lh_binary_encryption: Rework and fix broken AES encryption routines
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
This commit is contained in:
parent
31dca28f67
commit
ea375828e9
|
@ -92,54 +92,58 @@ Restore_cache cache/packages_binary
|
||||||
# Installing depends
|
# Installing depends
|
||||||
Install_package
|
Install_package
|
||||||
|
|
||||||
case "${LH_CHROOT_BUILD}" in
|
Echo_message "Encrypting binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} with ${LH_ENCRYPTION}..."
|
||||||
enabled)
|
|
||||||
# Moving image
|
|
||||||
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
|
|
||||||
|
|
||||||
echo "Encrypting binary/${INITFS}/filesystem.${ROOTFS} with ${LH_ENCRYPTION}..."
|
if [ "${LH_CHROOT_BUILD}" = "enabled" ]
|
||||||
|
then
|
||||||
|
# Moving image
|
||||||
|
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
|
||||||
|
fi
|
||||||
|
|
||||||
cat >> chroot/encrypt.sh << EOF
|
|
||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
cat filesystem.${ROOTFS} | aespipe -e ${LH_ENCRYPTION} -T > filesystem.${ROOTFS}.tmp && mv filesystem.${ROOTFS}.tmp filesystem.${ROOTFS} && break
|
echo
|
||||||
|
echo " **************************************"
|
||||||
|
echo " ** Configuring encrypted filesystem **"
|
||||||
|
echo " **************************************"
|
||||||
|
echo " (Passwords must be at least 20 characters long)"
|
||||||
|
echo
|
||||||
|
|
||||||
echo -n "Something went wrong... Retry? [YES/no] "
|
case "${LH_CHROOT_BUILD}" in
|
||||||
|
enabled)
|
||||||
|
if Chroot aespipe -e ${LH_ENCRYPTION} -T \
|
||||||
|
< chroot/filesystem.${LH_CHROOT_FILESYSTEM} \
|
||||||
|
> chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
|
||||||
|
then
|
||||||
|
mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
disabled)
|
||||||
|
if aespipe -e ${LH_ENCRYPTION} -T \
|
||||||
|
< binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \
|
||||||
|
> binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
|
||||||
|
then
|
||||||
|
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
|
||||||
read ANSWER
|
read ANSWER
|
||||||
|
|
||||||
if [ "no" = "${ANSWER}" ]
|
if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
|
||||||
then
|
then
|
||||||
unset ANSWER
|
unset ANSWER
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
EOF
|
|
||||||
|
# Cleanup temporary filesystems
|
||||||
Chroot "sh encrypt.sh"
|
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}
|
||||||
|
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
|
||||||
# Move image
|
rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
|
||||||
mv chroot/filesystem.${LH_CHROOT_FILESYSTEM} binary/${INITFS}
|
|
||||||
rm -f chroot/encrypt.sh
|
|
||||||
;;
|
|
||||||
|
|
||||||
disabled)
|
|
||||||
while true
|
|
||||||
do
|
|
||||||
cat binary/${INITFS}/filesystem.${ROOTFS} | aespipe -e ${LH_ENCRYPTION} -T > binary/${INITFS}/filesystem.${ROOTFS}.tmp && mv binary/${INITFS}/filesystem.${ROOTFS}.tmp binary/${INITFS}/filesystem.${ROOTFS} && break
|
|
||||||
|
|
||||||
echo -n "Something went wrong... Retry? [YES/no] "
|
|
||||||
|
|
||||||
read ANSWER
|
|
||||||
|
|
||||||
if [ "no" = "${ANSWER}" ]
|
|
||||||
then
|
|
||||||
unset ANSWER
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Saving cache
|
# Saving cache
|
||||||
Save_cache cache/packages_binary
|
Save_cache cache/packages_binary
|
||||||
|
|
Loading…
Reference in New Issue