|
|
#!/bin/bash# --- ROCK-COPYRIGHT-NOTE-BEGIN ---# # This copyright note is auto-generated by ./scripts/Create-CopyPatch.# Please add additional copyright information _after_ the line containing# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by# the ./scripts/Create-CopyPatch script. Do not edit this copyright text!# # ROCK Linux: rock-src/target/lvp/x86/release_skeleton/scripts/encrypted# ROCK Linux is Copyright (C) 1998 - 2006 Clifford Wolf# # This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; either version 2 of the License, or# (at your option) any later version. A copy of the GNU General Public# License can be found at Documentation/COPYING.# # Many people helped and are helping developing ROCK Linux. Please# have a look at http://www.rocklinux.org/ and the Documentation/TEAM# file for details.# # --- ROCK-COPYRIGHT-NOTE-END ---
type_encrypted="encrypted"entrosource="${LVP_ENTROPY_SOURCE}"
process_encrypted(){ target="livesystem"
echo "Loading kernel module for linear mode" grep -q linear /proc/mdstat || modprobe linear if ! grep -q linear /proc/mdstat ; then echo "Sorry, you don't have linear RAID support in your kernel." echo "Since V0.4.2 this is required for encrypted LVPs to use" echo "available disk space more efficiently." exit 1 fi modprobe dm_mod 2>/dev/null modprobe dm_crypt 2>/dev/null modprobe aes_i586 2>/dev/null if [ ! -c /dev/mapper/control ] || ! grep -q aes /proc/crypto ; then echo "There seems to be a problem with your crypto support." echo "Please make sure that you have both the device mapper" echo "and its crypto support running as well as support for" echo "the aes cipher." exit 1 fi
echo -n "Checking necessary filesystem size ... " filesize=0
while read file ; do [ -f "${file}" ] || continue thisfilesize=`ls -l "${file}" | sed 's,[ \t][ \t]*, ,g' | cut -f5 -d' '` filesize=$(( ${filesize} + ${thisfilesize} )) done < ${moviefiles}
echo "${filesize} Byte (`human_readable ${filesize}`)"
echo -n "Checking Livesystem size ... " livesize=`du -sb ${target} --exclude=lvp.data? | cut -f1` livesize=$(( ${livesize} + `du -sb isolinux | cut -f1` )) echo "`human_readable ${livesize}`" filesize=$(( ${filesize} + ${livesize} )) echo echo "Total space needed: $(( ${filesize} / 1024 / 1024 )) MB"
if [ $(( ${filesize} / 1024 / 1024 )) -gt ${size} ] ; then echo echo "This may be more than fits onto your medium." echo "You specified ${size} MB to fit onto your medium." echo "If you are sure that this is okay, please continue." echo "If not, please truncate your filelist." confirm "Continue" [ ${?} -eq 1 ] && exit 1 fi
echo "Searching for free loopdevices ..."
filesize=$(( ( ${size} * 1048576 ) - ${livesize} )) needed_pseudofs=$(( (${filesize} / 2147481600) + 1 )) needed_loopdevices=${needed_pseudofs} for loopdevice in /dev/loop/* ; do [ ${needed_loopdevices} -eq 0 ] && continue if losetup ${loopdevice} ${moviefiles} 2>/dev/null ; then # I reuse the ${moviefiles} tmpfile here since # associating it with a loopdevice doesn't do any harm echo "Using ${loopdevice}" eval "loopdevice_${needed_loopdevices}=\"${loopdevice}\"" losetup -d ${loopdevice} needed_loopdevices=$(( ${needed_loopdevices} - 1 )) fi done
if [ ${needed_loopdevices} -gt 0 ] ; then echo "Not enough free loop-devices found!" echo "Please either free ${needed_loopdevices} more loop-devices" echo "(check with losetup <loopdevice>) or increase the" echo "number of available loop-devices in your kernel." exit 1 fi
echo "Okay, Now creating files that will hold the pseudo filesystems" unset ddparam unset cpparam [ `dd --help | grep -c stat` -eq 1 ] && ddparam="conv=stat" [ `cp --help | grep -c "print copyprogress"` -eq 1 ] && cpparam="-D"
if [ -e ${target}/lvp.data1 ] ; then for x in ${target}/lvp.data* ; do if [ ${x##*lvp.data} -gt ${needed_pseudofs} ] ; then\ echo "Found ${x##*/}, but we don't need it. Deleting it." rm -f ${x} fi done fi
