Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 149942 Details for
Bug 217959
[patch] Feed LUKS with gpg-encrypted key from removable device
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for initrd.scripts
initrd.scripts-genkernel-3.4.9.diff (text/plain), 3.13 KB, created by
Stefan Schlott
on 2008-04-16 14:19:57 UTC
(
hide
)
Description:
Patch for initrd.scripts
Filename:
MIME Type:
Creator:
Stefan Schlott
Created:
2008-04-16 14:19:57 UTC
Size:
3.13 KB
patch
obsolete
>--- /usr/share/genkernel/generic/initrd.scripts 2008-01-12 00:44:19.000000000 +0100 >+++ overlay/etc/initrd.scripts 2008-04-16 14:03:03.000000000 +0200 >@@ -99,7 +99,7 @@ > # else > # mount -r -t auto ${x} ${mntdir} &>/dev/null > # fi >- mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} &>/dev/null >+ mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1 || mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1 > if [ "$?" = '0' ] > then > # Check for the media >@@ -691,6 +691,18 @@ > fi > } > >+ >+# Overwrite and delete file >+wipeFile() { >+ if [ -f "$1" ] ; then >+ #size=`stat -c %s "$1"` >+ size=4096 >+ dd if=/dev/urandom of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1 >+ dd if=/dev/zero of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1 >+ rm "$1" >+ fi >+} >+ > # Open a LUKS device > # It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks > # $1 - root/swap >@@ -710,8 +722,11 @@ > eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' > local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 > local mntkey="/mnt/key/" cryptsetup_options='' >+ local LUKS_KEY_PLAIN=${LUKS_KEY%.gpg} >+ local LUKS_KEY_TMP="/temp/key-${LUKS_KEY_PLAIN}" > > [ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1 >+ [ "$LUKS_KEY_PLAIN" != "$LUKS_KEY" ] && [ ! -e /sbin/gpg ] && bad_msg "The initrd does not suport GPG" && exit 1 > while [ 1 ] > do > # if crypt_silent=1 and some error occurs, enter shell quietly >@@ -791,14 +806,27 @@ > umount -n ${mntkey} 2>/dev/null >/dev/null > KEY_ERROR=1 > KEYDEV_ERROR=1 >- bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} >+ bad_msg "Key ${LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} > continue > fi > fi > fi > # At this point a candidate key exists (either mounted before or not) > good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT} >- cryptsetup_options="-d ${mntkey}${LUKS_KEY}" >+ # Is gpg encrypted? >+ if [ "${LUKS_KEY_PLAIN}" != "${LUKS_KEY}" ] ; then >+ if [ ! -e "${LUKS_KEY_TMP}" ] ; then >+ gpg --homedir /.gpg -o "${LUKS_KEY_TMP}" "${mntkey}${LUKS_KEY}" >+ if [ ! -e "${LUKS_KEY_TMP}" ] ; then >+ KEY_ERROR=1 >+ bad_msg "Unable to decrypt ${LUKS_KEY}" ${CRYPT_SILENT} >+ continue >+ fi >+ fi >+ cryptsetup_options="-d ${LUKS_KEY_TMP}" >+ else >+ cryptsetup_options="-d ${mntkey}${LUKS_KEY}" >+ fi > fi > # At this point, keyfile or not, we're ready! > crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" >@@ -817,6 +845,11 @@ > done > umount ${mntkey} 2>/dev/null >/dev/null > rmdir -p ${mntkey} 2>/dev/null >/dev/null >+ if [ ${DEV_ERROR} != 0 ] || [ ${KEY_ERROR} != 0 ] || [ ${KEYDEV_ERROR} != 0 ] ; then >+ for i in /temp/key-* ; do >+ wipeFile "${i}" >+ done >+ fi > } > > startLUKS() { >@@ -849,6 +882,11 @@ > REAL_RESUME="/dev/mapper/swap" > fi > fi >+ >+ # wipe decrypted key files >+ for i in /temp/key-* ; do >+ wipeFile "${i}" >+ done > } > > sdelay() {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=149942">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 217959
:
149942
|
150228
|
200632
|
208338
|
208341
|
213301
|
213302
