remove gpg

author: Andrew Cady <d@jerkface.net> 2023-06-21 23:40:03 -0400
committer: u <u@billy> 2023-11-17 08:44:10 -0500
commit: 191905e493e680dc8a36bce7d28d7e912d2e98bd (patch)
tree: 6ef9c8528268b7861af2c52f6b48f6e9032ecd68 /src
parent: 1b697950d2aca3395ca9d245cafca29af87a6c97 (diff)
5 files changed, 7 insertions, 139 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 894d835..5a43977 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -5,21 +5,6 @@
 losetup() { /sbin/losetup "$@"; }
-luks_secret()
-{
-  local parms=$-; # this junk keeps set -x from being too annoying
-  set +x
-  [ -n "$luks_secret" ] || luks_secret="$(head -c256 /dev/urandom)"
-  printf %s "$luks_secret"
-  case $parms in *x*) set -x; set -x ;; esac
-}
-floor4()
-{
-  # Negatives round up, but aren't used.
-  echo $(($1 / 4 * 4))
-}
 ceil4()
 {
  local x="$1"
@@ -205,11 +190,8 @@ initialize_root_filesystem()
    done
    chroot /root chown -R u:u ${uhome}
-    mv /root/root/.gnupg /root/root/.gnupg~
-    mv /gpg/gnupghome /root/root/.gnupg                 || return
    copy_execs sbin  mdadm dmsetup cryptsetup fsck.hfsplus
-    copy_execs bin   btrfs rsync gpg gpg2 gpg-agent
+    copy_execs bin   btrfs rsync
    # Copy these over unconditionally, because they ought to remain in sync with
    # the initrd.
@@ -333,8 +315,7 @@ open_samizdat_blockdev()
  if [ ! -e "$decrypted_keyfile" ]
  then
-    gpg2 --verify "$keyfile" || return
+    echo -n secret > "$decrypted_keyfile"
-    gpg2 --output=- --verify "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
  fi
  cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return
@@ -349,12 +330,9 @@ init_samizdat_blockdev()
  [ ! -b /dev/mapper/"$cryptname" ] || return
-  luks_secret >/dev/null
+  echo -n secret | cryptsetup -v luksFormat "$dev" - || return
-  luks_secret | gpg2 --default-recipient-self --encrypt --armor | gpg2 --clearsign --output "$keyfile" || return
-  luks_secret | cryptsetup -v luksFormat "$dev" - || return
  cryptsetup luksDump "$dev" >&2
-  luks_secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return
+  echo -n secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return
  [ -b /dev/mapper/"$cryptname" ] || return
 }
@@ -415,28 +393,6 @@ get_cdrom_sizelimit()
  fi
 }
-init_gpg()
-{
-  export GNUPGHOME=/gpg/gnupghome
-  mkdir -p "$GNUPGHOME"
-  if [ -e /gnupghome.tar ]; then
-      tar -C "$GNUPGHOME" -zxf /gnupghome.tar && bootdone samizdat-gpg
-      return
-  else
-      bootwait samizdat-cdrom
-      (umask 077; rsync --exclude '/luks-key*' --ignore-existing -rpP /cdrom/gnupghome/ "$GNUPGHOME")
-      bootdone samizdat-gpg
-  fi
-  local LOG_DIR=/run/initramfs/samizdat/log
-  if samizdat-password-agent > "$LOG_DIR"/samizdat-password-agent.log 2>&1; then
-    true
-  else
-    echo 'samizdat-password-agent failed; continuing in hope of hope...'
-    true # false
-  fi
-}
 start_meter()
 {
  local startmsg="$*"
diff --git a/src/initrd/common.sh b/src/initrd/common.sh
index 8f4e101..d7d7fa0 100644
--- a/src/initrd/common.sh
+++ b/src/initrd/common.sh
@@ -148,9 +148,4 @@ my_openvt()
  /bin/openvt -c "$@"
 }
-# This runs before way before NTP and on a LiveCD we have no
-# reason to trust the system clock.
