OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4991 Commits
1 Branch
0 Tags
34 MiB
 
 
 
 
 
 
Tree: a175ca701c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a175ca701c'
${ noResults }
rocklinux/target/lvp/x86/release_skeleton/scripts/encrypted

236 lines
7.4 KiB
Raw Blame History

#!/bin/bash
type_encrypted="encrypted"
entrosource="${LVP_ENTROPY_SOURCE}"
process_encrypted(){
target="livesystem"
for module in twofish blowfish serpent ; do
eval "encryption_${module}=0"
[ `lsmod | grep -c "loop_${module}"` -eq 0 ] && modprobe loop_${module} >/dev/null 2>&1 # fails for kernel >= 2.5.48 if module already loaded
[ `lsmod | grep -c "loop_${module}"` -eq 1 ] && eval "encryption_${module}=1"
done
encryption_available=0
[ ${encryption_twofish} -eq 1 -o ${encryption_blowfish} -eq 1 -o ${encryption_serpent} -eq 1 ] && \
encryption_available=1
if [ ${encryption_available} -eq 0 ] ; then
echo "Sorry, you do not have loop-aes on your system. Please have a look at"
echo "http://loop-aes.sourceforge.net"
exit 1
fi
eval "avail=\${encryption_${LVP_ENCRYPTION}}"
if [ "${avail}" == "0" ] ; then
echo "Sorry, ${LVP_ENCRYPTION} is not available on your system."
echo "Please check your kernel configuration."
exit 1
fi
echo "Loading kernel module for linear mode"
grep -q linear /proc/mdstat || modprobe linear
if ! grep -q linear /proc/mdstat ; then
echo "Sorry, you don't have linear RAID support in your kernel."
echo "Since V0.4.2 this is required for encrypted LVPs to use"
echo "available disk space more efficiently."
exit 1
fi
echo -n "Checking necessary filesystem size ... "
filesize=0
while read file ; do
[ ! -f "${file}" ] && continue
thisfilesize=`ls -l "${file}" | sed 's,[ \t][ \t]*, ,g' | cut -f5 -d' '`
filesize=$(( ${filesize} + ${thisfilesize} ))
done < ${moviefiles}
echo "${filesize} Byte (`human_readable ${filesize}`)"
echo -n "Checking Livesystem size ... "
livesize=`du -sb ${target} --exclude=lvp.data? | cut -f1`
livesize=$(( ${livesize} + `du -sb isolinux | cut -f1` ))
echo "`human_readable ${livesize}`"
filesize=$(( ${filesize} + ${livesize} ))
echo
echo "Total space needed: $(( ${filesize} / 1024 / 1024 )) MB"
if [ $(( ${filesize} / 1024 / 1024 )) -gt ${size} ] ; then
echo
echo "This may be more than fits onto your medium."
echo "You specified ${size} MB to fit onto your medium."
echo "If you are sure that this is okay, please continue."
echo "If not, please truncate your filelist."
confirm "Continue"
[ ${?} -eq 1 ] && exit 1
fi
echo "Searching for free loopdevices ..."
filesize=$(( ( ${size} * 1048576 ) - ${livesize} ))
needed_pseudofs=$(( (${filesize} / 2147481600) + 1 ))
needed_loopdevices=${needed_pseudofs}
for loopdevice in /dev/loop/* ; do
[ ${needed_loopdevices} -eq 0 ] && continue
if losetup ${loopdevice} ${moviefiles} 2>/dev/null ; then
# I reuse the ${moviefiles} tmpfile here since associating it
# with a loopdevice doesn't do any harm
echo "Using ${loopdevice}"
eval "loopdevice_${needed_loopdevices}=\"${loopdevice}\""
losetup -d ${loopdevice}
needed_loopdevices=$(( ${needed_loopdevices} - 1 ))
fi
done
if [ ${needed_loopdevices} -gt 0 ] ; then
echo "Not enough free loop-devices found!"
echo "Please either free ${needed_loopdevices} more loop-devices"
echo "(check with losetup -a) or increase the"
echo "number of available loop-devices."
exit 1
fi
echo "Okay, Now creating files that will hold the pseudo filesystems"
unset ddparam
unset cpparam
[ `dd --help | grep -c stat` -eq 1 ] && ddparam="conv=stat"
[ `cp --help | grep -c "print copyprogress"` -eq 1 ] && cpparam="-D"
if [ -e ${target}/lvp.data1 ] ; then
for x in ${target}/lvp.data* ; do
if [ ${x##*lvp.data} -gt ${needed_pseudofs} ] ; then\
echo "Found ${x##*/}, but we don't need it. Deleting it."
