← Back to branch summary

~timrchavez/live-build/lb-sg-2.x-add-suppport-for-pxz

« back to all changes in this revision

Viewing changes to scripts/build/binary_encryption

  • Committer: Daniel Baumann
  • Date: 2011-03-09 18:17:15 UTC
  • Revision ID: daniel@debian.org-20110309181715-2s6s9tqa8xup5aep
Rearranging helpers scripts in source tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
scripts/build/binary_encryption
 
1
#!/bin/sh
 
2
 
 
3
# lh_binary_encryption(1) - encrypts rootfs
 
4
# Copyright (C) 2006-2010 Daniel Baumann <daniel@debian.org>
 
5
#
 
6
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
 
7
# This is free software, and you are welcome to redistribute it
 
8
# under certain conditions; see COPYING for details.
 
9
 
 
10
set -e
 
11
 
 
12
# Including common functions
 
13
. "${LH_BASE:-/usr/share/live-helper}"/scripts/build.sh
 
14
 
 
15
# Setting static variables
 
16
DESCRIPTION="$(Echo 'encrypts rootfs')"
 
17
HELP=""
 
18
USAGE="${PROGRAM} [--force]"
 
19
 
 
20
Arguments "${@}"
 
21
 
 
22
# Reading configuration files
 
23
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
 
24
Set_defaults
 
25
 
 
26
if [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ]
 
27
then
 
28
        exit 0
 
29
fi
 
30
 
 
31
case "${LH_ENCRYPTION}" in
 
32
        aes128|aes192|aes256)
 
33
                ;;
 
34
        ""|false)
 
35
                exit 0
 
36
                ;;
 
37
        *)
 
38
                Echo_error "Encryption type %s not supported." "${LH_ENCRYPTION}"
 
39
                exit 1
 
40
                ;;
 
41
esac
 
42
 
 
43
case "${LH_CHROOT_FILESYSTEM}" in
 
44
        ext2|squashfs)
 
45
                ;;
 
46
 
 
47
        *)
 
48
                Echo_error "Encryption not yet supported on %s filesystems." "${LH_CHROOT_FILESYSTEM}"
 
49
                exit 1
 
50
                ;;
 
51
esac
 
52
 
 
53
Echo_message "Begin encrypting root filesystem image..."
 
54
 
 
55
# Requiring stage file
 
56
Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs
 
57
 
 
58
# Checking stage file
 
59
Check_stagefile .stage/binary_encryption
 
60
 
 
61
# Checking lock file
 
62
Check_lockfile .lock
 
63
 
 
64
# Creating lock file
 
65
Create_lockfile .lock
 
66
 
 
67
case "${LH_INITRAMFS}" in
 
68
        casper)
 
69
                INITFS="casper"
 
70
                ;;
 
71
 
 
72
        live-initramfs)
 
73
                INITFS="live"
 
74
                ;;
 
75
esac
 
76
 
 
77
# Checking depends
 
78
Check_package chroot/usr/bin/aespipe aespipe
 
79
 
 
80
# Restoring cache
 
81
Restore_cache cache/packages_binary
 
82
 
 
83
# Installing depends
 
84
Install_package
 
85
 
 
86
Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LH_CHROOT_FILESYSTEM}" "${LH_ENCRYPTION}"
 
87
 
 
88
if [ "${LH_BUILD_WITH_CHROOT}" = "true" ]
 
89
then
 
90
        # Moving image
 
91
        mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
 
92
fi
 
93
 
 
94
while true
 
95
do
 
96
        echo
 
97
        echo " **************************************"
 
98
        Echo " ** Configuring encrypted filesystem **"
 
99
        echo " **************************************"
 
100
        Echo " (Passwords must be at least 20 characters long)"
 
101
        echo
 
102
 
 
103
        case "${LH_BUILD_WITH_CHROOT}" in
 
104
                true)
 
105
                        if Chroot chroot aespipe -e ${LH_ENCRYPTION} -T \
 
106
                                < chroot/filesystem.${LH_CHROOT_FILESYSTEM} \
 
107
                                > chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
 
108
                        then
 
109
                                mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
 
110
                                break
 
111
                        fi
 
112
                        ;;
 
113
                false)
 
114
                        if aespipe -e ${LH_ENCRYPTION} -T \
 
115
                                < binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \
 
116
                                > binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
 
117
                        then
 
118
                                mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
 
119
                                break
 
120
                        fi
 
121
                        ;;
 
122
        esac
 
123
 
 
124
        printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
 
125
        read ANSWER
 
126
 
 
127
        if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
 
128
        then
 
129
                unset ANSWER
 
130
                break
 
131
        fi
 
132
done
 
133
        
 
134
# Cleanup temporary filesystems
 
135
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}
 
136
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
 
137
rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
 
138
 
 
139
# Saving cache
 
140
Save_cache cache/packages_binary
 
141
 
 
142
# Removing depends
 
143
Remove_package
 
144
 
 
145
# Creating stage file
 
146
Create_stagefile .stage/binary_encryption