diff options
Diffstat (limited to 'helpers/binary_encryption')
-rwxr-xr-x | helpers/binary_encryption | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/helpers/binary_encryption b/helpers/binary_encryption new file mode 100755 index 0000000..2990afa --- /dev/null +++ b/helpers/binary_encryption @@ -0,0 +1,146 @@ +#!/bin/sh + +# lh_binary_encryption(1) - encrypts rootfs +# Copyright (C) 2006-2009 Daniel Baumann <daniel@debian.org> +# +# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +# This is free software, and you are welcome to redistribute it +# under certain conditions; see COPYING for details. + +set -e + +# Including common functions +. "${LH_BASE:-/usr/share/live-helper}"/live-helper.sh + +# Setting static variables +DESCRIPTION="$(Echo 'encrypts rootfs')" +HELP="" +USAGE="${PROGRAM} [--force]" + +Arguments "${@}" + +# Reading configuration files +Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source +Set_defaults + +if [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ] +then + exit 0 +fi + +case "${LH_ENCRYPTION}" in + aes128|aes192|aes256) + ;; + ""|false) + exit 0 + ;; + *) + Echo_error "Encryption type %s not supported." "${LH_ENCRYPTION}" + exit 1 + ;; +esac + +case "${LH_CHROOT_FILESYSTEM}" in + ext2|squashfs) + ;; + + *) + Echo_error "Encryption not yet supported on %s filesystems." "${LH_CHROOT_FILESYSTEM}" + exit 1 + ;; +esac + +Echo_message "Begin encrypting root filesystem image..." + +# Requiring stage file +Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs + +# Checking stage file +Check_stagefile .stage/binary_encryption + +# Checking lock file +Check_lockfile .lock + +# Creating lock file +Create_lockfile .lock + +case "${LH_INITRAMFS}" in + casper) + INITFS="casper" + ;; + + live-initramfs) + INITFS="live" + ;; +esac + +# Checking depends +Check_package chroot/usr/bin/aespipe aespipe + +# Restoring cache +Restore_cache cache/packages_binary + +# Installing depends +Install_package + +Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LH_CHROOT_FILESYSTEM}" "${LH_ENCRYPTION}" + +if [ "${LH_CHROOT_BUILD}" = "true" ] +then + # Moving image + mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot +fi + +while true +do + echo + echo " **************************************" + Echo " ** Configuring encrypted filesystem **" + echo " **************************************" + Echo " (Passwords must be at least 20 characters long)" + echo + + case "${LH_CHROOT_BUILD}" in + true) + if Chroot chroot aespipe -e ${LH_ENCRYPTION} -T \ + < chroot/filesystem.${LH_CHROOT_FILESYSTEM} \ + > chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp + then + mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} + break + fi + ;; + false) + if aespipe -e ${LH_ENCRYPTION} -T \ + < binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \ + > binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp + then + mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} + break + fi + ;; + esac + + printf "\nThere was an error configuring encryption ... Retry? [Y/n] " + read ANSWER + + if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ] + then + unset ANSWER + break + fi +done + +# Cleanup temporary filesystems +rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM} +rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp +rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp + +# Saving cache +Save_cache cache/packages_binary + +# Removing depends +Remove_package + +# Creating stage file +Create_stagefile .stage/binary_encryption |