-gpg2_nobatch() { GPG_TTY=$(tty) command gpg2 --ignore-time-conflict --ignore-valid-from "$@"; }
-gpg2() { gpg2_nobatch --batch "$@"; }
 xcp() { if [ -f "$1" -a ! -f "$2" ]; then cp "$1" "$2"; fi; }
diff --git a/src/initrd/grok-block b/src/initrd/grok-block
index a7056ad..d194486 100755
--- a/src/initrd/grok-block
+++ b/src/initrd/grok-block
@@ -7,15 +7,6 @@ case "$DEVNAME" in /dev/loop*|/dev/ram*|/dev/dm-*|/dev/md*|/dev/fd*) exit ;; esa
 debug_log "grok-block.${DEVNAME##*/}"
-addmenu_choosekey()
-{
-  dev=$1
-  dir=$2
-  addmenu "$dev//$dir" \
-          "[ Use the GPG key on $dev ]" \
-          "menu-select boot-gpg $dev $dir"
-}
 addmenu_repairhfs()
 {
  local device="$1"
@@ -87,26 +78,6 @@ retry_mount()
  done
 }
-Gpg2()
-{
-    gpg2 --lock-never --no-permission-warning --no-auto-check-trustdb --no-options "$@"
-}
-gpg_verify()
-{
-  [ -e "$1" ] || return
-  bootwait samizdat-gpg
-  export GNUPGHOME=/gpg/gnupghome
-  Gpg2 --verify "$1"
-}
-gpg_can_decrypt()
-{
-  [ -e "$1" ] || return
-  bootwait samizdat-gpg
-  Gpg2 --decrypt "$1" | Gpg2 --decrypt "$1" >/dev/null
-}
 is_lvm()
 {
  for n in 0 1 2 3; do
@@ -229,21 +200,7 @@ grok_block()
      # TODO: And what if we create partitions and then reboot the machine mid-install?
  elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then
-      :
+    bootdone samizdat-rootfs
-  elif [ "$ID_PART_ENTRY_NAME" = samizdat-keys ]; then
-      mkdir -p /gpg
-      cp -a "$mountpoint"/gnupghome /gpg/ && bootdone samizdat-gpg && bootdone samizdat-cdrom
-  elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then
-    if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then
-      umount "$mountpoint"
-      addmenu_choose_native_root "$(parent_device "$DEVNAME")"
-      bootdone key-mounted
-    else
-      umount "$mountpoint"
-    fi
  elif [ "$DEVNAME" = /dev/nbd1 ]; then
    # This is our rootfs, over the network
    umount "$mountpoint"
@@ -307,25 +264,6 @@ eval "$(PATH=$PATH:/lib/udev vol_id "$DEVNAME" |
  sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/"
 )"
-CDROM_ID_FS_UUID_ENC='73256269-4002-4e42-adbd-0e49ed1c7438'
+grok_block &
-CDROM_ID_FS_LABEL_ENC=$(sed 's/ /\\x20/g' /lib/samizdat/vol_id.txt)
-if [ "$ID_FS_UUID_ENC"  = "$CDROM_ID_FS_UUID_ENC" -o \
-     "$ID_FS_LABEL_ENC" = "$CDROM_ID_FS_LABEL_ENC" ]
-then
-  # Recognize and mount the Samizdat
-  if ! mountpoint -q /cdrom; then
-    mkdir -p /cdrom
-    . mdadm-dup.sh
-    dup_mount_cdrom "$DEVNAME" /cdrom && bootdone samizdat-cdrom
-    if [ -e /cdrom/gnupghome ]; then
-      # TODO: don't use first match
-      mkdir -p /gpg/gnupghome
-      cp /cdrom/gnupghome/* /gpg/gnupghome
-      bootdone samizdat-gpg
-    fi
-  fi
-else
-  grok_block &
-fi
 # vim:set et sw=2:
diff --git a/src/initrd/menu-select b/src/initrd/menu-select
index 1fcade4..9730c09 100755
--- a/src/initrd/menu-select
+++ b/src/initrd/menu-select
@@ -5,7 +5,6 @@
 #  $0 boot-overwrite    [dev name] [loop file] [megabytes] - overwrite with new luks overlay
 #  $0 boot-luks         [dev name] [loop file]             - boot existing luks-encrypted overlay
 #  $0 boot-destroy-disk [dev-name]                         - install to a fresh hard disk
-#  $0 boot-gpg          [key id] [gnupg homedir] [???]     - boot any device signed with the key
