summaryrefslogtreecommitdiff
path: root/src/initrd/btrfs-create.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/initrd/btrfs-create.sh')
-rw-r--r--src/initrd/btrfs-create.sh52
1 files changed, 4 insertions, 48 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 894d835..5a43977 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -5,21 +5,6 @@
5 5
6losetup() { /sbin/losetup "$@"; } 6losetup() { /sbin/losetup "$@"; }
7 7
8luks_secret()
9{
10 local parms=$-; # this junk keeps set -x from being too annoying
11 set +x
12 [ -n "$luks_secret" ] || luks_secret="$(head -c256 /dev/urandom)"
13 printf %s "$luks_secret"
14 case $parms in *x*) set -x; set -x ;; esac
15}
16
17floor4()
18{
19 # Negatives round up, but aren't used.
20 echo $(($1 / 4 * 4))
21}
22
23ceil4() 8ceil4()
24{ 9{
25 local x="$1" 10 local x="$1"
@@ -205,11 +190,8 @@ initialize_root_filesystem()
205 done 190 done
206 chroot /root chown -R u:u ${uhome} 191 chroot /root chown -R u:u ${uhome}
207 192
208 mv /root/root/.gnupg /root/root/.gnupg~
209 mv /gpg/gnupghome /root/root/.gnupg || return
210
211 copy_execs sbin mdadm dmsetup cryptsetup fsck.hfsplus 193 copy_execs sbin mdadm dmsetup cryptsetup fsck.hfsplus
212 copy_execs bin btrfs rsync gpg gpg2 gpg-agent 194 copy_execs bin btrfs rsync
213 195
214 # Copy these over unconditionally, because they ought to remain in sync with 196 # Copy these over unconditionally, because they ought to remain in sync with
215 # the initrd. 197 # the initrd.
@@ -333,8 +315,7 @@ open_samizdat_blockdev()
333 315
334 if [ ! -e "$decrypted_keyfile" ] 316 if [ ! -e "$decrypted_keyfile" ]
335 then 317 then
336 gpg2 --verify "$keyfile" || return 318 echo -n secret > "$decrypted_keyfile"
337 gpg2 --output=- --verify "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
338 fi 319 fi
339 320
340 cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return 321 cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return
@@ -349,12 +330,9 @@ init_samizdat_blockdev()
349 330
350 [ ! -b /dev/mapper/"$cryptname" ] || return 331 [ ! -b /dev/mapper/"$cryptname" ] || return
351 332
352 luks_secret >/dev/null 333 echo -n secret | cryptsetup -v luksFormat "$dev" - || return
353 luks_secret | gpg2 --default-recipient-self --encrypt --armor | gpg2 --clearsign --output "$keyfile" || return
354
355 luks_secret | cryptsetup -v luksFormat "$dev" - || return
356 cryptsetup luksDump "$dev" >&2 334 cryptsetup luksDump "$dev" >&2
357 luks_secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return 335 echo -n secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return
358 336
359 [ -b /dev/mapper/"$cryptname" ] || return 337 [ -b /dev/mapper/"$cryptname" ] || return
360} 338}
@@ -415,28 +393,6 @@ get_cdrom_sizelimit()
415 fi 393 fi
416} 394}
417 395
418init_gpg()
419{
420 export GNUPGHOME=/gpg/gnupghome
421 mkdir -p "$GNUPGHOME"
422 if [ -e /gnupghome.tar ]; then
423 tar -C "$GNUPGHOME" -zxf /gnupghome.tar && bootdone samizdat-gpg
424 return
425 else
426 bootwait samizdat-cdrom
427 (umask 077; rsync --exclude '/luks-key*' --ignore-existing -rpP /cdrom/gnupghome/ "$GNUPGHOME")
428 bootdone samizdat-gpg
429 fi
430
431 local LOG_DIR=/run/initramfs/samizdat/log
432 if samizdat-password-agent > "$LOG_DIR"/samizdat-password-agent.log 2>&1; then
433 true
434 else
435 echo 'samizdat-password-agent failed; continuing in hope of hope...'
436 true # false
437 fi
438}
439
440start_meter() 396start_meter()
441{ 397{
442 local startmsg="$*" 398 local startmsg="$*"
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 16:37:47 +0000