blob: f055a076cb89aa5fb8de6a6229c789507ff73bb9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#!/bin/sh
# lh_binary_encryption(1) - encrypts rootfs
# Copyright (C) 2006-2007 Daniel Baumann <daniel@debian.org>
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
# This is free software, and you are welcome to redistribute it
# under certain conditions; see COPYING for details.
set -e
# Source common functions
for FUNCTION in /usr/share/live-helper/functions/*.sh
do
. ${FUNCTION}
done
# Set static variables
DESCRIPTION="encrypts rootfs"
HELP=""
USAGE="${PROGRAM} [--force]"
Arguments "${@}"
Echo_debug "Init ${PROGRAM}"
# Reading configuration files
Read_conffile config/common
Read_conffile config/bootstrap
Read_conffile config/chroot
Read_conffile config/binary
Read_conffile config/source
Set_defaults
if [ -z "${LIVE_ENCRYPTION}" ]
then
exit 0
fi
Breakpoint "binary_encryption: Init"
# Requiring stage file
Require_stagefile .stage/bootstrap
Require_stagefile .stage/binary_rootfs
# Checking stage file
Check_stagefile .stage/binary_encryption
# Checking lock file
Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
case "${LH_INITRAMFS}" in
casper)
INITFS="casper"
;;
live-initramfs)
INITFS="live"
;;
esac
case "${LIVE_CHROOT_FILESYSTEM}" in
ext2)
ROOTFS="ext2"
;;
plain)
Echo_warning "encryption not supported on plain filesystem."
exit 0
;;
squashfs)
ROOTFS="squashfs"
;;
esac
# Checking depends
Check_package chroot/usr/bin/aespipe aespipe
# Installing depends
Install_package
# Moving image
mv binary/${INITFS}/filesystem.${LIVE_CHROOT_FILESYSTEM} chroot
echo "Encrypting binary/${INITFS}/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."
cat >> chroot/encrypt.sh << EOF
while true
do
cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS}.tmp && mv filesystem.${ROOTFS}.tmp filesystem.${ROOTFS} && break
echo -n "Something went wrong... Retry? [YES/no] "
read ANSWER
if [ "no" = "${ANSWER}" ]
then
unset ANSWER
break
fi
done
EOF
Chroot "sh encrypt.sh"
# Move image
mv chroot/filesystem.${LIVE_CHROOT_FILESYSTEM} binary/${INITFS}
rm -f chroot/encrypt.sh
# Removing depends
Remove_package
# Creating stage file
Create_stagefile .stage/binary_encryption
|