2007-09-23 08:04:46 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# lh_binary_encryption(1) - encrypts rootfs
|
2007-09-23 08:04:48 +00:00
|
|
|
# Copyright (C) 2006-2007 Daniel Baumann <daniel@debian.org>
|
|
|
|
|
#
|
|
|
|
|
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
|
|
|
|
|
# This is free software, and you are welcome to redistribute it
|
|
|
|
|
# under certain conditions; see COPYING for details.
|
2007-09-23 08:04:46 +00:00
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
2007-09-23 08:05:11 +00:00
|
|
|
# Including common functions
|
|
|
|
|
LH_BASE="${LH_BASE:-/usr/share/live-helper}"
|
|
|
|
|
|
|
|
|
|
for FUNCTION in "${LH_BASE}"/functions/*.sh
|
2007-09-23 08:04:46 +00:00
|
|
|
do
|
2007-09-23 08:05:11 +00:00
|
|
|
. "${FUNCTION}"
|
2007-09-23 08:04:46 +00:00
|
|
|
done
|
|
|
|
|
|
2007-09-23 08:05:11 +00:00
|
|
|
# Setting static variables
|
2007-09-23 08:04:48 +00:00
|
|
|
DESCRIPTION="encrypts rootfs"
|
|
|
|
|
HELP=""
|
|
|
|
|
USAGE="${PROGRAM} [--force]"
|
|
|
|
|
|
|
|
|
|
Arguments "${@}"
|
|
|
|
|
|
2007-09-23 08:04:46 +00:00
|
|
|
# Reading configuration files
|
2007-09-23 08:04:52 +00:00
|
|
|
Read_conffile config/common
|
2007-09-23 08:04:49 +00:00
|
|
|
Read_conffile config/bootstrap
|
|
|
|
|
Read_conffile config/chroot
|
2007-09-23 08:04:52 +00:00
|
|
|
Read_conffile config/binary
|
|
|
|
|
Read_conffile config/source
|
2007-09-23 08:04:46 +00:00
|
|
|
Set_defaults
|
|
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
if [ -z "${LIVE_ENCRYPTION}" ]
|
2007-09-23 08:04:48 +00:00
|
|
|
then
|
2007-09-23 08:04:49 +00:00
|
|
|
exit 0
|
|
|
|
|
fi
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:05:11 +00:00
|
|
|
Echo_message "Begin encrypting root filesystem image..."
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
# Requiring stage file
|
|
|
|
|
Require_stagefile .stage/bootstrap
|
|
|
|
|
Require_stagefile .stage/binary_rootfs
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:50 +00:00
|
|
|
# Checking stage file
|
|
|
|
|
Check_stagefile .stage/binary_encryption
|
|
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
# Checking lock file
|
|
|
|
|
Check_lockfile .lock
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
# Creating lock file
|
|
|
|
|
Create_lockfile .lock
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:52 +00:00
|
|
|
case "${LH_INITRAMFS}" in
|
|
|
|
|
casper)
|
|
|
|
|
INITFS="casper"
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
live-initramfs)
|
|
|
|
|
INITFS="live"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2007-09-23 08:05:09 +00:00
|
|
|
case "${LIVE_CHROOT_FILESYSTEM}" in
|
2007-09-23 08:04:49 +00:00
|
|
|
ext2)
|
|
|
|
|
ROOTFS="ext2"
|
|
|
|
|
;;
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
plain)
|
2007-09-23 08:04:50 +00:00
|
|
|
Echo_warning "encryption not supported on plain filesystem."
|
2007-09-23 08:04:49 +00:00
|
|
|
exit 0
|
|
|
|
|
;;
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2007-09-23 08:04:49 +00:00
|
|
|
squashfs)
|
|
|
|
|
ROOTFS="squashfs"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2007-09-23 08:04:51 +00:00
|
|
|
# Checking depends
|
|
|
|
|
Check_package chroot/usr/bin/aespipe aespipe
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2007-09-23 08:05:15 +00:00
|
|
|
# Restoring cache
|
|
|
|
|
Restore_cache cache/packages_binary
|
|
|
|
|
|
2007-09-23 08:04:51 +00:00
|
|
|
# Installing depends
|
|
|
|
|
Install_package
|
2007-09-23 08:04:49 +00:00
|
|
|
|
2007-09-23 08:05:15 +00:00
|
|
|
case "${LIVE_CHROOT_BUILD}" in
|
|
|
|
|
enabled)
|
|
|
|
|
# Moving image
|
|
|
|
|
mv binary/${INITFS}/filesystem.${LIVE_CHROOT_FILESYSTEM} chroot
|
2007-09-23 08:04:49 +00:00
|
|
|
|
2007-09-23 08:04:52 +00:00
|
|
|
echo "Encrypting binary/${INITFS}/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:05:09 +00:00
|
|
|
cat >> chroot/encrypt.sh << EOF
|
2007-09-23 08:04:48 +00:00
|
|
|
while true
|
|
|
|
|
do
|
2007-09-23 08:05:09 +00:00
|
|
|
cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS}.tmp && mv filesystem.${ROOTFS}.tmp filesystem.${ROOTFS} && break
|
2007-09-23 08:04:48 +00:00
|
|
|
|
|
|
|
|
echo -n "Something went wrong... Retry? [YES/no] "
|
|
|
|
|
|
|
|
|
|
read ANSWER
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
if [ "no" = "${ANSWER}" ]
|
|
|
|
|
then
|
|
|
|
|
unset ANSWER
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
EOF
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:05:15 +00:00
|
|
|
Chroot "sh encrypt.sh"
|
|
|
|
|
|
|
|
|
|
# Move image
|
|
|
|
|
mv chroot/filesystem.${LIVE_CHROOT_FILESYSTEM} binary/${INITFS}
|
|
|
|
|
rm -f chroot/encrypt.sh
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
disabled)
|
|
|
|
|
while true
|
|
|
|
|
do
|
|
|
|
|
cat binary/${INITFS}/filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > binary/${INITFS}/filesystem.${ROOTFS}.tmp && mv binary/${INITFS}/filesystem.${ROOTFS}.tmp binary/${INITFS}/filesystem.${ROOTFS} && break
|
|
|
|
|
|
|
|
|
|
echo -n "Something went wrong... Retry? [YES/no] "
|
|
|
|
|
|
|
|
|
|
read ANSWER
|
|
|
|
|
|
|
|
|
|
if [ "no" = "${ANSWER}" ]
|
|
|
|
|
then
|
|
|
|
|
unset ANSWER
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2007-09-23 08:04:48 +00:00
|
|
|
|
2007-09-23 08:05:15 +00:00
|
|
|
# Saving cache
|
|
|
|
|
Save_cache cache/packages_binary
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:51 +00:00
|
|
|
# Removing depends
|
|
|
|
|
Remove_package
|
2007-09-23 08:04:49 +00:00
|
|
|
|
|
|
|
|
# Creating stage file
|
|
|
|
|
Create_stagefile .stage/binary_encryption
|
