Parcourir la source

Ensure that cryptsetup is always available

Bob Mottram il y a 9 ans
Parent
révision
c0c4325eff
2 fichiers modifiés avec 13 ajouts et 1 suppressions
  1. 1
    1
      src/freedombone-image-customise
  2. 12
    0
      src/freedombone-image-mesh

+ 1
- 1
src/freedombone-image-customise Voir le fichier

@@ -782,7 +782,7 @@ chroot "$rootdir" apt-get install -y avahi-daemon avahi-utils avahi-discover ava
782 782
 chroot "$rootdir" apt-get install -y iptables dnsutils net-tools network-manager iputils-ping
783 783
 chroot "$rootdir" apt-get install -y libnss-mdns libnss-myhostname libnss-gw-name nano man ntp
784 784
 chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools wpasupplicant
785
-chroot "$rootdir" apt-get install -y usbutils
785
+chroot "$rootdir" apt-get install -y usbutils cryptsetup zsh pinentry-curses
786 786
 
787 787
 sed -i "s|#host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
788 788
 sed -i "s|host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf

+ 12
- 0
src/freedombone-image-mesh Voir le fichier

@@ -547,10 +547,16 @@ function create_tomb {
547 547
 		tomb >> /var/log/${PROJECT_NAME}.log
548 548
 	fi
549 549
 	TOMB_TEMP_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
550
+	echo "$TOMB_TEMP_PASSWORD" > /mnt/ramdisk/${tomb_name}.tomb.pass
550 551
 	tomb forge /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
551 552
 	tomb lock /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
552 553
 	tomb open /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
554
+	# update /etc/crypttab so that the rest of the os has access
555
+	cryptsetup luksAddKey --key-file=/mnt/ramdisk/${tomb_name}.tomb.key /tmp/${tomb_name}.tomb newkey --password="${TOMB_TEMP_PASSWORD}"
556
+
557
+	# stop stuff from popping up
553 558
 	pkill caja
559
+
554 560
 	# clear the temporary password
555 561
 	TOMB_TEMP_PASSWORD=
556 562
 }
@@ -563,6 +569,12 @@ function setup_amnesic_data {
563 569
 		return
564 570
 	fi
565 571
 
572
+	# clear crypttab
573
+	if [ -f /etc/crypttab ]; then
574
+		shred -zu /etc/crypttab
575
+		touch /etc/crypttab
576
+	fi
577
+
566 578
 	tomb_name=log
567 579
 	create_tomb ${tomb_name} $TOMB_LOG_SIZE_MB
568 580
 	if [ -d /media/${tomb_name} ]; then