 . btrfs-create.sh
 . common.sh
@@ -76,7 +75,6 @@ case "$1" in
    # specified in KB here. I did not really believe it.
    modprobe brd rd_nr=1 rd_size=$memtotal_kb
-    init_gpg || error
    init_samizdat /dev/ram0 '' || {
        umount /root/cdrom
        umount /root/outerfs
@@ -94,7 +92,6 @@ case "$1" in
    mkfs.btrfs -f "$dev"2                                 || error
    mkdir /plaintext
    mount "$dev"2 /plaintext                              || error
-    init_gpg                                              || error
    init_samizdat_blockdev "$dev"3 /plaintext/disk.key    || error
    init_samizdat /dev/mapper/samizdatcrypt ''            || error
@@ -106,10 +103,7 @@ case "$1" in
  boot-native)
    dev="$2"
    umount /plaintext || true
-    mkdir /plaintext
+    open_samizdat_blockdev "$dev"3 - || error
-    mount "$dev"2 /plaintext                           || error
-    init_gpg                                           || error
-    open_samizdat_blockdev "$dev"3 /plaintext/disk.key || error
    open_samizdat                                      || error open_samizdat
    bootdone root-mounted
  ;;
@@ -128,8 +122,6 @@ case "$1" in
      rm "$loopfile" "$loopfile"k
    fi
-    init_gpg || error
    if [ "$1" = 'boot-luks' ]; then
      open_samizdat_blockdev_from_loop "$loopfile" "$loopfile"k || error
      open_samizdat || error open_samizdat
diff --git a/src/partvi b/src/partvi
index 54e534c..e34eef6 100755
--- a/src/partvi
+++ b/src/partvi
@@ -298,7 +298,6 @@ copy_data_to_mounted_target_filesystems()
            $sudo systemd-run -p BindPaths="$(realpath -e "$mnt"):/boot" --wait update-grub
            ;;
        samizdat-keys)
-            $sudo rsync  -a  --info=STATS  "$GPG_INPUT_DIR"/ "$mnt"/gnupghome/
            ;;
        efi-system-partition)
            EFI_DIR=$mnt
@@ -319,18 +318,6 @@ then sudo=
 else sudo=sudo
 fi
-if [ "$GPG_INPUT_DIR" ]
-then
-    $sudo [ -d "$GPG_INPUT_DIR" ]
-else
-    for d in /root/.gnupg /cdrom/gnupghome
-    do
-        $sudo [ -d "$d" ] || continue
-        GPG_INPUT_DIR=$d
-        break
-    done
-fi
 SKIP_ROOTFS_COPY=
 if [ "$1" = 'key' ]
 then
author	Andrew Cady <d@jerkface.net>	2023-06-21 23:40:03 -0400
committer	u <u@billy>	2023-11-17 08:44:10 -0500
commit	191905e493e680dc8a36bce7d28d7e912d2e98bd (patch)
tree	6ef9c8528268b7861af2c52f6b48f6e9032ecd68 /src
parent	1b697950d2aca3395ca9d245cafca29af87a6c97 (diff)

diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index 894d835..5a43977 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh
@@ -5,21 +5,6 @@
5		5
6	losetup() { /sbin/losetup "$@"; }	6	losetup() { /sbin/losetup "$@"; }
7		7
8	luks_secret()
9	{
10	local parms=$-; # this junk keeps set -x from being too annoying
11	set +x
12	[ -n "$luks_secret" ] \|\| luks_secret="$(head -c256 /dev/urandom)"
13	printf %s "$luks_secret"
14	case $parms in x) set -x; set -x ;; esac
15	}
16
17	floor4()
18	{
19	# Negatives round up, but aren't used.
20	echo $(($1 / 4 * 4))
21	}
22
23	ceil4()	8	ceil4()
24	{	9	{
25	local x="$1"	10	local x="$1"
@@ -205,11 +190,8 @@ initialize_root_filesystem()
205	done	190	done
206	chroot /root chown -R u:u ${uhome}	191	chroot /root chown -R u:u ${uhome}
207		192
208	mv /root/root/.gnupg /root/root/.gnupg~
209	mv /gpg/gnupghome /root/root/.gnupg \|\| return
210
211	copy_execs sbin mdadm dmsetup cryptsetup fsck.hfsplus	193	copy_execs sbin mdadm dmsetup cryptsetup fsck.hfsplus
212	copy_execs bin btrfs rsync gpg gpg2 gpg-agent	194	copy_execs bin btrfs rsync
213		195
214	# Copy these over unconditionally, because they ought to remain in sync with	196	# Copy these over unconditionally, because they ought to remain in sync with
215	# the initrd.	197	# the initrd.
