Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 126241 Details for
Bug 186909
dev-util/catalyst livecd encryption
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
catalyst_luks_03.patch (text/plain), 9.47 KB, created by
Nelson
on 2007-07-28 16:00:00 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Nelson
Created:
2007-07-28 16:00:00 UTC
Size:
9.47 KB
patch
obsolete
>Index: catalyst/trunk/modules/livecd_stage2_target.py >=================================================================== >--- catalyst/trunk/modules/livecd_stage2_target.py (revision 1234) >+++ catalyst/trunk/modules/livecd_stage2_target.py (working copy) >@@ -22,7 +22,9 @@ > "livecd/root_overlay","livecd/devmanager","livecd/users",\ > "portage_overlay","livecd/cdfstype","livecd/fstype","livecd/fsops",\ > "livecd/linuxrc","livecd/bootargs","gamecd/conf","livecd/xdm",\ >- "livecd/xsession","livecd/volid"]) >+ "livecd/xsession","livecd/volid","encryption/method",\ >+ "encryption/key","encryption/keypath","encryption/keysize",\ >+ "encryption/options"]) > > generic_stage_target.__init__(self,spec,addlargs) > if not self.settings.has_key("livecd/type"): >Index: catalyst/trunk/targets/livecd-stage2/livecd-stage2-controller.sh >=================================================================== >--- catalyst/trunk/targets/livecd-stage2/livecd-stage2-controller.sh (revision 1234) >+++ catalyst/trunk/targets/livecd-stage2/livecd-stage2-controller.sh (working copy) >@@ -102,9 +102,14 @@ > ;; > bootloader) > shift >- # Here is where we poke in our identifier >+ # Here is where we poke in our identifier and the key (if existent) > touch $1/livecd > >+ if [ "${clst_encryption_keypath}" ] >+ then >+ echo "${clst_encryption_keypath}" > $1/livecd >+ fi >+ > # Move over the readme (if applicable) > if [ -n "${clst_livecd_readme}" ] > then >Index: catalyst/trunk/targets/support/target_image_setup.sh >=================================================================== >--- catalyst/trunk/targets/support/target_image_setup.sh (revision 1234) >+++ catalyst/trunk/targets/support/target_image_setup.sh (working copy) >@@ -1,6 +1,7 @@ > > . ${clst_sharedir}/targets/support/functions.sh > . ${clst_sharedir}/targets/support/filesystem-functions.sh >+. ${clst_sharedir}/targets/support/encryption-functions.sh > > # Make the directory if it doesnt exist > mkdir -p $1 >@@ -41,4 +42,10 @@ > then > die "Filesystem not setup" > fi >-exit $loopret >+ >+if [ "${clst_encryption_method}" ] >+then >+ start_encryption $1/${loopname} >+fi >+ >+exit $? >Index: catalyst/trunk/targets/support/functions.sh >=================================================================== >--- catalyst/trunk/targets/support/functions.sh (revision 1234) >+++ catalyst/trunk/targets/support/functions.sh (working copy) >@@ -190,6 +190,10 @@ > cmdline_opts="${cmdline_opts} ${x}" > done > fi >+ if [ "${clst_encryption_method}" ] >+ then >+ cmdline_opts="${cmdline_opts} crypt_root=livecd" >+ fi > } > > check_filesystem_type(){ >Index: catalyst/trunk/targets/support/kmerge.sh >=================================================================== >--- catalyst/trunk/targets/support/kmerge.sh (revision 1234) >+++ catalyst/trunk/targets/support/kmerge.sh (working copy) >@@ -48,6 +48,11 @@ > then > GK_ARGS="${GK_ARGS} --linuxrc=/tmp/linuxrc" > fi >+ >+ if [ "${clst_encryption_method}" ] >+ then >+ GK_ARGS="${GK_ARGS} --luks" >+ fi > } > > genkernel_compile(){ >Index: