#!/bin/sh # lh_binary_encryption(1) - encrypts rootfs # Copyright (C) 2006-2007 Daniel Baumann # # live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. # This is free software, and you are welcome to redistribute it # under certain conditions; see COPYING for details. set -e # Source common functions for FUNCTION in /usr/share/live-helper/functions/*.sh do . ${FUNCTION} done # Set static variables DESCRIPTION="encrypts rootfs" HELP="" USAGE="${PROGRAM} [--force]" Arguments "${@}" Echo_debug "Init ${PROGRAM}" # Reading configuration files Read_conffile config/common Read_conffile config/bootstrap Read_conffile config/chroot Read_conffile config/binary Read_conffile config/source Set_defaults if [ -z "${LIVE_ENCRYPTION}" ] then exit 0 fi Breakpoint "binary_encryption: Init" # Requiring stage file Require_stagefile .stage/bootstrap Require_stagefile .stage/binary_rootfs # Checking stage file Check_stagefile .stage/binary_encryption # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock case "${LH_INITRAMFS}" in casper) INITFS="casper" ;; live-initramfs) INITFS="live" ;; esac case "${LIVE_CHROOT_FILESYSTEM}" in ext2) ROOTFS="ext2" ;; plain) Echo_warning "encryption not supported on plain filesystem." exit 0 ;; squashfs) ROOTFS="squashfs" ;; esac # Checking depends Check_package chroot/usr/bin/aespipe aespipe # Installing depends Install_package # Moving image mv binary/${INITFS}/filesystem.${LIVE_CHROOT_FILESYSTEM} chroot echo "Encrypting binary/${INITFS}/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..." cat >> chroot/encrypt.sh << EOF while true do cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS}.tmp && mv filesystem.${ROOTFS}.tmp filesystem.${ROOTFS} && break echo -n "Something went wrong... Retry? [YES/no] " read ANSWER if [ "no" = "${ANSWER}" ] then unset ANSWER break fi done EOF Chroot "sh encrypt.sh" # Move image mv chroot/filesystem.${LIVE_CHROOT_FILESYSTEM} binary/${INITFS} rm -f chroot/encrypt.sh # Removing depends Remove_package # Creating stage file Create_stagefile .stage/binary_encryption