blob: 03c056f05194c286ef4751a4735d2573977ba0c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#!/bin/sh
# lh_binary_encryption(1) - encrypts rootfs
# Copyright (C) 2006-2007 Daniel Baumann <daniel@debian.org>
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
# This is free software, and you are welcome to redistribute it
# under certain conditions; see COPYING for details.
set -e
# Source common functions
for FUNCTION in /usr/share/live-helper/functions/*.sh
do
. ${FUNCTION}
done
# Set static variables
DESCRIPTION="encrypts rootfs"
HELP=""
USAGE="${PROGRAM} [--force]"
Arguments "${@}"
# Reading configuration files
Read_conffile config/common
Read_conffile config/image
Set_defaults
if [ -n "${LIVE_ENCRYPTION}" ]
then
# Requiring stage file
Require_stagefile .stage/bootstrap
Require_stagefile .stage/binary_rootfs
# Checking lock file
Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
# Checking stage file
Check_stagefile .stage/binary_encryption
case "${LIVE_FILESYSTEM}" in
ext2)
ROOTFS="ext2"
;;
plain)
echo "W: encryption not supported on plain filesystem."
exit 0
;;
squashfs)
ROOTFS="squashfs"
;;
esac
if [ ! -f chroot/usr/bin/aespipe ]
then
PACKAGES="${PACKAGES} aespipe"
fi
if [ -n "${PACKAGES}" ]
then
# Installing packages
case "${LH_APT}" in
apt|apt-get)
Chroot "apt-get install --yes ${PACKAGES}"
;;
aptitude)
Chroot "aptitude install --assume-yes ${PACKAGES}"
;;
esac
fi
# Moving image
mv binary/casper/filesystem.${LIVE_FILESYSTEM} chroot
echo "Encrypting binary/casper/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."
cat >> chroot/encrypt << EOF
while true
do
cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS} && break
echo -n "Something went wrong... Retry? [YES/no] "
read ANSWER
if [ "no" = "${ANSWER}" ]
then
unset ANSWER
break
fi
done
EOF
Chroot "sh encrypt"
# Move image
mv chroot/filesystem.${LIVE_FILESYSTEM} binary/casper
rm -f chroot/encrypt
# Removing packages
if [ -n "${PACKAGES}" ]
then
case "${LH_APT}" in
apt|apt-get)
Chroot "apt-get remove --purge --yes ${PACKAGES}"
;;
aptitude)
Chroot "aptitude purge --assume-yes ${PACKAGES}"
;;
esac
fi
# Creating stage file
Create_stagefile .stage/binary_encryption
fi
|