catalyst/trunk/targets/support/encryption-functions.sh >=================================================================== >--- catalyst/trunk/targets/support/encryption-functions.sh (revision 0) >+++ catalyst/trunk/targets/support/encryption-functions.sh (revision 0) >@@ -0,0 +1,115 @@ >+. ${clst_sharedir}/targets/support/functions.sh >+ >+devices_off(){ >+ cryptsetup luksClose catalyst >+ losetup -d ${clst_encryption_loop} >+} >+ >+free_loop(){ >+ echo "Searching for a free loop from /dev/loop0..." >+ local loop=0 >+ while true >+ do >+ if [ ! -b "/dev/loop${loop}" ] >+ then >+ exit 1 >+ fi >+ # If the loop-device is "free" then break >+ losetup "/dev/loop${loop}" &>/dev/null || break >+ let loop=loop+1 >+ done >+ export clst_encryption_loop="/dev/loop${loop}" >+} >+ >+ >+encrypt_loop(){ >+ >+# $1 = loop file address >+# $2 = loop device >+# $3 = encryption method >+# $4 = keyfile >+# $5 = clst_encryption_options >+# $6 = keysize >+ >+echo "Encrypting the cd using $2 and /dev/mapper/catalyst" >+ >+local luks_block_size=$(stat -c "%B" $1) >+ >+local luks_size=$(($(stat -c "%b" $1)+8+8*${6})) >+# Normal size plus space for luks (linear in the keysize) >+ >+ >+echo "Creating empty container..." >+dd if=/dev/zero of=$1_crypt.img count=${luks_size} bs=${luks_block_size} conv=notrunc \ >+ || die "Could not create container file with dd, disk full?" >+ >+echo "Placing container in loop $2" >+losetup $2 $1_crypt.img || die "Couldn't setup the loop. Do you have loop support in the kernel?" >+ >+# Do not remove the previous 'die', it would format an occupied loop >+ >+case "$3" in >+ manual) >+ echo 'Creating LUKS image' >+ cat $4 | cryptsetup -s ${6} ${5} luksFormat $2 \ >+ || (devices_off; die "Failed to luksFormat. Is Luks configured and are kernel requirements met?") >+ echo 'Opening LUKS image' >+ cat $4 | cryptsetup luksOpen $2 catalyst \ >+ || (devices_off; die "Failed to open the luks device") >+ ;; >+ keyfile) >+ echo 'Creating LUKS image' >+ cryptsetup ${5} luksFormat $2 $4 \ >+ || (devices_off; die "Failed to luksFormat. Is Luks configured and are kernel requirements met?") >+ echo 'Opening LUKS image' >+ cryptsetup --key-file $4 luksOpen $2 catalyst \ >+ || (devices_off; die "Failed to open the luks device") >+ ;; >+ *) >+ devices_off >+ die 'Option for encrypt/method not recognized' >+ ;; >+esac >+ >+echo 'Copying root filesystem to container' >+ >+dd if=$1 of=/dev/mapper/catalyst conv=notrunc \ >+ || (devices_off; die "Failed to put loop contents in Luks image.\ >+ Could be bad container size estimative. \ >+ Please report this error in the Catalyst mailing list") >+ >+cryptsetup luksClose catalyst || \ >+ die "Luks image could not br closed, and loop will be left open. \ >+ Unknown error occurred" >+ >+losetup -d $2 || die "Loop not closed. Unknown error occurred" >+ >+echo 'Loop was closed, encryption terminated' >+ >+rm $1 >+mv $1_crypt.img $1 >+ >+} >+ >+ >+start_encryption(){ >+ # $1 = loop image >+ >+ local keysize >+ >+ if [ ! -s "${clst_encryption_key}" ] >+ then die "Key wasn't found" >+ fi >+ #otherwise luks keeps waiting for stdin >+ >+ if [ "${clst_encryption_keysize}" ] >+ then keysize=${clst_encryption_keysize} >+ else keysize=256 >+ fi >+ >+ free_loop || die "Couldn't find available loop" >+ encrypt_loop $1 "${clst_encryption_loop}" "${clst_encryption_method}" "${clst_encryption_key}" "${clst_encryption_options}" "${keysize}" >+ loopret=$? >+ unset clst_encryption_loop >+ exit $loopret >+} >Index: catalyst/trunk/examples/livecd-stage2_template.spec >=================================================================== >--- catalyst/trunk/examples/livecd-stage2_template.spec (revision 1234) >+++ catalyst/trunk/examples/livecd-stage2_template.spec (working copy) >@@ -85,6 +85,7 @@ > # zisofs - This uses in-kernel compression and is supported on all platforms. > # normal - This creates a loop without compression. > # noloop - This copies the files to the CD directly, withuot using a loopback. >+# (but encryption is only supported with loops) > # example: > # livecd/fstype: squashfs > livecd/fstype: >@@ -361,3 +362,25 @@ > # example: > # livecd/rm: /lib/*.a /usr/lib/*.a /usr/lib/gcc-lib/*/*/libgcj* /etc/dispatch-conf.conf /etc/etc-update.conf /etc/*- /etc/issue* /etc/make.conf /etc/man.conf /etc/*.old /root/.viminfo /usr/sbin/bootsplash* /usr/sbin/fb* /usr/sbin/fsck.cramfs /usr/sbin/fsck.minix /usr/sbin/mkfs.minix /usr/sbin/mkfs.bfs /usr/sbin/mkfs.cramfs /lib/security/pam_access.so /lib/security/pam_chroot.so /lib/security/pam_debug.so /lib/security/pam_ftp.so /lib/security/pam_issue.so /lib/security/pam_mail.so /lib/security/pam_motd.so /lib/security/pam_mkhomedir.so /lib/security/pam_postgresok.so /lib/security/pam_rhosts_auth.so /lib/security/pam_userdb.so /usr/share/consolefonts/1* /usr/share/consolefonts/7* /usr/share/consolefonts/8* /usr/share/consolefonts/9* /usr/share/consolefonts/A* /usr/share/consolefonts/C* /usr/share/consolefonts/E* /usr/share/consolefonts/G* /usr/share/consolefonts/L* /usr/share/consolefonts/M* /usr/share/consolefonts/R* /usr/share/consolefonts/a* /usr/share/consolefonts/c* /usr/share/consolefonts/dr* /usr/share/consolefonts/g* /usr/share/consolefonts/i* /usr/share/consolefonts/k* /usr/share/consolefonts/l* /usr/share/consolefonts/r* /usr/share/consolefonts/s* /usr/share/consolefonts/t* /usr/share/consolefonts/v* /etc/splash/livecd-2006.1/16* /etc/splash/livecd-2006.1/12* /etc/splash/livecd-2006.1/6* /etc/splash/livecd-2006.1/8* /etc/splash/livecd-2006.1/images/silent-16* /etc/splash/livecd-2006.1/images/silent-12* /etc/splash/livecd-2006.1/images/silent-6* /etc/splash/livecd-2006.1/images/silent-8* /etc/splash/livecd-2006.1/images/verbose-16* /etc/splash/livecd-2006.1/images/verbose-12* /etc/splash/livecd-2006.1/images/verbose-6* /etc/splash/livecd-2006.1/images/verbose-8* /etc/make.conf.example /etc/make.globals /etc/resolv.conf > livecd/rm: >+ >+ >+# If you do not want your livecd encrypted with LUKS leave this empty. >+# Possible values are 'keyfile' or 'manual'. Specifies whether you want >+# to boot your livecd with a 'keyfile' or by manually inserting the key >+# with 'manual'. >+# You must configure the kernel config to work with luks, as usual >+encryption/method: >+ >+# If above you chose 'keyfile' or 'manual', then below you need to specify >+# the file which contains the binary keyfile or the password. >+encryption/key: >+ >+# Insert cryptsetup luksFormat options (such as --cipher and --verify-passphrase). >+#encryption/options: >+ >+# Sets the luksFormat keysize, defaults to 256. >+#encryption/keysize: >+ >+# If using 'keyfile', indicate the full relative location of the key from the root >+# of the device you're going to use when opening the cd. >+encryption/keypath:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=126241">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 186909
:
126241
|
127058
