mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-19 19:40:37 +02:00
'finished encrypt'
This commit is contained in:
parent
e96b0a6cda
commit
b22ef424ff
1 changed files with 58 additions and 12 deletions
|
@ -287,11 +287,13 @@ findbootloaderpartitions() {
|
||||||
# $(cat /proc/mdstat 2>/dev/null | grep $part)
|
# $(cat /proc/mdstat 2>/dev/null | grep $part)
|
||||||
#- part of lvm2 device
|
#- part of lvm2 device
|
||||||
# $(fstype 2>/dev/null </dev/$part | grep "lvm2")
|
# $(fstype 2>/dev/null </dev/$part | grep "lvm2")
|
||||||
|
# part of luks device
|
||||||
|
# $(fstype 2>/dev/null </dev/$part | grep "luks")
|
||||||
#- extended partition
|
#- extended partition
|
||||||
# $(sfdisk -c /dev/$disk $(echo $part | sed -e "s#$disk##g") 2>/dev/null | grep "5")
|
# $(sfdisk -c /dev/$disk $(echo $part | sed -e "s#$disk##g") 2>/dev/null | grep "5")
|
||||||
#- partitionable raid partition
|
#- extended partition on raid partition device
|
||||||
# $(echo $part | grep md_d[0-9])
|
# $(sfdisk -c /dev/$disk $(echo $part | sed -e "s#$disk\p##g" 2>/dev/null | grep "5")
|
||||||
if ! [ "$(cat /proc/mdstat 2>/dev/null | grep $part)" -o "$(fstype 2>/dev/null </dev/$part | grep "lvm2")" -o "$(sfdisk -c /dev/$disk $(echo $part | sed -e "s#$disk##g") 2>/dev/null | grep "5")" -o "$(echo $part | grep md_d[0-9])" ]; then
|
if ! [ "$(cat /proc/mdstat 2>/dev/null | grep $part)" -o "$(fstype 2>/dev/null </dev/$part | grep "lvm2")" -o "$(fstype 2>/dev/null </dev/$part | grep "luks")" -o "$(sfdisk -c /dev/$disk $(echo $part | sed -e "s#$disk##g") 2>/dev/null | grep "5")" -o "$(sfdisk -c /dev/$disk $(echo $part | sed -e "s#$disk\p##g") 2>/dev/null | grep "5")" ]; then
|
||||||
if [ -d $block/$disk/$part ]; then
|
if [ -d $block/$disk/$part ]; then
|
||||||
echo "/dev/$part"
|
echo "/dev/$part"
|
||||||
[ "$1" ] && echo $1
|
[ "$1" ] && echo $1
|
||||||
|
@ -602,6 +604,7 @@ _stopluks()
|
||||||
dd if=/dev/zero of=$LUKS_REAL_DEVICE bs=512 count=10
|
dd if=/dev/zero of=$LUKS_REAL_DEVICE bs=512 count=10
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
[ -e /tmp/.crypttab ] && rm /tmp/.crypttab
|
||||||
}
|
}
|
||||||
|
|
||||||
#helpbox for raid
|
#helpbox for raid
|
||||||
|
@ -1070,7 +1073,30 @@ _createlv()
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# create luks deviclu
|
# help for luks
|
||||||
|
_helpluks()
|
||||||
|
{
|
||||||
|
DIALOG --msgbox "LUKS ENCRYPTION SUMMARY:\n
|
||||||
|
-----------------------------\n\n
|
||||||
|
Encryption is useful for two (related) reasons.\n
|
||||||
|
Firstly, it prevents anyone with physical access to your computer,\n
|
||||||
|
and your hard drive in particular, from getting the data from it\n
|
||||||
|
(unless they have your passphrase/key).\n
|
||||||
|
Secondly, it allows you to wipe the data on your hard drive with\n
|
||||||
|
far more confidence in the event of you selling or discarding\n
|
||||||
|
your drive.\n
|
||||||
|
Basically, it supplements the access control mechanisms of the operating\n
|
||||||
|
system (like file permissions) by making it harder to bypass the operating\n
|
||||||
|
system by inserting a boot CD, for example. Encrypting the root partition\n
|
||||||
|
prevents anyone from using this method to insert viruses or trojans onto\n
