summaryrefslogtreecommitdiff
path: root/helpers/lh_binary_encryption
blob: f055a076cb89aa5fb8de6a6229c789507ff73bb9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/sh

# lh_binary_encryption(1) - encrypts rootfs
# Copyright (C) 2006-2007 Daniel Baumann <daniel@debian.org>
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
# This is free software, and you are welcome to redistribute it
# under certain conditions; see COPYING for details.

set -e

# Source common functions
for FUNCTION in /usr/share/live-helper/functions/*.sh
do
	. ${FUNCTION}
done

# Set static variables
DESCRIPTION="encrypts rootfs"
HELP=""
USAGE="${PROGRAM} [--force]"

Arguments "${@}"

Echo_debug "Init ${PROGRAM}"

# Reading configuration files
Read_conffile config/common
Read_conffile config/bootstrap
Read_conffile config/chroot
Read_conffile config/binary
Read_conffile config/source
Set_defaults

if [ -z "${LIVE_ENCRYPTION}" ]
then
	exit 0
fi

Breakpoint "binary_encryption: Init"

# Requiring stage file
Require_stagefile .stage/bootstrap
Require_stagefile .stage/binary_rootfs

# Checking stage file
Check_stagefile .stage/binary_encryption

# Checking lock file
Check_lockfile .lock

# Creating lock file
Create_lockfile .lock

case "${LH_INITRAMFS}" in
	casper)
		INITFS="casper"
		;;

	live-initramfs)
		INITFS="live"
		;;
esac

case "${LIVE_CHROOT_FILESYSTEM}" in
	ext2)
		ROOTFS="ext2"
		;;

	plain)
		Echo_warning "encryption not supported on plain filesystem."
		exit 0
		;;

	squashfs)
		ROOTFS="squashfs"
		;;
esac

# Checking depends
Check_package chroot/usr/bin/aespipe aespipe

# Installing depends
Install_package

# Moving image
mv binary/${INITFS}/filesystem.${LIVE_CHROOT_FILESYSTEM} chroot

echo "Encrypting binary/${INITFS}/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."

cat >> chroot/encrypt.sh << EOF
while true
do
	cat filesystem.${ROOTFS} | aespipe -e ${LIVE_ENCRYPTION} -T > filesystem.${ROOTFS}.tmp && mv filesystem.${ROOTFS}.tmp filesystem.${ROOTFS} && break

	echo -n "Something went wrong... Retry? [YES/no] "

	read ANSWER

	if [ "no" = "${ANSWER}" ]
	then
		unset ANSWER
		break
	fi
done
EOF

Chroot "sh encrypt.sh"

# Move image
mv chroot/filesystem.${LIVE_CHROOT_FILESYSTEM} binary/${INITFS}
rm -f chroot/encrypt.sh

# Removing depends
Remove_package

# Creating stage file
Create_stagefile .stage/binary_encryption