summaryrefslogtreecommitdiff
path: root/helpers/lh_binary_encryption
diff options
context:
space:
mode:
Diffstat (limited to 'helpers/lh_binary_encryption')
-rwxr-xr-xhelpers/lh_binary_encryption146
1 files changed, 146 insertions, 0 deletions
diff --git a/helpers/lh_binary_encryption b/helpers/lh_binary_encryption
new file mode 100755
index 000000000..d64af3743
--- /dev/null
+++ b/helpers/lh_binary_encryption
@@ -0,0 +1,146 @@
+#!/bin/sh
+
+# lh_binary_encryption(1) - encrypts rootfs
+# Copyright (C) 2006-2009 Daniel Baumann <daniel@debian.org>
+#
+# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+# This is free software, and you are welcome to redistribute it
+# under certain conditions; see COPYING for details.
+
+set -e
+
+# Including common functions
+. "${LH_BASE:-/usr/share/live-helper}"/functions.sh
+
+# Setting static variables
+DESCRIPTION="$(Echo 'encrypts rootfs')"
+HELP=""
+USAGE="${PROGRAM} [--force]"
+
+Arguments "${@}"
+
+# Reading configuration files
+Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
+Set_defaults
+
+if [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ]
+then
+ exit 0
+fi
+
+case "${LH_ENCRYPTION}" in
+ aes128|aes192|aes256)
+ ;;
+ ""|disabled)
+ exit 0
+ ;;
+ *)
+ Echo_error "Encryption type %s not supported." "${LH_ENCRYPTION}"
+ exit 1
+ ;;
+esac
+
+case "${LH_CHROOT_FILESYSTEM}" in
+ ext2|squashfs)
+ ;;
+
+ *)
+ Echo_error "Encryption not yet supported on %s filesystems." "${LH_CHROOT_FILESYSTEM}"
+ exit 1
+ ;;
+esac
+
+Echo_message "Begin encrypting root filesystem image..."
+
+# Requiring stage file
+Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs
+
+# Checking stage file
+Check_stagefile .stage/binary_encryption
+
+# Checking lock file
+Check_lockfile .lock
+
+# Creating lock file
+Create_lockfile .lock
+
+case "${LH_INITRAMFS}" in
+ casper)
+ INITFS="casper"
+ ;;
+
+ live-initramfs)
+ INITFS="live"
+ ;;
+esac
+
+# Checking depends
+Check_package chroot/usr/bin/aespipe aespipe
+
+# Restoring cache
+Restore_cache cache/packages_binary
+
+# Installing depends
+Install_package
+
+Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LH_CHROOT_FILESYSTEM}" "${LH_ENCRYPTION}"
+
+if [ "${LH_CHROOT_BUILD}" = "enabled" ]
+then
+ # Moving image
+ mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
+fi
+
+while true
+do
+ echo
+ echo " **************************************"
+ Echo " ** Configuring encrypted filesystem **"
+ echo " **************************************"
+ Echo " (Passwords must be at least 20 characters long)"
+ echo
+
+ case "${LH_CHROOT_BUILD}" in
+ enabled)
+ if Chroot chroot aespipe -e ${LH_ENCRYPTION} -T \
+ < chroot/filesystem.${LH_CHROOT_FILESYSTEM} \
+ > chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+ then
+ mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
+ break
+ fi
+ ;;
+ disabled)
+ if aespipe -e ${LH_ENCRYPTION} -T \
+ < binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \
+ > binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+ then
+ mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
+ break
+ fi
+ ;;
+ esac
+
+ printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
+ read ANSWER
+
+ if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
+ then
+ unset ANSWER
+ break
+ fi
+done
+
+# Cleanup temporary filesystems
+rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}
+rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
+
+# Saving cache
+Save_cache cache/packages_binary
+
+# Removing depends
+Remove_package
+
+# Creating stage file
+Create_stagefile .stage/binary_encryption