51 +00:00
|
|
|
Echo " (Passwords must be at least 20 characters long)"
|
2008-03-23 03:20:31 -01:00
|
|
|
echo
|
|
|
|
|
2010-09-07 13:11:20 +00:00
|
|
|
case "${LB_BUILD_WITH_CHROOT}" in
|
2009-12-13 19:17:45 -01:00
|
|
|
true)
|
2010-09-07 13:11:20 +00:00
|
|
|
if Chroot chroot aespipe -e ${LB_ENCRYPTION} -T \
|
|
|
|
< chroot/filesystem.${LB_CHROOT_FILESYSTEM} \
|
|
|
|
> chroot/filesystem.${LB_CHROOT_FILESYSTEM}.tmp
|
2008-03-23 03:20:31 -01:00
|
|
|
then
|
2010-09-07 13:11:20 +00:00
|
|
|
mv chroot/filesystem.${LB_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM}
|
2008-03-23 03:20:31 -01:00
|
|
|
break
|
|
|
|
fi
|
|
|
|
;;
|
2009-12-13 19:17:45 -01:00
|
|
|
false)
|
2010-09-07 13:11:20 +00:00
|
|
|
if aespipe -e ${LB_ENCRYPTION} -T \
|
|
|
|
< binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM} \
|
|
|
|
> binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM}.tmp
|
2008-03-23 03:20:31 -01:00
|
|
|
then
|
2010-09-07 13:11:20 +00:00
|
|
|
mv binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM}
|
2008-03-23 03:20:31 -01:00
|
|
|
break
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
esac
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2008-03-23 03:20:31 -01:00
|
|
|
printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
|
2007-09-23 08:04:48 +00:00
|
|
|
read ANSWER
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2008-03-23 03:20:31 -01:00
|
|
|
if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
|
2007-09-23 08:04:48 +00:00
|
|
|
then
|
|
|
|
unset ANSWER
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
2008-03-23 03:20:31 -01:00
|
|
|
|
|
|
|
# Cleanup temporary filesystems
|
2010-09-07 13:11:20 +00:00
|
|
|
rm -f chroot/filesystem.${LB_CHROOT_FILESYSTEM}
|
|
|
|
rm -f chroot/filesystem.${LB_CHROOT_FILESYSTEM}.tmp
|
|
|
|
rm -f binary/${INITFS}/filesystem.${LB_CHROOT_FILESYSTEM}.tmp
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2007-09-23 08:05:15 +00:00
|
|
|
# Saving cache
|
|
|
|
Save_cache cache/packages_binary
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:51 +00:00
|
|
|
# Removing depends
|
|
|
|
Remove_package
|
2007-09-23 08:04:49 +00:00
|
|
|
|
|
|
|
# Creating stage file
|
|
|
|
Create_stagefile .stage/binary_encryption
|