3
# lh_binary_encryption(1) - encrypts rootfs
4
# Copyright (C) 2006-2010 Daniel Baumann <daniel@debian.org>
6
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
7
# This is free software, and you are welcome to redistribute it
8
# under certain conditions; see COPYING for details.
12
# Including common functions
13
. "${LH_BASE:-/usr/share/live-helper}"/scripts/build.sh
15
# Setting static variables
16
DESCRIPTION="$(Echo 'encrypts rootfs')"
18
USAGE="${PROGRAM} [--force]"
22
# Reading configuration files
23
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
26
if [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ]
31
case "${LH_ENCRYPTION}" in
38
Echo_error "Encryption type %s not supported." "${LH_ENCRYPTION}"
43
case "${LH_CHROOT_FILESYSTEM}" in
48
Echo_error "Encryption not yet supported on %s filesystems." "${LH_CHROOT_FILESYSTEM}"
53
Echo_message "Begin encrypting root filesystem image..."
55
# Requiring stage file
56
Require_stagefile .stage/config .stage/bootstrap .stage/binary_rootfs
59
Check_stagefile .stage/binary_encryption
67
case "${LH_INITRAMFS}" in
78
Check_package chroot/usr/bin/aespipe aespipe
81
Restore_cache cache/packages_binary
86
Echo_message "Encrypting binary/%s/filesystem.%s with %s..." "${INITFS}" "${LH_CHROOT_FILESYSTEM}" "${LH_ENCRYPTION}"
88
if [ "${LH_BUILD_WITH_CHROOT}" = "true" ]
91
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} chroot
97
echo " **************************************"
98
Echo " ** Configuring encrypted filesystem **"
99
echo " **************************************"
100
Echo " (Passwords must be at least 20 characters long)"
103
case "${LH_BUILD_WITH_CHROOT}" in
105
if Chroot chroot aespipe -e ${LH_ENCRYPTION} -T \
106
< chroot/filesystem.${LH_CHROOT_FILESYSTEM} \
107
> chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
109
mv chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
114
if aespipe -e ${LH_ENCRYPTION} -T \
115
< binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM} \
116
> binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
118
mv binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}
124
printf "\nThere was an error configuring encryption ... Retry? [Y/n] "
127
if [ "$(echo "${ANSWER}" | cut -b1 | tr A-Z a-z)" = "n" ]
134
# Cleanup temporary filesystems
135
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}
136
rm -f chroot/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
137
rm -f binary/${INITFS}/filesystem.${LH_CHROOT_FILESYSTEM}.tmp
140
Save_cache cache/packages_binary
145
# Creating stage file
146
Create_stagefile .stage/binary_encryption