Added a patch from Nelson Batalha <nelson_batalha@hotmail.com> from bug #174294 to enable the use of encryption on a CD and the location of a key.

git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@516 67a159dc-881f-0410-a524-ba9dfbe2cb84
cleanup-cruft
Chris Gianelloni 18 years ago
parent 505cb92dc6
commit 4cfc3f4bf8

@ -2,6 +2,11 @@
# Copyright 2006-2007 Gentoo Foundation; Distributed under the GPL v2 # Copyright 2006-2007 Gentoo Foundation; Distributed under the GPL v2
# $Header: $ # $Header: $
21 Jun 2007; Chris Gianelloni <wolf31o2@gentoo.org>
generic/initrd.scripts, generic/linuxrc:
Added a patch from Nelson Batalha <nelson_batalha@hotmail.com> from bug
#174294 to enable the use of encryption on a CD and the location of a key.
21 Jun 2007; Chris Gianelloni <wolf31o2@gentoo.org> gen_determineargs.sh, 21 Jun 2007; Chris Gianelloni <wolf31o2@gentoo.org> gen_determineargs.sh,
gen_funcs.sh, genkernel, genkernel.8, genkernel.conf: gen_funcs.sh, genkernel, genkernel.8, genkernel.conf:
Added two patches from John R. Graham <john_r_graham@mindspring.com> from Added two patches from John R. Graham <john_r_graham@mindspring.com> from

@ -100,6 +100,39 @@ findcdmount() {
fi fi
} }
findkeymount() {
if [ "$#" -gt "0" ]
then
for x in $*
do
# Check for a block device to mount
if [ -b "${x}" ]
then
good_msg "Attempting to mount key media:- ${x}"
mount -r -t auto ${x} ${NEW_ROOT}/mnt/key \
> /dev/null 2>&1
fi
if [ "$?" = '0' ]
then
# Check for the key
if [ -e ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} ]
then
KEY_ROOT="${x}"
break
else
umount ${NEW_ROOT}/mnt/key
fi
fi
fi
done
if [ "${KEY_ROOT}" != '' ]
then
good_msg "Key media found on ${x}"
fi
fi
}
cache_cd_contents() { cache_cd_contents() {
# Check loop file exists and cache to ramdisk if DO_cache is enabled # Check loop file exists and cache to ramdisk if DO_cache is enabled
if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ] if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ]
@ -357,6 +390,23 @@ bootstrapCD() {
findcdmount $DEVICES findcdmount $DEVICES
} }
bootstrapKey() {
# Locate the device with our key on it.
# USB Keychain/Storage
KEYDEVS="/dev/sd*"
# CDROM DEVICES
KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
# IDE devices
KEYDEVS="${KEYDEVS} /dev/hd*"
# USB using the USB Block Driver
KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*"
# iSeries devices
KEYDEVS="${KEYDEVs} /dev/iseries/vcd*"
findkeymount ${KEYDEVS}
}
cmdline_hwopts() { cmdline_hwopts() {
# Scan CMDLINE for any "doscsi" or "noscsi"-type arguments # Scan CMDLINE for any "doscsi" or "noscsi"-type arguments

