2007-09-23 08:04:46 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# lh_binary_encryption(1) - encrypts rootfs
|
2007-09-23 08:04:48 +00:00
|
|
|
# Copyright (C) 2006-2007 Daniel Baumann <daniel@debian.org>
|
|
|
|
|
#
|
|
|
|
|
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
|
|
|
|
|
# This is free software, and you are welcome to redistribute it
|
|
|
|
|
# under certain conditions; see COPYING for details.
|
2007-09-23 08:04:46 +00:00
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
# Source common functions
|
|
|
|
|
for FUNCTION in /usr/share/live-helper/functions/*.sh
|
|
|
|
|
do
|
|
|
|
|
. ${FUNCTION}
|
|
|
|
|
done
|
|
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
# Set static variables
|
|
|
|
|
DESCRIPTION="encrypts rootfs"
|
|
|
|
|
HELP=""
|
|
|
|
|
USAGE="${PROGRAM} [--force]"
|
|
|
|
|
|
|
|
|
|
Arguments "${@}"
|
|
|
|
|
|
2007-09-23 08:04:46 +00:00
|
|
|
# Reading configuration files
|
|
|
|
|
Read_conffile config/common
|
|
|
|
|
Read_conffile config/image
|
|
|
|
|
Set_defaults
|
|
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
if [ -n "${LIVE_ENCRYPTION}" ]
|
|
|
|
|
then
|
|
|
|
|
# Requiring stage file
|
|
|
|
|
Require_stagefile .stage/bootstrap
|
|
|
|
|
Require_stagefile .stage/binary_rootfs
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
# Checking lock file
|
|
|
|
|
Check_lockfile .lock
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
# Creating lock file
|
|
|
|
|
Create_lockfile .lock
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
# Checking stage file
|
|
|
|
|
Check_stagefile .stage/binary_encryption
|
2007-09-23 08:04:46 +00:00
|
|
|
|
|
|
|
|
case "${LIVE_FILESYSTEM}" in
|
|
|
|
|
ext2)
|
|
|
|
|
ROOTFS="ext2"
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
plain)
|
|
|
|
|
echo "W: encryption not supported on plain filesystem."
|
|
|
|
|
exit 0
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
squashfs)
|
|
|
|
|
ROOTFS="squashfs"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
if [ ! -f chroot/usr/bin/aespipe ]
|
|
|
|
|
then
|
|
|
|
|
PACKAGES="${PACKAGES} aespipe"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -n "${PACKAGES}" ]
|
|
|
|
|
then
|
|
|
|
|
# Installing packages
|
|
|
|
|
case "${LH_APT}" in
|
|
|
|
|
apt|apt-get)
|
|
|
|
|
Chroot "apt-get install --yes ${PACKAGES}"
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
aptitude)
|
|
|
|
|
Chroot "aptitude install --assume-yes ${PACKAGES}"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Moving image
|
|
|
|
|
mv binary/casper/filesystem.${LIVE_FILESYSTEM} chroot
|
|
|
|
|
|
2007-09-23 08:04:47 +00:00
|
|
|
echo "Encrypting binary/casper/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
cat >> chroot/encrypt << EOF
|
|
|
|
|
while true
|
|
|
|
|
do
|
|
|
|
|
cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS} && break
|
|
|
|
|
|
|
|
|
|
echo -n "Something went wrong... Retry? [YES/no] "
|
|
|
|
|
|
|
|
|
|
read ANSWER
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
if [ "no" = "${ANSWER}" ]
|
|
|
|
|
then
|
|
|
|
|
unset ANSWER
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
EOF
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
Chroot "sh encrypt"
|
2007-09-23 08:04:46 +00:00
|
|
|
|
2007-09-23 08:04:48 +00:00
|
|
|
# Move image
|
|
|
|
|
mv chroot/filesystem.${LIVE_FILESYSTEM} binary/casper
|
|
|
|
|
rm -f chroot/encrypt
|
|
|
|
|
|
|
|
|
|
# Removing packages
|
|
|
|
|
if [ -n "${PACKAGES}" ]
|
|
|
|
|
then
|
|
|
|
|
case "${LH_APT}" in
|
|
|
|
|
apt|apt-get)
|
|
|
|
|
Chroot "apt-get remove --purge --yes ${PACKAGES}"
|
|
|
|
|
;;
|
|
|
|
|
aptitude)
|
|
|
|
|
Chroot "aptitude purge --assume-yes ${PACKAGES}"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
fi
|
2007-09-23 08:04:46 +00:00
|
|
|
|
|
|
|
|
# Creating stage file
|
2007-09-23 08:04:47 +00:00
|
|
|
Create_stagefile .stage/binary_encryption
|
2007-09-23 08:04:46 +00:00
|
|
|
fi
|