@@ -333,8 +315,7 @@ open_samizdat_blockdev()
333		315
334	if [ ! -e "$decrypted_keyfile" ]	316	if [ ! -e "$decrypted_keyfile" ]
335	then	317	then
336	gpg2 --verify "$keyfile" \|\| return	318	echo -n secret > "$decrypted_keyfile"
337	gpg2 --output=- --verify "$keyfile" \| gpg2 --decrypt > "$decrypted_keyfile" \|\| return
338	fi	319	fi
339		320
340	cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" \|\| return	321	cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" \|\| return
@@ -349,12 +330,9 @@ init_samizdat_blockdev()
349		330
350	[ ! -b /dev/mapper/"$cryptname" ] \|\| return	331	[ ! -b /dev/mapper/"$cryptname" ] \|\| return
351		332
352	luks_secret >/dev/null	333	echo -n secret \| cryptsetup -v luksFormat "$dev" - \|\| return
353	luks_secret \| gpg2 --default-recipient-self --encrypt --armor \| gpg2 --clearsign --output "$keyfile" \|\| return
354
355	luks_secret \| cryptsetup -v luksFormat "$dev" - \|\| return
356	cryptsetup luksDump "$dev" >&2	334	cryptsetup luksDump "$dev" >&2
357	luks_secret \| cryptsetup --key-file - luksOpen "$dev" "$cryptname" \|\| return	335	echo -n secret \| cryptsetup --key-file - luksOpen "$dev" "$cryptname" \|\| return
358		336
359	[ -b /dev/mapper/"$cryptname" ] \|\| return	337	[ -b /dev/mapper/"$cryptname" ] \|\| return
360	}	338	}
@@ -415,28 +393,6 @@ get_cdrom_sizelimit()
415	fi	393	fi
416	}	394	}
417		395
418	init_gpg()
419	{
420	export GNUPGHOME=/gpg/gnupghome
421	mkdir -p "$GNUPGHOME"
422	if [ -e /gnupghome.tar ]; then
423	tar -C "$GNUPGHOME" -zxf /gnupghome.tar && bootdone samizdat-gpg
424	return
425	else
426	bootwait samizdat-cdrom
427	(umask 077; rsync --exclude '/luks-key*' --ignore-existing -rpP /cdrom/gnupghome/ "$GNUPGHOME")
428	bootdone samizdat-gpg
429	fi
430
431	local LOG_DIR=/run/initramfs/samizdat/log
432	if samizdat-password-agent > "$LOG_DIR"/samizdat-password-agent.log 2>&1; then
433	true
434	else
435	echo 'samizdat-password-agent failed; continuing in hope of hope...'
436	true # false
437	fi
438	}
439
440	start_meter()	396	start_meter()
441	{	397	{
442	local startmsg="$*"	398	local startmsg="$*"


diff --git a/src/initrd/common.sh b/src/initrd/common.sh index 8f4e101..d7d7fa0 100644 --- a/src/initrd/common.sh +++ b/src/initrd/common.sh
@@ -148,9 +148,4 @@ my_openvt()
148	/bin/openvt -c "$@"	148	/bin/openvt -c "$@"
149	}	149	}
150		150
151	# This runs before way before NTP and on a LiveCD we have no
152	# reason to trust the system clock.