filesystem=0 while [ ${filesystem} -lt ${needed_pseudofs} ] ; do filesystem=$(( ${filesystem} + 1 )) echo "Filesystem ${filesystem} of ${needed_pseudofs}" file="${target}/lvp.data${filesystem}"
if [ ${filesystem} -lt ${needed_pseudofs} ] ; then size=2147481600 # iso9660 limitation else size=$(( ${filesize} - ( ${filesystem} - 1 ) * 2147481600 )) size=$(( ( ${size} / 2048 ) * 2048 )) # so we have a round number fi
if [ -f ${file} ] ; then thisfilesize=`stat -c %s "${file}"` if [ ${thisfilesize} -eq ${size} ] ; then echo "lvp.data${filesystem} already exists and has correct filesize. Using it." else echo "lvp.data${filesystem} already exists but has wrong filesize. Deleting it" rm -f ${target}/lvp.data${filesystem} fi fi [ -f ${target}/lvp.data${filesystem} ] && continue dd if=/dev/${entrosource} of=${target}/lvp.data${filesystem} bs=2k count=$(( ${size} / 2048 )) ${ddparam} done
echo "Creating mountpoint" rm -rf ${target}/mnt* mkdir ${target}/mnt1
echo "Now I need a passphrase for encrypting the filesystems." passphrase="MEEP" passphrase_confirm="MOOP" while [ "${passphrase}" != "${passphrase_confirm}" ] ; do read -p "Enter passphrase: " -s passphrase echo if [ "${passphrase:19}" = "" ] ; then echo "The Passphrase must be at least 20 characters!" passphrase="MEEP" passphrase_confirm="MOOP" continue fi read -p "Confirm: " -s passphrase_confirm echo if [ "${passphrase}" != "${passphrase_confirm}" ] ; then echo "The passphrases do not match." fi done
echo "Creating filesystems and mounting pseudo-filesystems" lvpdata=1 while [ ${lvpdata} -le ${needed_pseudofs} ] ; do eval "lodev=\${loopdevice_${lvpdata}}" file="${target}/lvp.data${lvpdata}"
echo "Setting up loopdevice ${lvpdata}" losetup ${lodev} ${file} lvpdata=$(( ${lvpdata} + 1 )) done
echo "Setting up linear device" mddev="" for x in /dev/md/* ; do [ -n "${mddev}" ] && break mdadm --misc -Q ${x} | grep -q "not active" && mddev="${x}" done mdloopdevs="" lvpdata=1 while [ ${lvpdata} -le ${needed_pseudofs} ] ; do eval "mdloopdevs=\"\${mdloopdevs} \${loopdevice_${lvpdata}}\"" lvpdata=$(( ${lvpdata} + 1 )) done ${target}/sbin/mdadm --build ${mddev} -l linear --force -n ${needed_pseudofs} ${mdloopdevs}
passphrase="`echo ${passphrase} | md5sum`" passphrase=${passphrase%% *}
echo 0 `/sbin/blockdev --getsize ${mddev}` crypt aes-plain ${passphrase} 0 ${mddev} 0 | /sbin/dmsetup create lvp_data_$$
echo "Creating filesystem" mkfs.ext2 -m 0 /dev/mapper/lvp_data_$$ >/dev/null 2>&1 echo "Mounting filesystem" mount /dev/mapper/lvp_data_$$ ${target}/mnt1 rm -rf ${target}/mnt1/*
continue=0 while read file ; do [ -f "${file}" ] || continue [ ${continue} -eq 1 ] && break
unset targetdir thisfile=`stat -c %s "${file}"` for dir in ${target}/mnt? ; do# I leave this here for historical reasons, maybe we need it again some day avail=`df -P ${dir} | grep / | sed 's, *, ,g' | cut -f4 -d' '` avail=$(( ${avail%K} * 1024 )) [ -z "${targetdir}" -a ${avail} -gt ${thisfile} ] && targetdir=${dir} done
if [ -z "${targetdir}" ] ; then echo "Not enough space available for ${file}. Skipping remaining files." >&2 continue=1 fi [ ${continue} -eq 1 ] && continue
echo "Copying ${file} to ${targetdir}/${file##*/}" cp ${cpparam} "${file}" "${targetdir}/${file##*/}"
environment="`echo ${file} | tr '[. \-!]' '_'`" eval "export file_${environment##*/}=\"${targetdir#*${target}}/${file##*/}\"" done < ${moviefiles}
lvpxml=${target}/mnt1/lvp.xml process_create_lvpxml
echo "Umounting filesystem ${mddev}" umount livesystem/mnt1 echo "Shutting down ${mddev}" dmsetup remove /dev/mapper/lvp_data_$$ mdadm -S ${mddev}
lvpdata=${needed_pseudofs} while [ ${lvpdata} -ge 1 ] ; do eval "lodev=\${loopdevice_${lvpdata}}" echo "Shutting down loopdevice ${lodev}" losetup -d ${lodev}
lvpdata=$(( ${lvpdata} - 1 )) done
exit 0}
|