@ -72,13 +72,16 @@ do
CDROOT=1 CDROOT=1
CDROOT_DEV=`parse_opt "${x}"` CDROOT_DEV=`parse_opt "${x}"`
;; ;;
# Start livecd loop and looptype options # Start livecd loop, looptype options and encryption
loop\=*) loop\=*)
LOOP=`parse_opt "${x}"` LOOP=`parse_opt "${x}"`
;; ;;
looptype\=*) looptype\=*)
LOOPTYPE=`parse_opt "${x}"` LOOPTYPE=`parse_opt "${x}"`
;; ;;
loop_crypt\=*)
LOOP_CRYPT=`parse_opt "${x}"`
;;
# Start Device Manager options # Start Device Manager options
devfs) devfs)
USE_DEVFS_NORMAL=1 USE_DEVFS_NORMAL=1
@ -261,7 +264,7 @@ then
mount -t tmpfs tmpfs ${NEW_ROOT} mount -t tmpfs tmpfs ${NEW_ROOT}
fi fi
for i in dev mnt mnt/cdrom mnt/livecd tmp tmp/.initrd mnt/gentoo sys for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys
do do
mkdir -p ${NEW_ROOT}/$i mkdir -p ${NEW_ROOT}/$i
chmod 755 ${NEW_ROOT}/$i chmod 755 ${NEW_ROOT}/$i
@ -490,65 +493,103 @@ then
fi fi
cache_cd_contents cache_cd_contents
# Setup the loopback mounts
if [ "${LOOPTYPE}" = 'normal' ]
# If encrypted, find key and mount, otherwise mount as usual
if [ "${LOOP_CRYPT}" != '' ]
then then
good_msg 'Mounting loop filesystem' good_msg 'You booted an encrypted livecd'
mount -t ext2 -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd KEYNAME=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
test_success 'Mount filesystem'
FS_LOCATION='mnt/livecd'
if [ "${KEYNAME}" = '' ]
then
good_msg 'It's not locked with a gpg key, attempting to decrypt manually'
losetup -e ${LOOP_CRYPT} /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
elif [ "${LOOPTYPE}" = 'squashfs' ]
then
good_msg 'Mounting squashfs filesystem'
mount -t squashfs -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
test_success 'Mount filesystem' else
FS_LOCATION='mnt/livecd' good_msg 'Livecd locked with gpg key'
bootstrapKey
good_msg 'Attempting to decrypt with key'
losetup -K ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} -e ${LOOP_CRYPT} /dev/loop1 \
${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
fi
elif [ "${LOOPTYPE}" = 'gcloop' ] test_success 'Unencrypting loop'
then
good_msg 'Mounting gcloop filesystem'
echo ' ' | losetup -E 19 -e ucl-0 -p0 ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
test_success 'losetup the loop device'
mount -t ext2 -o ro ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/livecd case ${LOOPTYPE} in
test_success 'Mount the losetup loop device' squashfs)
MOUNTTYPE="squashfs"
normal)
MOUNTTYPE="ext2"
esac
mount -t ${MOUNTTYPE} -o ro /dev/loop1 ${NEW_ROOT}/mnt/livecd
test_success 'Mount filesystem, checking key'
FS_LOCATION='mnt/livecd' FS_LOCATION='mnt/livecd'
elif [ "${LOOPTYPE}" = 'zisofs' ]
then
FS_LOCATION="mnt/cdrom/${LOOPEXT}${LOOP}"
elif [ "${LOOPTYPE}" = 'noloop' ]
then
FS_LOCATION='mnt/cdrom'
elif [ "${LOOPTYPE}" = 'sgimips' ] # Setup the loopback mounts, if unencrypted
then else
# getdvhoff finds the starting offset (in bytes) of the squashfs if [ "${LOOPTYPE}" = 'normal' ]
# partition on the cdrom and returns this offset for losetup then
# good_msg 'Mounting loop filesystem'
# All currently supported SGI Systems use SCSI CD-ROMs, so mount -t ext2 -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
# so we know that the CD-ROM is usually going to be /dev/sr0. test_success 'Mount filesystem'
# FS_LOCATION='mnt/livecd'
# We use the value given to losetup to set /dev/loop0 to point
# to the liveCD root partition, and then mount /dev/loop0 as
# the LiveCD rootfs elif [ "${LOOPTYPE}" = 'squashfs' ]
good_msg 'Locating the SGI LiveCD Root Partition' then
echo ' ' | \ good_msg 'Mounting squashfs filesystem'
losetup -o $(/bin/getdvhoff ${NEW_ROOT}${REAL_ROOT} 0) \ mount -t squashfs -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
${NEW_ROOT}${CDROOT_DEV} \
${NEW_ROOT}${REAL_ROOT} test_success 'Mount filesystem'
test_success 'losetup /dev/sr0 /dev/loop0' FS_LOCATION='mnt/livecd'
good_msg 'Mounting the Root Partition' elif [ "${LOOPTYPE}" = 'gcloop' ]
mount -t squashfs -o ro ${NEW_ROOT}${CDROOT_DEV} ${NEW_ROOT}/mnt/livecd then
test_success 'mount /dev/loop0 /' good_msg 'Mounting gcloop filesystem'
FS_LOCATION='mnt/livecd' echo ' ' | losetup -E 19 -e ucl-0 -p0 ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
fi test_success 'losetup the loop device'
mount -t ext2 -o ro ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/livecd
test_success 'Mount the losetup loop device'
FS_LOCATION='mnt/livecd'
elif [ "${LOOPTYPE}" = 'zisofs' ]
then
FS_LOCATION="mnt/cdrom/${LOOPEXT}${LOOP}"
elif [ "${LOOPTYPE}" = 'noloop' ]
then
FS_LOCATION='mnt/cdrom'
elif [ "${LOOPTYPE}" = 'sgimips' ]
then
# getdvhoff finds the starting offset (in bytes) of the squashfs
# partition on the cdrom and returns this offset for losetup
#
# All currently supported SGI Systems use SCSI CD-ROMs, so
# so we know that the CD-ROM is usually going to be /dev/sr0.
#
# We use the value given to losetup to set /dev/loop0 to point
# to the liveCD root partition, and then mount /dev/loop0 as
# the LiveCD rootfs
good_msg 'Locating the SGI LiveCD Root Partition'
echo ' ' | \
losetup -o $(/bin/getdvhoff ${NEW_ROOT}${REAL_ROOT} 0) \
${NEW_ROOT}${CDROOT_DEV} \
${NEW_ROOT}${REAL_ROOT}
test_success 'losetup /dev/sr0 /dev/loop0'
good_msg 'Mounting the Root Partition'
mount -t squashfs -o ro ${NEW_ROOT}${CDROOT_DEV} ${NEW_ROOT}/mnt/livecd
test_success 'mount /dev/loop0 /'
FS_LOCATION='mnt/livecd'
fi
# #
# End cdrom looptype determination and mounting if necessary # End cdrom looptype determination and mounting if necessary

Loading…
Cancel
Save