|
||||||
|
your computer.\n\n
|
||||||
|
ATTENTION:\n
|
||||||
|
Having encrypted partitions does not protect you from all possible\n
|
||||||
|
attacks. The encryption is only as good as your key management, and there\n
|
||||||
|
are other ways to break into computers, while they are running." 0 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# create luks device
|
||||||
_luks()
|
_luks()
|
||||||
{
|
{
|
||||||
LUKSFINISH=""
|
LUKSFINISH=""
|
||||||
|
@ -1131,6 +1157,8 @@ _luks()
|
||||||
cryptsetup -c aes-xts-plain -s 512 luksFormat $PART >$LOG <$LUKSPASSPHRASE
|
cryptsetup -c aes-xts-plain -s 512 luksFormat $PART >$LOG <$LUKSPASSPHRASE
|
||||||
DIALOG --infobox "Opening encrypted $PART..." 0 0
|
DIALOG --infobox "Opening encrypted $PART..." 0 0
|
||||||
cryptsetup luksOpen $PART $LUKSDEVICE >$LOG <$LUKSPASSPHRASE
|
cryptsetup luksOpen $PART $LUKSDEVICE >$LOG <$LUKSPASSPHRASE
|
||||||
|
LUKSPASSPHRASE="$(cat $LUKSPASSPHRASE)"
|
||||||
|
echo $LUKSDEVICE $PART $LUKSPASSPHRASE >> /tmp/.crypttab
|
||||||
rm /tmp/.passphrase
|
rm /tmp/.passphrase
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1730,6 +1758,7 @@ installpkg() {
|
||||||
auto_addons
|
auto_addons
|
||||||
auto_fstab
|
auto_fstab
|
||||||
auto_mdadm
|
auto_mdadm
|
||||||
|
auto_luks
|
||||||
auto_locale
|
auto_locale
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1964,14 +1993,25 @@ ROOTFS="$(blkid -c /dev/null $PART_ROOT -o value -s TYPE)"
|
||||||
}
|
}
|
||||||
|
|
||||||
getraidarrays() {
|
getraidarrays() {
|
||||||
|
RAIDARRAYS=""
|
||||||
if ! [ "$(grep ^ARRAY $DESTDIR/etc/mdadm.conf)" ]; then
|
if ! [ "$(grep ^ARRAY $DESTDIR/etc/mdadm.conf)" ]; then
|
||||||
RAIDARRAYS="$(echo -n $(cat /proc/mdstat 2>/dev/null | grep ^md | sed -e 's#\[[0-9]\]##g' -e 's# :.* raid[0-9]##g' -e 's#md#md=#g' -e 's# #,/dev/#g' -e 's#_##g'))"
|
RAIDARRAYS="$(echo -n $(cat /proc/mdstat 2>/dev/null | grep ^md | sed -e 's#\[[0-9]\]##g' -e 's# :.* raid[0-9]##g' -e 's#md#md=#g' -e 's# #,/dev/#g' -e 's#_##g'))"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
getcryptsetup() {
|
||||||
|
CRYPTSETUP=""
|
||||||
|
if [ "$(cryptsetup status $(basename $PART_ROOT))" ]; then
|
||||||
|
CRYPTDEVICE="$(echo $(cryptsetup status $(basename $PART_ROOT) | grep device: | sed -e 's#device:##g'))"
|
||||||
|
CRYPTNAME="$(basename $PART_ROOT)"
|
||||||
|
CRYPTSETUP="cryptdevice=$CRYPTDEVICE:$CRYPTNAME"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
dolilo() {
|
dolilo() {
|
||||||
getrootfs
|
getrootfs
|
||||||
getraidarrays
|
getraidarrays
|
||||||
|
getcryptsetup
|
||||||
if [ ! -f $DESTDIR/etc/lilo.conf ]; then
|
if [ ! -f $DESTDIR/etc/lilo.conf ]; then
|
||||||
DIALOG --msgbox "Error: Couldn't find $DESTDIR/etc/lilo.conf. Is LILO installed?" 0 0
|
DIALOG --msgbox "Error: Couldn't find $DESTDIR/etc/lilo.conf. Is LILO installed?" 0 0
|
||||||
return 1
|
return 1
|
||||||
|
@ -1984,9 +2024,9 @@ dolilo() {
|
||||||
if [ -n "${_uuid}" ]; then
|
if [ -n "${_uuid}" ]; then
|
||||||
_rootpart="/dev/disk/by-uuid/${_uuid}"
|
_rootpart="/dev/disk/by-uuid/${_uuid}"
|
||||||
fi
|
fi
|
||||||
sed -i "s|.*root=.*$|append=\"root=${_rootpart} rootfstype=$ROOTFS $RAIDARRAYS\"|g" $DESTDIR/etc/lilo.conf