rm -f ${x}
fi
done
fi
filesystem=0
while [ ${filesystem} -lt ${needed_pseudofs} ] ; do
filesystem=$(( ${filesystem} + 1 ))
echo "Filesystem ${filesystem} of ${needed_pseudofs}"
file="${target}/lvp.data${filesystem}"
if [ ${filesystem} -lt ${needed_pseudofs} ] ; then
size=2147481600 # iso9660 limitation
else
size=$(( ${filesize} - ( ${filesystem} - 1 ) * 2147481600 ))
size=$(( ( ${size} / 2048 ) * 2048 )) # so we have a round number
fi
if [ -f ${file} ] ; then
thisfilesize=`ls -l "${file}" | sed 's, *, ,g' | cut -f5 -d' '`
if [ ${thisfilesize} -eq ${size} ] ; then
echo "lvp.data${filesystem} already exists and has correct filesize. Using it."
else
echo "lvp.data${filesystem} already exists but has wrong filesize. Deleting it"
rm -f ${target}/lvp.data${filesystem}
fi
fi
[ -f ${target}/lvp.data${filesystem} ] && continue
dd if=/dev/${entrosource} of=${target}/lvp.data${filesystem} bs=2k count=$(( ${size} / 2048 )) ${ddparam}
done
echo "Creating mountpoint"
rm -rf ${target}/mnt*
mkdir ${target}/mnt1
echo "Using ${LVP_ENCRYPTION} encryption."
echo "Now I need a passphrase for encrypting the filesystems."
passphrase="MEEP"
passphrase_confirm="MOOP"
while [ "${passphrase}" != "${passphrase_confirm}" ] ; do
read -p "Enter passphrase: " -s passphrase
echo
if [ "${passphrase:20}" = "" ] ; then
echo "The Passphrase must be at least 20 characters!"
passphrase="MEEP"
passphrase_confirm="MOOP"
continue
fi
read -p "Confirm: " -s passphrase_confirm
echo
if [ "${passphrase}" != "${passphrase_confirm}" ] ; then
echo "The passphrases do not match."
fi
done
echo "Creating filesystems and mounting pseudo-filesystems"
lvpdata=1
while [ ${lvpdata} -le ${needed_pseudofs} ] ; do
eval "lodev=\${loopdevice_${lvpdata}}"
file="${target}/lvp.data${lvpdata}"
echo "Setting up loopdevice ${lvpdata}"
echo "${passphrase}" | losetup -p 0 -e ${LVP_ENCRYPTION}256 ${lodev} ${file}
lvpdata=$(( ${lvpdata} + 1 ))
done
echo "Setting up linear device"
mddev=""
for x in /dev/md/* ; do
[ ! -z "${mddev}" ] && break
[ `mdadm --misc -Q ${x} | grep -c "not active"` -eq 1 ] && mddev="${x}"
done
mdloopdevs=""
lvpdata=1
while [ ${lvpdata} -le ${needed_pseudofs} ] ; do
eval "mdloopdevs=\"\${mdloopdevs} \${loopdevice_${lvpdata}}\""
lvpdata=$(( ${lvpdata} + 1 ))
done
${target}/sbin/mdadm --build ${mddev} -l linear --force -n ${needed_pseudofs} ${mdloopdevs}
echo "Creating filesystem on ${mddev}"
mkfs.ext2 -m 0 ${mddev} >/dev/null 2>&1
echo "Mounting filesystem ${mddev}"
mount ${mddev} ${target}/mnt1
rm -rf ${target}/mnt1/*
continue=0
while read file ; do
[ ! -f "${file}" ] && continue
[ ${continue} -eq 1 ] && break
unset targetdir
thisfile=`ls -l "${file}" | sed 's, *, ,g' | cut -f5 -d' '`
for dir in ${target}/mnt? ; do # I leave this here for historical reasons, maybe we need it again some day
avail=`df -P ${dir} | grep / | sed 's, *, ,g' | cut -f4 -d' '`
avail=$(( ${avail} * 1024 ))
[ -z "${targetdir}" -a ${avail} -gt ${thisfile} ] && targetdir=${dir}
done
if [ -z "${targetdir}" ] ; then
echo "Not enough space available for ${file}. Skipping remaining files." >&2
continue=1
fi
[ ${continue} -eq 1 ] && continue
echo "Copying ${file} to ${targetdir}/${file##*/}"
cp ${cpparam} "${file}" "${targetdir}/${file##*/}"
environment="`echo ${file} | tr '[. \-!]' '_'`"
eval "export file_${environment##*/}=\"${targetdir#*${target}}/${file##*/}\""
done < ${moviefiles}
lvpxml=${target}/mnt1/lvp.xml
process_create_lvpxml
echo "Umounting filesystem ${mddev}"
umount ${mddev}
echo "Shutting down ${mddev}"
mdadm -S ${mddev}
lvpdata=${needed_pseudofs}
while [ ${lvpdata} -ge 1 ] ; do
eval "lodev=\${loopdevice_${lvpdata}}"
echo "Shutting down loopdevice ${lodev}"
losetup -d ${lodev}
lvpdata=$(( ${lvpdata} - 1 ))
done
exit 0
}