OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git


								#!/bin/bash

								# --- ROCK-COPYRIGHT-NOTE-BEGIN ---

								#

								# This copyright note is auto-generated by ./scripts/Create-CopyPatch.

								# Please add additional copyright information _after_ the line containing

								# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by

								# the ./scripts/Create-CopyPatch script. Do not edit this copyright text!

								#

								# ROCK Linux: rock-src/target/lvp/x86/release_skeleton/scripts/encrypted

								# ROCK Linux is Copyright (C) 1998 - 2006 Clifford Wolf

								#

								# This program is free software; you can redistribute it and/or modify

								# it under the terms of the GNU General Public License as published by

								# the Free Software Foundation; either version 2 of the License, or

								# (at your option) any later version. A copy of the GNU General Public

								# License can be found at Documentation/COPYING.

								#

								# Many people helped and are helping developing ROCK Linux. Please

								# have a look at http://www.rocklinux.org/ and the Documentation/TEAM

								# file for details.

								#

								# --- ROCK-COPYRIGHT-NOTE-END ---


								type_encrypted="encrypted"

								entrosource="${LVP_ENTROPY_SOURCE}"


								process_encrypted(){

									target="livesystem"


									echo "Loading kernel module for linear mode"

									grep -q linear /proc/mdstat || modprobe linear

									if ! grep -q linear /proc/mdstat ; then

										echo "Sorry, you don't have linear RAID support in your kernel."

										echo "Since V0.4.2 this is required for encrypted LVPs to use"

										echo "available disk space more efficiently."

										exit 1

									fi

									modprobe dm_mod 2>/dev/null

									modprobe dm_crypt 2>/dev/null

									modprobe aes_i586 2>/dev/null

									if [ ! -c /dev/mapper/control ] || ! grep -q aes /proc/crypto ; then

										echo "There seems to be a problem with your crypto support."

										echo "Please make sure that you have both the device mapper"

										echo "and its crypto support running as well as support for"

										echo "the aes cipher."

										exit 1

									fi


									echo -n "Checking necessary filesystem size ... "

									filesize=0


									while read file ; do

										[ -f "${file}" ] || continue

										thisfilesize=`ls -l "${file}" | sed 's,[ \t][ \t]*, ,g' | cut -f5 -d' '`

										filesize=$(( ${filesize} + ${thisfilesize} ))

									done < ${moviefiles}


									echo "${filesize} Byte (`human_readable ${filesize}`)"


									echo -n "Checking Livesystem size ... "

									livesize=`du -sb ${target} --exclude=lvp.data? | cut -f1`

									livesize=$(( ${livesize} + `du -sb isolinux | cut -f1` ))

									echo "`human_readable ${livesize}`"

									filesize=$(( ${filesize} + ${livesize} ))

									echo

									echo "Total space needed: $(( ${filesize} / 1024 / 1024 )) MB"


									if [ $(( ${filesize} / 1024 / 1024 )) -gt ${size} ] ; then

										echo

										echo "This may be more than fits onto your medium."

										echo "You specified ${size} MB to fit onto your medium."

										echo "If you are sure that this is okay, please continue."

										echo "If not, please truncate your filelist."

										confirm "Continue"

										[ ${?} -eq 1 ] && exit 1

									fi


									echo "Searching for free loopdevices ..."


									filesize=$(( ( ${size} * 1048576 ) - ${livesize} ))

									needed_pseudofs=$(( (${filesize} / 2147481600) + 1 ))

									needed_loopdevices=${needed_pseudofs}

									for loopdevice in /dev/loop/* ; do

										[ ${needed_loopdevices} -eq 0 ] && continue

										if losetup ${loopdevice} ${moviefiles} 2>/dev/null ; then

											# I reuse the ${moviefiles} tmpfile here since

											# associating it with a loopdevice doesn't do any harm

											echo "Using ${loopdevice}"

											eval "loopdevice_${needed_loopdevices}=\"${loopdevice}\""

											losetup -d ${loopdevice}

											needed_loopdevices=$(( ${needed_loopdevices} - 1 ))

										fi

									done


									if [ ${needed_loopdevices} -gt 0 ] ; then

										echo "Not enough free loop-devices found!"

										echo "Please either free ${needed_loopdevices} more loop-devices"

										echo "(check with losetup <loopdevice>) or increase the"

										echo "number of available loop-devices in your kernel."

										exit 1

									fi


									echo "Okay, Now creating files that will hold the pseudo filesystems"

									unset ddparam

									unset cpparam

									[ `dd --help | grep -c stat` -eq 1 ] && ddparam="conv=stat"

									[ `cp --help | grep -c "print copyprogress"` -eq 1 ] && cpparam="-D"


									if [ -e ${target}/lvp.data1 ] ; then

										for x in ${target}/lvp.data* ; do

											if [ ${x##*lvp.data} -gt ${needed_pseudofs} ] ; then\

												echo "Found ${x##*/}, but we don't need it. Deleting it."