|
sed -i "s|.*root=.*$|append=\"root=${_rootpart} rootfstype=$ROOTFS $RAIDARRAYS $CRYPTSETUP\"|g" $DESTDIR/etc/lilo.conf
|
||||||
else
|
else
|
||||||
sed -i "s|.*root=.*$|append=\"root=${PART_ROOT} rootfstype=$ROOTFS $RAIDARRAYS\"|g" $DESTDIR/etc/lilo.conf
|
sed -i "s|.*root=.*$|append=\"root=${PART_ROOT} rootfstype=$ROOTFS $RAIDARRAYS $CRYPTSETUP\"|g" $DESTDIR/etc/lilo.conf
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
DEVS="$(findbootloaderdisks _)"
|
DEVS="$(findbootloaderdisks _)"
|
||||||
|
@ -2022,6 +2062,7 @@ dogrub() {
|
||||||
redundant=""
|
redundant=""
|
||||||
getrootfs
|
getrootfs
|
||||||
getraidarrays
|
getraidarrays
|
||||||
|
getcryptsetup
|
||||||
get_grub_map
|
get_grub_map
|
||||||
FAIL_RAID=""
|
FAIL_RAID=""
|
||||||
FAIL_LVM=""
|
FAIL_LVM=""
|
||||||
|
@ -2124,9 +2165,9 @@ dogrub() {
|
||||||
echo "title Arch Linux" >>$DESTDIR/boot/grub/menu.lst
|
echo "title Arch Linux" >>$DESTDIR/boot/grub/menu.lst
|
||||||
echo "root $grubdev" >>$DESTDIR/boot/grub/menu.lst
|
echo "root $grubdev" >>$DESTDIR/boot/grub/menu.lst
|
||||||
if [ "$UUIDPARAMETER" = "yes" ]; then
|
if [ "$UUIDPARAMETER" = "yes" ]; then
|
||||||
echo "kernel $subdir/$VMLINUZ root=${_rootpart} rootfstype=$ROOTFS $RAIDARRAYS ro" >>$DESTDIR/boot/grub/menu.lst
|
echo "kernel $subdir/$VMLINUZ root=${_rootpart} rootfstype=$ROOTFS $RAIDARRAYS $CRYPTSETUP ro" >>$DESTDIR/boot/grub/menu.lst
|
||||||
else
|
else
|
||||||
echo "kernel $subdir/$VMLINUZ root=$PART_ROOT rootfstype=$ROOTFS $RAIDARRAYS ro" >>$DESTDIR/boot/grub/menu.lst
|
echo "kernel $subdir/$VMLINUZ root=$PART_ROOT rootfstype=$ROOTFS $RAIDARRAYS $CRYPTSETUP ro" >>$DESTDIR/boot/grub/menu.lst
|
||||||
fi
|
fi
|
||||||
echo "initrd $subdir/kernel26.img" >>$DESTDIR/boot/grub/menu.lst
|
echo "initrd $subdir/kernel26.img" >>$DESTDIR/boot/grub/menu.lst
|
||||||
echo "" >>$DESTDIR/boot/grub/menu.lst
|
echo "" >>$DESTDIR/boot/grub/menu.lst
|
||||||
|
@ -2500,8 +2541,7 @@ _createluks()
|
||||||
"1" "Luks Help" \
|
"1" "Luks Help" \
|
||||||
"2" "Reset Luks Encryption completely" \
|
"2" "Reset Luks Encryption completely" \
|
||||||
"3" "Create Luks" \
|
"3" "Create Luks" \
|
||||||
"4" "Create Luks Swap" \
|
"4" "Return to Previous Menu" 2>$ANSWER || CANCEL="1"
|
||||||
"5" "Return to Previous Menu" 2>$ANSWER || CANCEL="1"
|
|
||||||
NEXTITEM="$(cat $ANSWER)"
|
NEXTITEM="$(cat $ANSWER)"
|
||||||
case $(cat $ANSWER) in
|
case $(cat $ANSWER) in
|
||||||
"1")
|
"1")
|
||||||
|
@ -2510,8 +2550,6 @@ _createluks()
|
||||||
_stopluks ;;
|
_stopluks ;;
|
||||||
"3")
|
"3")
|
||||||
_luks ;;
|
_luks ;;
|
||||||
"4")
|
|
||||||
_luksswap ;;
|
|
||||||
*)
|
*)
|
||||||
LUKSDONE=1 ;;
|
LUKSDONE=1 ;;
|
||||||
esac
|
esac
|
||||||
|
@ -2639,6 +2677,14 @@ auto_parameters()
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
auto_luks()
|
||||||
|
{
|
||||||
|
if [ -e /tmp/.crypttab -a "$(grep -v '^#' ${DESTDIR}/etc/crypttab)" = "" ]; then
|
||||||
|
sed -i -e "/$(basename ${PART_ROOT})/d" /tmp/.crypttab
|
||||||
|
cat /tmp/.crypttab >> ${DESTDIR}/etc/crypttab
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
auto_timesetting()
|
auto_timesetting()
|
||||||
{
|
{
|
||||||
TIMEZONE=""
|
TIMEZONE=""
|
||||||
|
|
Loading…
Reference in a new issue