|
@@ -547,10 +547,16 @@ function create_tomb {
|
547
|
547
|
tomb >> /var/log/${PROJECT_NAME}.log
|
548
|
548
|
fi
|
549
|
549
|
TOMB_TEMP_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)"
|
|
550
|
+ echo "$TOMB_TEMP_PASSWORD" > /mnt/ramdisk/${tomb_name}.tomb.pass
|
550
|
551
|
tomb forge /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
|
551
|
552
|
tomb lock /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
|
552
|
553
|
tomb open /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
|
|
554
|
+ # update /etc/crypttab so that the rest of the os has access
|
|
555
|
+ cryptsetup luksAddKey --key-file=/mnt/ramdisk/${tomb_name}.tomb.key /tmp/${tomb_name}.tomb newkey --password="${TOMB_TEMP_PASSWORD}"
|
|
556
|
+
|
|
557
|
+ # stop stuff from popping up
|
553
|
558
|
pkill caja
|
|
559
|
+
|
554
|
560
|
# clear the temporary password
|
555
|
561
|
TOMB_TEMP_PASSWORD=
|
556
|
562
|
}
|
|
@@ -563,6 +569,12 @@ function setup_amnesic_data {
|
563
|
569
|
return
|
564
|
570
|
fi
|
565
|
571
|
|
|
572
|
+ # clear crypttab
|
|
573
|
+ if [ -f /etc/crypttab ]; then
|
|
574
|
+ shred -zu /etc/crypttab
|
|
575
|
+ touch /etc/crypttab
|
|
576
|
+ fi
|
|
577
|
+
|
566
|
578
|
tomb_name=log
|
567
|
579
|
create_tomb ${tomb_name} $TOMB_LOG_SIZE_MB
|
568
|
580
|
if [ -d /media/${tomb_name} ]; then
|