summaryrefslogtreecommitdiff
path: root/helpers/lh_binary_encryption
diff options
context:
space:
mode:
Diffstat (limited to 'helpers/lh_binary_encryption')
-rwxr-xr-xhelpers/lh_binary_encryption73
1 files changed, 73 insertions, 0 deletions
diff --git a/helpers/lh_binary_encryption b/helpers/lh_binary_encryption
new file mode 100755
index 000000000..9df73b2a3
--- /dev/null
+++ b/helpers/lh_binary_encryption
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+# lh_binary_encryption(1) - encrypts rootfs
+
+set -e
+
+# Source common functions
+for FUNCTION in /usr/share/live-helper/functions/*.sh
+do
+ . ${FUNCTION}
+done
+
+# Reading configuration files
+Read_conffile config/common
+Read_conffile config/image
+Set_defaults
+
+# Requiring stage file
+Require_stagefile "${LIVE_ROOT}"/.stage/bootstrap
+Require_stagefile "${LIVE_ROOT}"/.stage/binary_rootfs
+
+# Checking lock file
+Check_lockfile "${LIVE_ROOT}"/.lock
+
+# Creating lock file
+Create_lockfile "${LIVE_ROOT}"/.lock
+
+# Checking stage file
+Check_stagefile "${LIVE_ROOT}"/.stage/binary_encryption
+
+if [ -n "${LIVE_ENCRYPTION}" ]
+then
+ if [ ! -x /usr/bin/aespipe ]
+ then
+ echo "E: aespipe is missing (FIXME)."
+ exit 1
+ fi
+
+ case "${LIVE_FILESYSTEM}" in
+ ext2)
+ ROOTFS="ext2"
+ ;;
+
+ plain)
+ echo "W: encryption not supported on plain filesystem."
+ exit 0
+ ;;
+
+ squashfs)
+ ROOTFS="squashfs"
+ ;;
+ esac
+
+ echo "Encrypting ${LIVE_ROOT}/binary/casper/filesystem.${ROOTFS} with ${LIVE_ENCRYPTION}..."
+
+ while true
+ do
+ cat ${LIVE_ROOT}/binary/casper/filesystem.${ROOTFS} | aespipe -e "${LIVE_ENCRYPTION}" -T > "${LIVE_ROOT}"/binary/casper/filesystem.${ROOTFS} && break
+
+ echo -n "Something went wrong... Retry? [YES/no] "
+
+ read ANSWER
+
+ if [ 'no' = "${ANSWER}" ]
+ then
+ unset ANSWER
+ break
+ fi
+ done
+
+ # Creating stage file
+ Create_stagefile "${LIVE_ROOT}"/.stage/binary_encryption
+fi