Dropping lh_ prefix from internal helpers, this is not user visible.

1 files changed, 146 insertions, 0 deletions

diff --git a/helpers/binary_encryption b/helpers/binary_encryption
new file mode 100755
index 000000000..2990afa79
--- /dev/null
+++ b/helpers/binary_encryption
@@ -0,0 +1,146 @@
+#!/bin/sh
+
+# lh_binary_encryption(1) - encrypts rootfs
+# Copyright (C) 2006-2009 Daniel Baumann <daniel@debian.org>
+#
+# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+# This is free software, and you are welcome to redistribute it
+# under certain conditions; see COPYING for details.
+
+set -e
+
+# Including common functions
+. "${LH_BASE:-/usr/share/live-helper}"/live-helper.sh
+
+# Setting static variables
+DESCRIPTION="$(Echo 'encrypts rootfs')"
+HELP=""
+USAGE="${PROGRAM} [--force]"
+
+Arguments "${@}"
+
+# Reading configuration files
+Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
+Set_defaults
+
+if [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ]
+then
+	exit 0
+fi
+
+case "${LH_ENCRYPTION}" in
+	aes128|aes192|aes256)
+		;;
+	""|false)
+		exit 0
+		;;
+	*)
+		Echo_error "Encryption type %s not supported." "${LH_ENCRYPTION}"
+		exit 1
+		;;
+esac
+
+case "${LH_CHROOT_FILESYSTEM}" in
+	ext2|squashfs)
+		;;
+
+	*)
+		Echo_error "Encryption not yet supported on %s filesystems." "${LH_CHROOT_FILESYSTEM}"
+		exit 1
+		;;
+esac
+
+Echo_message "Begin encrypting root filesystem image..."
+
+# Requiring stage file
+Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs
+
+# Checking stage file
+Check_stagefile .stage/binary_encryption
+
+# Checking lock file
+Check_lockfile .lock
+
+# Creating lock file
+Create_lockfile .lock
+
+case "${LH_INITRAMFS}" in
+	casper)
+		INITFS="casper"
+		;;
+
+	live-initramfs)
+		INITFS="live"
+		;;
+esac
+
+# Checking depends
+Check_package chroot/usr/bin/aespipe aespipe
+
+# Restoring cache
+Restore_cache cache/packages_binary
+
+# Installing depends
+Install_package
+
+Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LH_CHROOT_FILESYSTEM}" "${LH_ENCRYPTION}"
+
+if [ "${LH_CHROOT_BUILD}" = "true" ]
+then
+	# Moving image
+	mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
+fi
+
+while true
+do
+	echo
+	echo " **************************************"
+	Echo " ** Configuring encrypted filesystem **"
+	echo " **************************************"
+	Echo " (Passwords must be at least 20 characters long)"
+	echo
+
+	case "${LH_CHROOT_BUILD}" in
+		true)
+			if Chroot chroot aespipe -e ${LH_ENCRYPTION} -T \
+				< chroot/filesystem.${LH_CHROOT_FILESYSTEM} \
+				> chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+			then
+				mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
+				break
+			fi
+			;;
+		false)
+			if aespipe -e ${LH_ENCRYPTION} -T \
+				< binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \
+				> binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+			then
+				mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
+				break
+			fi
+			;;
+	esac
+
+	printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
+	read ANSWER
+
+	if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
+	then
+		unset ANSWER
+		break
+	fi
+done
+	
+# Cleanup temporary filesystems
+rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}
+rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+
+# Saving cache
+Save_cache cache/packages_binary
+
+# Removing depends
+Remove_package
+
+# Creating stage file
+Create_stagefile .stage/binary_encryption