Support for reusing a generated set of child keys

author: Andrew Cady <d@jerkface.net> 2017-03-28 15:46:55 -0400
committer: Andrew Cady <d@jerkface.net> 2017-03-28 15:48:00 -0400
commit: 46f69c74a01659ccd78dcb32ea5933edaa0c9241 (patch)
tree: 3fac5f11767a5accdc4147841e4433f515c42a9e
parent: 3929c490ecb35d285fd324c632b3dc83d1d1c10c (diff)
2 files changed, 52 insertions, 2 deletions
diff --git a/src/store-child-permanently b/src/store-child-permanently
new file mode 100755
index 0000000..463f776
--- /dev/null
+++ b/src/store-child-permanently
@@ -0,0 +1,44 @@
+#!/bin/sh
+. samizdat-paths.sh
+error()
+{
+  printf 'Error: %s\n' "${*:-command failed}" >&2
+  exit 1
+}
+warning()
+{
+  printf 'Warning: %s\n' "${*:-something went wrong}" >&2
+}
+store_tmpfs()
+{
+  local dir="$1"
+  mountpoint -q "$dir"       || return 0
+  [ ! -d "$dir".backup ]     || error "existing child backup found: '$dir.backup'.  Refusing to continue."
+  cp -a "$dir" "$dir".backup || error "failed to make copy of child."
+  umount "$dir"              || error "failed to unmount child tmpfs"
+  rmdir "$dir"               || mv -Tb "$dir" "$dir".unlikely
+  mv -T "$dir".backup "$dir" || error "failed to move copied child dir into place.  Child will not function!"
+}
+assert_root()
+{
+  [ "$(id -u)" = 0 ] || error "you are not root"
+}
+main()
+{
+  assert_root
+  child=$1
+  [ "$child" ] || usage
+  if [ -d "$samizdat_child_dir"/child."$child" ]; then
+    store_tmpfs "$samizdat_child_dir"/child."$child"
+  else
+    error "not a valid child: $child"
+  fi
+}
+main "$@"
diff --git a/src/xorriso-usb.sh b/src/xorriso-usb.sh
index 2b3214f..03c6482 100644
--- a/src/xorriso-usb.sh
+++ b/src/xorriso-usb.sh
@@ -12,7 +12,7 @@ efi_dir=$samizdat_grub_efi_dir
 die() { printf "%s: Error: %s\n" "$0" "$*" >&2; exit 1; }
-TEMP="$(getopt -o '' --long bootloader,adam,usb,detach,in:,out:,test -n "$0" -- "$@")" ||
+TEMP="$(getopt -o '' --long bootloader,reuse-child:,adam,usb,detach,in:,out:,test -n "$0" -- "$@")" ||
    die 'getopt error'
 eval set -- "$TEMP"
@@ -26,6 +26,7 @@ while [ $# -gt 0 ]; do
        --test)   shift; QUICK_TEST=y;;
        --out)    CMDLINE_OUTDEV="$2"; USB=; shift 2;;
        --in)     INPUT_DEVICE="$2"; shift 2;;
+        --reuse-child) REUSE_CHILD=y; child_dir=$samizdat_child_dir/child."$2"; shift 2;;
        --)       shift; break;;
        *) die 'getopt error';;
    esac
@@ -139,7 +140,12 @@ grub-efi.sh || die "grub-efi.sh failed"
 choose_outdev
-generate_keys
+if [ "$REUSE_CHILD" ]; then
+    gnupghome=$child_dir/root/.gnupg
+    [ -d "$gnupghome" ] || die "invalid child"
+else
+    generate_keys
+fi
 try_mount()
 {
author	Andrew Cady <d@jerkface.net>	2017-03-28 15:46:55 -0400
committer	Andrew Cady <d@jerkface.net>	2017-03-28 15:48:00 -0400
commit	46f69c74a01659ccd78dcb32ea5933edaa0c9241 (patch)
tree	3fac5f11767a5accdc4147841e4433f515c42a9e
parent	3929c490ecb35d285fd324c632b3dc83d1d1c10c (diff)