												rm -f ${x}

											fi

										done

									fi


									filesystem=0

									while [ ${filesystem} -lt ${needed_pseudofs} ] ; do

										filesystem=$(( ${filesystem} + 1 ))

										echo "Filesystem ${filesystem} of ${needed_pseudofs}"

										file="${target}/lvp.data${filesystem}"


										if [ ${filesystem} -lt ${needed_pseudofs} ] ; then

											size=2147481600 # iso9660 limitation

										else

											size=$(( ${filesize} - ( ${filesystem} - 1 ) * 2147481600 ))

											size=$(( ( ${size} / 2048 ) * 2048 )) # so we have a round number

										fi


										if [ -f ${file} ] ; then

											thisfilesize=`stat -c %s "${file}"`

											if [ ${thisfilesize} -eq ${size} ] ; then

												echo "lvp.data${filesystem} already exists and has correct filesize. Using it."

											else

												echo "lvp.data${filesystem} already exists but has wrong filesize. Deleting it"

												rm -f ${target}/lvp.data${filesystem}

											fi

										fi

										[ -f ${target}/lvp.data${filesystem} ] && continue

										dd if=/dev/${entrosource} of=${target}/lvp.data${filesystem} bs=2k count=$(( ${size} / 2048 )) ${ddparam}

									done


									echo "Creating mountpoint"

									rm -rf ${target}/mnt*

									mkdir ${target}/mnt1


									echo "Now I need a passphrase for encrypting the filesystems."

									passphrase="MEEP"

									passphrase_confirm="MOOP"

									while [ "${passphrase}" != "${passphrase_confirm}" ] ; do

										read -p "Enter passphrase: " -s passphrase

										echo

										if [ "${passphrase:19}" = "" ] ; then

											echo "The Passphrase must be at least 20 characters!"

											passphrase="MEEP"

											passphrase_confirm="MOOP"

											continue

										fi

										read -p "Confirm: " -s passphrase_confirm

										echo

										if [ "${passphrase}" != "${passphrase_confirm}" ] ; then

											echo "The passphrases do not match."

										fi

									done


									echo "Creating filesystems and mounting pseudo-filesystems"

									lvpdata=1

									while [ ${lvpdata} -le ${needed_pseudofs} ] ; do

										eval "lodev=\${loopdevice_${lvpdata}}"

										file="${target}/lvp.data${lvpdata}"


										echo "Setting up loopdevice ${lvpdata}"

										losetup ${lodev} ${file}

										lvpdata=$(( ${lvpdata} + 1 ))

									done


									echo "Setting up linear device"

									mddev=""

									for x in /dev/md/* ; do

										[ -n "${mddev}" ] && break

										mdadm --misc -Q ${x} | grep -q "not active" && mddev="${x}"

									done

									mdloopdevs=""

									lvpdata=1

									while [ ${lvpdata} -le ${needed_pseudofs} ] ; do

										eval "mdloopdevs=\"\${mdloopdevs} \${loopdevice_${lvpdata}}\""

										lvpdata=$(( ${lvpdata} + 1 ))

									done

									${target}/sbin/mdadm --build ${mddev} -l linear --force -n ${needed_pseudofs} ${mdloopdevs}


									passphrase="`echo ${passphrase} | md5sum`"

									passphrase=${passphrase%% *}


									echo 0 `/sbin/blockdev --getsize ${mddev}` crypt aes-plain ${passphrase} 0 ${mddev} 0 | /sbin/dmsetup create lvp_data_$$


									echo "Creating filesystem"

									mkfs.ext2 -m 0 /dev/mapper/lvp_data_$$ >/dev/null 2>&1

									echo "Mounting filesystem"

									mount /dev/mapper/lvp_data_$$ ${target}/mnt1

									rm -rf ${target}/mnt1/*


									continue=0

									while read file ; do

										[ -f "${file}" ] || continue

										[ ${continue} -eq 1 ] && break


										unset targetdir

										thisfile=`stat -c %s "${file}"`

										for dir in ${target}/mnt? ; do

								# I leave this here for historical reasons, maybe we need it again some day

											avail=`df -P ${dir} | grep / | sed 's,  *, ,g' | cut -f4 -d' '`

											avail=$(( ${avail%K} * 1024 ))

											[ -z "${targetdir}" -a ${avail} -gt ${thisfile} ] && targetdir=${dir}

										done


										if [ -z "${targetdir}" ] ; then

											echo "Not enough space available for ${file}. Skipping remaining files." >&2

											continue=1

										fi

										[ ${continue} -eq 1 ] && continue


										echo "Copying ${file} to ${targetdir}/${file##*/}"

										cp ${cpparam} "${file}" "${targetdir}/${file##*/}"


										environment="`echo ${file} | tr '[. \-!]' '_'`"

										eval "export file_${environment##*/}=\"${targetdir#*${target}}/${file##*/}\""

									done < ${moviefiles}


									lvpxml=${target}/mnt1/lvp.xml

									process_create_lvpxml


									echo "Umounting filesystem ${mddev}"

									umount livesystem/mnt1

									echo "Shutting down ${mddev}"

									dmsetup remove /dev/mapper/lvp_data_$$

									mdadm -S ${mddev}


									lvpdata=${needed_pseudofs}

									while [ ${lvpdata} -ge 1 ] ; do

										eval "lodev=\${loopdevice_${lvpdata}}"

										echo "Shutting down loopdevice ${lodev}"

										losetup -d ${lodev}


										lvpdata=$(( ${lvpdata} - 1 ))

									done


									exit 0

								}