153	gpg2_nobatch() { GPG_TTY=$(tty) command gpg2 --ignore-time-conflict --ignore-valid-from "$@"; }
154	gpg2() { gpg2_nobatch --batch "$@"; }
155
156	xcp() { if [ -f "$1" -a ! -f "$2" ]; then cp "$1" "$2"; fi; }	151	xcp() { if [ -f "$1" -a ! -f "$2" ]; then cp "$1" "$2"; fi; }


diff --git a/src/initrd/grok-block b/src/initrd/grok-block index a7056ad..d194486 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block
@@ -7,15 +7,6 @@ case "$DEVNAME" in /dev/loop\|/dev/ram\|/dev/dm-\|/dev/md\|/dev/fd*) exit ;; esa
7		7
8	debug_log "grok-block.${DEVNAME##*/}"	8	debug_log "grok-block.${DEVNAME##*/}"
9		9
10	addmenu_choosekey()
11	{
12	dev=$1
13	dir=$2
14	addmenu "$dev//$dir" \
15	"[ Use the GPG key on $dev ]" \
16	"menu-select boot-gpg $dev $dir"
17	}
18
19	addmenu_repairhfs()	10	addmenu_repairhfs()
20	{	11	{
21	local device="$1"	12	local device="$1"
@@ -87,26 +78,6 @@ retry_mount()
87	done	78	done
88	}	79	}
89		80
90	Gpg2()
91	{
92	gpg2 --lock-never --no-permission-warning --no-auto-check-trustdb --no-options "$@"
93	}
94
95	gpg_verify()
96	{
97	[ -e "$1" ] \|\| return
98	bootwait samizdat-gpg
99	export GNUPGHOME=/gpg/gnupghome
100	Gpg2 --verify "$1"
101	}
102
103	gpg_can_decrypt()
104	{
105	[ -e "$1" ] \|\| return
106	bootwait samizdat-gpg
107	Gpg2 --decrypt "$1" \| Gpg2 --decrypt "$1" >/dev/null
108	}
109
110	is_lvm()	81	is_lvm()
111	{	82	{
112	for n in 0 1 2 3; do	83	for n in 0 1 2 3; do
@@ -229,21 +200,7 @@ grok_block()
229	# TODO: And what if we create partitions and then reboot the machine mid-install?	200	# TODO: And what if we create partitions and then reboot the machine mid-install?
230		201
231	elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then	202	elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then
232	:	203	bootdone samizdat-rootfs
233
234	elif [ "$ID_PART_ENTRY_NAME" = samizdat-keys ]; then
235	mkdir -p /gpg
236	cp -a "$mountpoint"/gnupghome /gpg/ && bootdone samizdat-gpg && bootdone samizdat-cdrom
237
238	elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then
239	if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then
240	umount "$mountpoint"
241	addmenu_choose_native_root "$(parent_device "$DEVNAME")"
242	bootdone key-mounted
243	else
244	umount "$mountpoint"
245	fi
246
247	elif [ "$DEVNAME" = /dev/nbd1 ]; then	204	elif [ "$DEVNAME" = /dev/nbd1 ]; then
248	# This is our rootfs, over the network	205	# This is our rootfs, over the network
249	umount "$mountpoint"	206	umount "$mountpoint"
@@ -307,25 +264,6 @@ eval "$(PATH=$PATH:/lib/udev vol_id "$DEVNAME" \|
307	sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/"	264	sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/"
308	)"	265	)"
309		266
310	CDROM_ID_FS_UUID_ENC='73256269-4002-4e42-adbd-0e49ed1c7438'	267	grok_block &
311	CDROM_ID_FS_LABEL_ENC=$(sed 's/ /\\x20/g' /lib/samizdat/vol_id.txt)
312	if [ "$ID_FS_UUID_ENC" = "$CDROM_ID_FS_UUID_ENC" -o \
313	"$ID_FS_LABEL_ENC" = "$CDROM_ID_FS_LABEL_ENC" ]
314	then
315	# Recognize and mount the Samizdat
316	if ! mountpoint -q /cdrom; then
317	mkdir -p /cdrom
318	. mdadm-dup.sh
319	dup_mount_cdrom "$DEVNAME" /cdrom && bootdone samizdat-cdrom
320	if [ -e /cdrom/gnupghome ]; then
321	# TODO: don't use first match
322	mkdir -p /gpg/gnupghome
323	cp /cdrom/gnupghome/* /gpg/gnupghome
324	bootdone samizdat-gpg
325	fi
326	fi
327	else
328	grok_block &
329	fi
330		268
331	# vim:set et sw=2:	269	# vim:set et sw=2:


diff --git a/src/initrd/menu-select b/src/initrd/menu-select index 1fcade4..9730c09 100755 --- a/src/initrd/menu-select +++ b/src/initrd/menu-select
@@ -5,7 +5,6 @@
5	# $0 boot-overwrite [dev name] [loop file] [megabytes] - overwrite with new luks overlay	5	# $0 boot-overwrite [dev name] [loop file] [megabytes] - overwrite with new luks overlay
6	# $0 boot-luks [dev name] [loop file] - boot existing luks-encrypted overlay	6	# $0 boot-luks [dev name] [loop file] - boot existing luks-encrypted overlay
7	# $0 boot-destroy-disk [dev-name] - install to a fresh hard disk	7	# $0 boot-destroy-disk [dev-name] - install to a fresh hard disk
8	# $0 boot-gpg [key id] [gnupg homedir] [???] - boot any device signed with the key
9		8
10	. btrfs-create.sh	9	. btrfs-create.sh
11	. common.sh	10	. common.sh
@@ -76,7 +75,6 @@ case "$1" in
76	# specified in KB here. I did not really believe it.	75	# specified in KB here. I did not really believe it.
