diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/naskconf | 23 | ||||
| -rw-r--r-- | scripts/naskpass.inithook | 15 | ||||
| -rw-r--r--[-rwxr-xr-x] | scripts/naskpass.initscript | 26 |
3 files changed, 36 insertions, 28 deletions
diff --git a/scripts/naskconf b/scripts/naskconf index 8c66b77..2452799 100644 --- a/scripts/naskconf +++ b/scripts/naskconf @@ -1,24 +1,31 @@ #!/bin/sh +export ORGCHKSM="5924c70e5c9fabf0398050349c3f4f283ab80091b23ea8c677249ee7bdd41f6e4910ce5e1bc32577e67763dc30d9b96cc3528256e1cc63dba959a5e3866ec21f" +export ORGFILE="/usr/share/initramfs-tools/scripts/local-top/cryptroot" + + . /usr/share/debconf/confmodule _nask_cmd () { db_get naskpass/active if [ "x$1" = "xACTV" ] && [ "$RET" = "false" ]; then - dpkg-divert --package naskpass --add --rename --divert /var/backups/cryptroot.initramfs.bak \ - /usr/share/initramfs-tools/scripts/local-top/cryptroot - ln -s /usr/share/naskpass/naskpass.script.initramfs \ - /usr/share/initramfs-tools/scripts/local-top/cryptroot + if [ "${ORGCHKSM}" != "$(/usr/bin/sha512sum ${ORGFILE} | grep -Eo '^[0-9a-zA-Z]*')" ]; then + export ERRMSG="$0: sha512sum mismatch" + return 1 + fi + dpkg-divert --package naskpass --add --rename --divert /var/backups/cryptroot.initramfs.bak ${ORGFILE} + cp /usr/share/naskpass/naskpass.script.initramfs ${ORGFILE} ln -s /usr/share/naskpass/naskpass.hook.initramfs \ /usr/share/initramfs-tools/hooks/naskpass db_set naskpass/active true elif [ "x$1" = "xDCTV" ] && [ "$RET" = "true" ]; then - rm /usr/share/initramfs-tools/scripts/local-top/cryptroot + rm ${ORGFILE} rm /usr/share/initramfs-tools/hooks/naskpass - dpkg-divert --package naskpass --rename --remove /usr/share/initramfs-tools/scripts/local-top/cryptroot + dpkg-divert --package naskpass --rename --remove ${ORGFILE} db_set naskpass/active false fi + return 0 } -nask_activate () { _nask_cmd "ACTV"; } -nask_deactivate () { _nask_cmd "DCTV"; } +nask_activate () { _nask_cmd "ACTV"; return $?; } +nask_deactivate () { _nask_cmd "DCTV"; return $?; } diff --git a/scripts/naskpass.inithook b/scripts/naskpass.inithook index 277203c..083c477 100644 --- a/scripts/naskpass.inithook +++ b/scripts/naskpass.inithook @@ -15,24 +15,9 @@ case "$1" in ;; esac -export RDSUM="5924c70e5c9fabf0398050349c3f4f283ab80091b23ea8c677249ee7bdd41f6e4910ce5e1bc32577e67763dc30d9b96cc3528256e1cc63dba959a5e3866ec21f" -export DIVFILE="/usr/share/naskpass/cryptroot.orig" -export ORGFILE="/usr/share/initramfs-tools/scripts/local-top/cryptroot" . /usr/share/initramfs-tools/hook-functions -if [ -f ${DIVFILE} ]; then - if [ ${RDSUM} != "$(/usr/bin/sha512sum ${DIVFILE} | grep -Eo '^[0-9a-zA-Z]*')" ]; then - echo "********************************" >&2 - echo "* NASKPASS: sha512sum mismatch *" >&2 - echo "********************************" >&2 - echo " WARNING: Using ORIG-File!" >&2 - cp /usr/share/naskpass/cryptroot.orig ${DESTDIR}/scripts/local-top/cryptroot - echo "* Please re-run update-initramfs!" >&2 - exit 1 - fi -fi - copy_exec /lib/cryptsetup/naskpass /lib/cryptsetup mkdir -p ${DESTDIR}/lib/terminfo/l cp /lib/terminfo/l/linux ${DESTDIR}/lib/terminfo/l/ diff --git a/scripts/naskpass.initscript b/scripts/naskpass.initscript index 1216e14..3f9be2c 100755..100644 --- a/scripts/naskpass.initscript +++ b/scripts/naskpass.initscript @@ -68,7 +68,7 @@ parse_options() cryptlvm="" cryptkeyscript="" cryptkey="" # This is only used as an argument to an eventual keyscript - crypttries=1 + crypttries=3 cryptrootdev="" cryptdiscard="" CRYPTTAB_OPTIONS="" @@ -101,12 +101,23 @@ parse_options() lvm=*) cryptlvm=${x#lvm=} ;; + keyscript=*) + cryptkeyscript=${x#keyscript=} + ;; key=*) if [ "${x#key=}" != "none" ]; then cryptkey=${x#key=} fi export CRYPTTAB_KEY="$cryptkey" ;; + tries=*) + crypttries="${x#tries=}" + case "$crypttries" in + *[![:digit:].]*) + crypttries=3 + ;; + esac + ;; rootdev) cryptrootdev="yes" ;; @@ -262,16 +273,21 @@ setup_mapping() cryptkeyscript="plymouth ask-for-password --prompt" cryptkey=$(printf "$cryptkey") else - dmesg -n 1 cryptkeyscript="/lib/cryptsetup/naskpass" fi fi if [ ! -e "$NEWROOT" ]; then - if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ - $cryptkeyscript "$cryptcreate" ; then - continue; + if [ -x /bin/plymouth ] && plymouth --ping; then + message "naskpass does not work with playmouth, falling back to default askpass .." + if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ + $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then + message "cryptsetup: cryptsetup failed, bad password or options?" + continue + fi + else + $cryptkeyscript -c "$cryptcreate" fi fi |