blob: 871adaabe29d7e45f98c8fd68507d471fd9b67e6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
#!/bin/sh
# lh_binary_encryption(1) - encrypts rootfs
set -e
# Source common functions
for FUNCTION in /usr/share/live-helper/functions/*.sh
do
. ${FUNCTION}
done
# Reading configuration files
Read_conffile config/common
Read_conffile config/image
Set_defaults
# Requiring stage file
Require_stagefile .stage/bootstrap
Require_stagefile .stage/binary_rootfs
# Checking lock file
Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
# Checking stage file
Check_stagefile .stage/binary_encryption
if [ -n "${LIVE_ENCRYPTION}" ]
then
if [ ! -x /usr/bin/aespipe ]
then
echo "E: aespipe is missing (FIXME)."
exit 1
fi
case "${LIVE_FILESYSTEM}" in
ext2)
ROOTFS="ext2"
;;
plain)
echo "W: encryption not supported on plain filesystem."
exit 0
;;
squashfs)
ROOTFS="squashfs"
;;
esac
echo "Encrypting binary/casper/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."
while true
do
cat binary/casper/filesystem.${ROOTFS} | aespipe -e "${LIVE_ENCRYPTION}" -T > binary/casper/filesystem.${ROOTFS} && break
echo -n "Something went wrong... Retry? [YES/no] "
read ANSWER
if [ 'no' = "${ANSWER}" ]
then
unset ANSWER
break
fi
done
# Creating stage file
Create_stagefile .stage/binary_encryption
fi
|