77	modprobe brd rd_nr=1 rd_size=$memtotal_kb	76	modprobe brd rd_nr=1 rd_size=$memtotal_kb
78		77
79	init_gpg \|\| error
80	init_samizdat /dev/ram0 '' \|\| {	78	init_samizdat /dev/ram0 '' \|\| {
81	umount /root/cdrom	79	umount /root/cdrom
82	umount /root/outerfs	80	umount /root/outerfs
@@ -94,7 +92,6 @@ case "$1" in
94	mkfs.btrfs -f "$dev"2 \|\| error	92	mkfs.btrfs -f "$dev"2 \|\| error
95	mkdir /plaintext	93	mkdir /plaintext
96	mount "$dev"2 /plaintext \|\| error	94	mount "$dev"2 /plaintext \|\| error
97	init_gpg \|\| error
98		95
99	init_samizdat_blockdev "$dev"3 /plaintext/disk.key \|\| error	96	init_samizdat_blockdev "$dev"3 /plaintext/disk.key \|\| error
100	init_samizdat /dev/mapper/samizdatcrypt '' \|\| error	97	init_samizdat /dev/mapper/samizdatcrypt '' \|\| error
@@ -106,10 +103,7 @@ case "$1" in
106	boot-native)	103	boot-native)
107	dev="$2"	104	dev="$2"
108	umount /plaintext \|\| true	105	umount /plaintext \|\| true
109	mkdir /plaintext	106	open_samizdat_blockdev "$dev"3 - \|\| error
110	mount "$dev"2 /plaintext \|\| error
111	init_gpg \|\| error
112	open_samizdat_blockdev "$dev"3 /plaintext/disk.key \|\| error
113	open_samizdat \|\| error open_samizdat	107	open_samizdat \|\| error open_samizdat
114	bootdone root-mounted	108	bootdone root-mounted
115	;;	109	;;
@@ -128,8 +122,6 @@ case "$1" in
128	rm "$loopfile" "$loopfile"k	122	rm "$loopfile" "$loopfile"k
129	fi	123	fi
130		124
131	init_gpg \|\| error
132
133	if [ "$1" = 'boot-luks' ]; then	125	if [ "$1" = 'boot-luks' ]; then
134	open_samizdat_blockdev_from_loop "$loopfile" "$loopfile"k \|\| error	126	open_samizdat_blockdev_from_loop "$loopfile" "$loopfile"k \|\| error
135	open_samizdat \|\| error open_samizdat	127	open_samizdat \|\| error open_samizdat


diff --git a/src/partvi b/src/partvi index 54e534c..e34eef6 100755 --- a/src/partvi +++ b/src/partvi
@@ -298,7 +298,6 @@ copy_data_to_mounted_target_filesystems()
298	$sudo systemd-run -p BindPaths="$(realpath -e "$mnt"):/boot" --wait update-grub	298	$sudo systemd-run -p BindPaths="$(realpath -e "$mnt"):/boot" --wait update-grub
299	;;	299	;;
300	samizdat-keys)	300	samizdat-keys)
301	$sudo rsync -a --info=STATS "$GPG_INPUT_DIR"/ "$mnt"/gnupghome/
302	;;	301	;;
303	efi-system-partition)	302	efi-system-partition)
304	EFI_DIR=$mnt	303	EFI_DIR=$mnt
@@ -319,18 +318,6 @@ then sudo=
319	else sudo=sudo	318	else sudo=sudo
320	fi	319	fi
321		320
322	if [ "$GPG_INPUT_DIR" ]
323	then
324	$sudo [ -d "$GPG_INPUT_DIR" ]
325	else
326	for d in /root/.gnupg /cdrom/gnupghome
327	do
328	$sudo [ -d "$d" ] \|\| continue
329	GPG_INPUT_DIR=$d
330	break
331	done
332	fi
333
334	SKIP_ROOTFS_COPY=	321	SKIP_ROOTFS_COPY=
335	if [ "$1" = 'key' ]	322	if [ "$1" = 'key' ]
336	then	323	then