diff --git a/src/store-child-permanently b/src/store-child-permanently new file mode 100755 index 0000000..463f776 --- /dev/null +++ b/src/store-child-permanently
@@ -0,0 +1,44 @@
		1	#!/bin/sh
		2
		3	. samizdat-paths.sh
		4
		5	error()
		6	{
		7	printf 'Error: %s\n' "${*:-command failed}" >&2
		8	exit 1
		9	}
		10
		11	warning()
		12	{
		13	printf 'Warning: %s\n' "${*:-something went wrong}" >&2
		14	}
		15
		16	store_tmpfs()
		17	{
		18	local dir="$1"
		19	mountpoint -q "$dir" \|\| return 0
		20	[ ! -d "$dir".backup ] \|\| error "existing child backup found: '$dir.backup'. Refusing to continue."
		21	cp -a "$dir" "$dir".backup \|\| error "failed to make copy of child."
		22	umount "$dir" \|\| error "failed to unmount child tmpfs"
		23	rmdir "$dir" \|\| mv -Tb "$dir" "$dir".unlikely
		24	mv -T "$dir".backup "$dir" \|\| error "failed to move copied child dir into place. Child will not function!"
		25	}
		26
		27	assert_root()
		28	{
		29	[ "$(id -u)" = 0 ] \|\| error "you are not root"
		30	}
		31
		32	main()
		33	{
		34	assert_root
		35	child=$1
		36	[ "$child" ] \|\| usage
		37	if [ -d "$samizdat_child_dir"/child."$child" ]; then
		38	store_tmpfs "$samizdat_child_dir"/child."$child"
		39	else
		40	error "not a valid child: $child"
		41	fi
		42	}
		43
		44	main "$@"


diff --git a/src/xorriso-usb.sh b/src/xorriso-usb.sh index 2b3214f..03c6482 100644 --- a/src/xorriso-usb.sh +++ b/src/xorriso-usb.sh
@@ -12,7 +12,7 @@ efi_dir=$samizdat_grub_efi_dir
12		12
13	die() { printf "%s: Error: %s\n" "$0" "$*" >&2; exit 1; }	13	die() { printf "%s: Error: %s\n" "$0" "$*" >&2; exit 1; }
14		14
15	TEMP="$(getopt -o '' --long bootloader,adam,usb,detach,in:,out:,test -n "$0" -- "$@")" \|\|	15	TEMP="$(getopt -o '' --long bootloader,reuse-child:,adam,usb,detach,in:,out:,test -n "$0" -- "$@")" \|\|
16	die 'getopt error'	16	die 'getopt error'
17	eval set -- "$TEMP"	17	eval set -- "$TEMP"
18		18
@@ -26,6 +26,7 @@ while [ $# -gt 0 ]; do
26	--test) shift; QUICK_TEST=y;;	26	--test) shift; QUICK_TEST=y;;
27	--out) CMDLINE_OUTDEV="$2"; USB=; shift 2;;	27	--out) CMDLINE_OUTDEV="$2"; USB=; shift 2;;
28	--in) INPUT_DEVICE="$2"; shift 2;;	28	--in) INPUT_DEVICE="$2"; shift 2;;
		29	--reuse-child) REUSE_CHILD=y; child_dir=$samizdat_child_dir/child."$2"; shift 2;;
29	--) shift; break;;	30	--) shift; break;;
30	*) die 'getopt error';;	31	*) die 'getopt error';;
31	esac	32	esac
@@ -139,7 +140,12 @@ grub-efi.sh \|\| die "grub-efi.sh failed"
139		140
140	choose_outdev	141	choose_outdev
141		142
142	generate_keys	143	if [ "$REUSE_CHILD" ]; then
		144	gnupghome=$child_dir/root/.gnupg
		145	[ -d "$gnupghome" ] \|\| die "invalid child"
		146	else
		147	generate_keys
		148	fi
143		149
144	try_mount()	150	try_mount()
145	{	151	{