diff options
author | Chris Lamb <chris@chris-lamb.co.uk> | 2008-03-23 04:20:31 +0000 |
---|---|---|
committer | Daniel Baumann <daniel@debian.org> | 2011-03-09 19:03:28 +0100 |
commit | 13625df75ce06441df9c8e19d104c4fabf69bafe (patch) | |
tree | 12040b06e228dd8703aa833edc89a0dc75c22c85 /helpers | |
parent | 322d45eeaf84b53edd4a2481ef06a3c0a1a29ec0 (diff) | |
download | vyos-live-build-13625df75ce06441df9c8e19d104c4fabf69bafe.tar.gz vyos-live-build-13625df75ce06441df9c8e19d104c4fabf69bafe.zip |
lh_binary_encryption: Rework and fix broken AES encryption routines
Diffstat (limited to 'helpers')
-rwxr-xr-x | helpers/lh_binary_encryption | 76 |
1 files changed, 40 insertions, 36 deletions
diff --git a/helpers/lh_binary_encryption b/helpers/lh_binary_encryption index e4157a4da..35bdc2421 100755 --- a/helpers/lh_binary_encryption +++ b/helpers/lh_binary_encryption @@ -92,54 +92,58 @@ Restore_cache cache/packages_binary # Installing depends Install_package -case "${LH_CHROOT_BUILD}" in - enabled) - # Moving image - mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot +Echo_message "Encrypting binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} with ${LH_ENCRYPTION}..." -echo "Encrypting binary/${INITFS}/filesystem.${ROOTFS} with ${LH_ENCRYPTION}..." +if [ "${LH_CHROOT_BUILD}" = "enabled" ] +then + # Moving image + mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot +fi -cat >> chroot/encrypt.sh << EOF while true do - cat filesystem.${ROOTFS} | aespipe -e ${LH_ENCRYPTION} -T > filesystem.${ROOTFS}.tmp && mv filesystem.${ROOTFS}.tmp filesystem.${ROOTFS} && break - - echo -n "Something went wrong... Retry? [YES/no] " + echo + echo " **************************************" + echo " ** Configuring encrypted filesystem **" + echo " **************************************" + echo " (Passwords must be at least 20 characters long)" + echo + + case "${LH_CHROOT_BUILD}" in + enabled) + if Chroot aespipe -e ${LH_ENCRYPTION} -T \ + < chroot/filesystem.${LH_CHROOT_FILESYSTEM} \ + > chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp + then + mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} + break + fi + ;; + disabled) + if aespipe -e ${LH_ENCRYPTION} -T \ + < binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \ + > binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp + then + mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} + break + fi + ;; + esac + printf "\nThere was an error configuring encryption ... Retry? [Y/n] " read ANSWER - if [ "no" = "${ANSWER}" ] + if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ] then unset ANSWER break fi done -EOF - - Chroot "sh encrypt.sh" - - # Move image - mv chroot/filesystem.${LH_CHROOT_FILESYSTEM} binary/${INITFS} - rm -f chroot/encrypt.sh - ;; - - disabled) - while true - do - cat binary/${INITFS}/filesystem.${ROOTFS} | aespipe -e ${LH_ENCRYPTION} -T > binary/${INITFS}/filesystem.${ROOTFS}.tmp && mv binary/${INITFS}/filesystem.${ROOTFS}.tmp binary/${INITFS}/filesystem.${ROOTFS} && break - - echo -n "Something went wrong... Retry? [YES/no] " - - read ANSWER - - if [ "no" = "${ANSWER}" ] - then - unset ANSWER - break - fi - done - ;; -esac + +# Cleanup temporary filesystems +rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM} +rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp +rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp # Saving cache Save_cache cache/packages_binary |