summaryrefslogtreecommitdiffstats
path: root/abs
diff options
context:
space:
mode:
authorBritney Fransen <brfransen@gmail.com>2013-11-29 20:03:49 (GMT)
committerBritney Fransen <brfransen@gmail.com>2013-11-29 20:03:49 (GMT)
commit6d3f149ab4808e3e2e53427a7d290a1b7f27f550 (patch)
tree82a85e41602a4df87859a1b47bc1eb1e92706bc6 /abs
parentd6516faa2bb58b90035609b16674cb86b75a7570 (diff)
downloadlinhes_pkgbuild-6d3f149ab4808e3e2e53427a7d290a1b7f27f550.zip
linhes_pkgbuild-6d3f149ab4808e3e2e53427a7d290a1b7f27f550.tar.gz
linhes_pkgbuild-6d3f149ab4808e3e2e53427a7d290a1b7f27f550.tar.bz2
plymouth: forgot to add some files. refs #891.
Diffstat (limited to 'abs')
-rw-r--r--abs/core/plymouth/plymouth-encrypt.hook142
-rw-r--r--abs/core/plymouth/plymouth-encrypt.install50
-rw-r--r--abs/core/plymouth/plymouth.hook4
3 files changed, 196 insertions, 0 deletions
diff --git a/abs/core/plymouth/plymouth-encrypt.hook b/abs/core/plymouth/plymouth-encrypt.hook
new file mode 100644
index 0000000..7069eff
--- /dev/null
+++ b/abs/core/plymouth/plymouth-encrypt.hook
@@ -0,0 +1,142 @@
+#!/usr/bin/ash
+
+run_hook() {
+ modprobe -a -q dm-crypt >/dev/null 2>&1
+ [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+ # Get keyfile if specified
+ ckeyfile="/crypto_keyfile.bin"
+ if [ -n "$cryptkey" ]; then
+ IFS=: read ckdev ckarg1 ckarg2 <<EOF
+$cryptkey
+EOF
+
+ if [ "$ckdev" = "rootfs" ]; then
+ ckeyfile=$ckarg1
+ elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
+ case ${ckarg1} in
+ *[!0-9]*)
+ # Use a file on the device
+ # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+ mkdir /ckey
+ mount -r -t "$ckarg1" "$resolved" /ckey
+ dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
+ umount /ckey
+ ;;
+ *)
+ # Read raw data from the block device
+ # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+ dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+ ;;
+ esac
+ fi
+ [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+ fi
+
+ if [ -n "${cryptdevice}" ]; then
+ DEPRECATED_CRYPT=0
+ IFS=: read cryptdev cryptname cryptoptions <<EOF
+$cryptdevice
+EOF
+ else
+ DEPRECATED_CRYPT=1
+ cryptdev="${root}"
+ cryptname="root"
+ fi
+
+ warn_deprecated() {
+ echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+ echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+ }
+
+ for cryptopt in ${cryptoptions//,/ }; do
+ case ${cryptopt} in
+ allow-discards)
+ cryptargs="${cryptargs} --allow-discards"
+ ;;
+ *)
+ echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+ ;;
+ esac
+ done
+
+ if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+ if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ dopassphrase=1
+ # If keyfile exists, try to use that
+ if [ -f ${ckeyfile} ]; then
+ if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
+ dopassphrase=0
+ else
+ echo "Invalid keyfile. Reverting to passphrase."
+ fi
+ fi
+ # Ask for a passphrase
+ if [ ${dopassphrase} -gt 0 ]; then
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+
+###
+ plymouth ask-for-password \
+ --prompt="Password for ${cryptname} volume" \
+ --dont-pause-progress \
+ --number-of-tries=3 \
+ --command="cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}"
+###
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ elif [ -n "${crypto}" ]; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ msg "Non-LUKS encrypted device found..."
+ if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
+ err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+ err "Non-LUKS decryption not attempted..."
+ return 1
+ fi
+ exe="cryptsetup open --type plain $resolved $cryptname $cryptargs"
+ IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
+$crypto
+EOF
+ [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
+ [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
+ [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
+ [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
+ [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
+ if [ -f "$ckeyfile" ]; then
+ exe="$exe --key-file $ckeyfile"
+ else
+ exe="$exe --verify-passphrase"
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+ fi
+ eval "$exe $CSQUIET"
+
+ if [ $? -ne 0 ]; then
+ err "Non-LUKS device decryption failed. verify format: "
+ err " crypto=hash:cipher:keysize:offset:skip"
+ exit 1
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ else
+ err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
+ fi
+ fi
+ rm -f ${ckeyfile}
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
diff --git a/abs/core/plymouth/plymouth-encrypt.install b/abs/core/plymouth/plymouth-encrypt.install
new file mode 100644
index 0000000..0ee8512
--- /dev/null
+++ b/abs/core/plymouth/plymouth-encrypt.install
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+build() {
+ local mod
+
+ add_module dm-crypt
+ if [[ $CRYPTO_MODULES ]]; then
+ for mod in $CRYPTO_MODULES; do
+ add_module "$mod"
+ done
+ else
+ add_all_modules '/crypto/'
+ fi
+
+ add_binary "cryptsetup"
+ add_binary "dmsetup"
+ add_file "/usr/lib/udev/rules.d/10-dm.rules"
+ add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+ add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+ add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+###
+ add_file "/usr/share/fonts/TTF/DejaVuSans.ttf"
+ add_file "/etc/fonts/fonts.conf"
+ add_file "/etc/fonts/conf.d/60-latin.conf"
+###
+
+ add_runscript
+}
+
+help() {
+ cat <<HELPEOF
+This hook allows for an encrypted root device. Users should specify the device
+to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
+where 'device' is the path to the raw device, and 'dmname' is the name given to
+the device after unlocking, and will be available as /dev/mapper/dmname.
+
+For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
+the kernel cmdline, where 'device' represents the raw block device where the key
+exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
+the absolute path of the keyfile within the device.
+
+Without specifying a keyfile, you will be prompted for the password at runtime.
+This means you must have a keyboard available to input it, and you may need
+the keymap hook as well to ensure that the keyboard is using the layout you
+expect.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
diff --git a/abs/core/plymouth/plymouth.hook b/abs/core/plymouth/plymouth.hook
new file mode 100644
index 0000000..36a5e1b
--- /dev/null
+++ b/abs/core/plymouth/plymouth.hook
@@ -0,0 +1,4 @@
+run_hook() {
+ /usr/bin/plymouthd --mode=boot
+ /usr/bin/plymouth --show-splash
+}