diff options
Diffstat (limited to 'src/initrd/btrfs-create.sh')
-rw-r--r-- | src/initrd/btrfs-create.sh | 52 |
1 files changed, 4 insertions, 48 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index 894d835..5a43977 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh | |||
@@ -5,21 +5,6 @@ | |||
5 | 5 | ||
6 | losetup() { /sbin/losetup "$@"; } | 6 | losetup() { /sbin/losetup "$@"; } |
7 | 7 | ||
8 | luks_secret() | ||
9 | { | ||
10 | local parms=$-; # this junk keeps set -x from being too annoying | ||
11 | set +x | ||
12 | [ -n "$luks_secret" ] || luks_secret="$(head -c256 /dev/urandom)" | ||
13 | printf %s "$luks_secret" | ||
14 | case $parms in *x*) set -x; set -x ;; esac | ||
15 | } | ||
16 | |||
17 | floor4() | ||
18 | { | ||
19 | # Negatives round up, but aren't used. | ||
20 | echo $(($1 / 4 * 4)) | ||
21 | } | ||
22 | |||
23 | ceil4() | 8 | ceil4() |
24 | { | 9 | { |
25 | local x="$1" | 10 | local x="$1" |
@@ -205,11 +190,8 @@ initialize_root_filesystem() | |||
205 | done | 190 | done |
206 | chroot /root chown -R u:u ${uhome} | 191 | chroot /root chown -R u:u ${uhome} |
207 | 192 | ||
208 | mv /root/root/.gnupg /root/root/.gnupg~ | ||
209 | mv /gpg/gnupghome /root/root/.gnupg || return | ||
210 | |||
211 | copy_execs sbin mdadm dmsetup cryptsetup fsck.hfsplus | 193 | copy_execs sbin mdadm dmsetup cryptsetup fsck.hfsplus |
212 | copy_execs bin btrfs rsync gpg gpg2 gpg-agent | 194 | copy_execs bin btrfs rsync |
213 | 195 | ||
214 | # Copy these over unconditionally, because they ought to remain in sync with | 196 | # Copy these over unconditionally, because they ought to remain in sync with |
215 | # the initrd. | 197 | # the initrd. |
@@ -333,8 +315,7 @@ open_samizdat_blockdev() | |||
333 | 315 | ||
334 | if [ ! -e "$decrypted_keyfile" ] | 316 | if [ ! -e "$decrypted_keyfile" ] |
335 | then | 317 | then |
336 | gpg2 --verify "$keyfile" || return | 318 | echo -n secret > "$decrypted_keyfile" |
337 | gpg2 --output=- --verify "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return | ||
338 | fi | 319 | fi |
339 | 320 | ||
340 | cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return | 321 | cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return |
@@ -349,12 +330,9 @@ init_samizdat_blockdev() | |||
349 | 330 | ||
350 | [ ! -b /dev/mapper/"$cryptname" ] || return | 331 | [ ! -b /dev/mapper/"$cryptname" ] || return |
351 | 332 | ||
352 | luks_secret >/dev/null | 333 | echo -n secret | cryptsetup -v luksFormat "$dev" - || return |
353 | luks_secret | gpg2 --default-recipient-self --encrypt --armor | gpg2 --clearsign --output "$keyfile" || return | ||
354 | |||
355 | luks_secret | cryptsetup -v luksFormat "$dev" - || return | ||
356 | cryptsetup luksDump "$dev" >&2 | 334 | cryptsetup luksDump "$dev" >&2 |
357 | luks_secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return | 335 | echo -n secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return |
358 | 336 | ||
359 | [ -b /dev/mapper/"$cryptname" ] || return | 337 | [ -b /dev/mapper/"$cryptname" ] || return |
360 | } | 338 | } |
@@ -415,28 +393,6 @@ get_cdrom_sizelimit() | |||
415 | fi | 393 | fi |
416 | } | 394 | } |
417 | 395 | ||
418 | init_gpg() | ||
419 | { | ||
420 | export GNUPGHOME=/gpg/gnupghome | ||
421 | mkdir -p "$GNUPGHOME" | ||
422 | if [ -e /gnupghome.tar ]; then | ||
423 | tar -C "$GNUPGHOME" -zxf /gnupghome.tar && bootdone samizdat-gpg | ||
424 | return | ||
425 | else | ||
426 | bootwait samizdat-cdrom | ||
427 | (umask 077; rsync --exclude '/luks-key*' --ignore-existing -rpP /cdrom/gnupghome/ "$GNUPGHOME") | ||
428 | bootdone samizdat-gpg | ||
429 | fi | ||
430 | |||
431 | local LOG_DIR=/run/initramfs/samizdat/log | ||
432 | if samizdat-password-agent > "$LOG_DIR"/samizdat-password-agent.log 2>&1; then | ||
433 | true | ||
434 | else | ||
435 | echo 'samizdat-password-agent failed; continuing in hope of hope...' | ||
436 | true # false | ||
437 | fi | ||
438 | } | ||
439 | |||
440 | start_meter() | 396 | start_meter() |
441 | { | 397 | { |
442 | local startmsg="$*" | 398 | local startmsg="$*" |