Looking for LUKS header in the remote header and not in the encrypted device.

EGIT_REPO_URI+denes branch instead of compressed archive as source.
fixing typo
4 changed files with 117 additions and 16 deletions
--- a/defaults/initrd.d/00-crypt.sh
+++ b/defaults/initrd.d/00-crypt.sh
@ -121,12 +121,6 @@ _open_luks() {
            [ -n "${luks_dev}" ] && \
                luks_device="${luks_dev}"  # otherwise hope...
            eval "${CRYPTSETUP_BIN} isLuks ${luks_device}" || {
                bad_msg "${luks_device} does not contain a LUKS header"
                dev_error=1
                continue;
            }
            # Handle keys
            if [ "${luks_trim}" = "yes" ]; then
                good_msg "Enabling TRIM support for ${luks_dev_name}."
@ -193,13 +187,30 @@ _open_luks() {
                        bad_msg "{luks_key} on ${real_luks_keydev} not found."
                        continue
                    fi
                    good_msg "${luks_key} on device ${real_luks_keydev} found."
                    if [ ! -e "${mntkey}/header.img" ]; then
                        umount -n "${mntkey}"
                        key_error=1
                        keydev_error=1
                        bad_msg "header.img on ${real_luks_keydev} not found."
                        continue
                    fi
                    good_msg "header.img on device ${real_luks_keydev} found."
                    eval "${CRYPTSETUP_BIN} isLuks ${mntkey}/header.img" || {
                      bad_msg "${mntkey}/header.img does not contain a LUKS header"
                      dev_error=1
                      continue;
                    }
                    good_msg "LUKS header in ${mntkey}/header.img found."
                fi
                # At this point a candidate key exists
                # (either mounted before or not)
                good_msg "${luks_key} on device ${real_luks_keydev} found"
                if [ "$(echo ${luks_key} | grep -o '.gpg$')" = ".gpg" ] && \
-                    [ -e /usr/bin/gpg ]; then
+                    [ -e /usr/bin/staticgpg ]; then
                    # TODO(lxnay): WTF is this?
                    [ -e /dev/tty ] && mv /dev/tty /dev/tty.org
@ -207,10 +218,10 @@ _open_luks() {
                    cryptsetup_opts="${cryptsetup_opts} -d -"
                    # if plymouth not in use, gpg reads keyfile passphrase...
-                    gpg_tty_cmd="/usr/bin/gpg --logger-file /dev/null"
+                    gpg_tty_cmd="/usr/bin/staticgpg --logger-file /dev/null"
                    gpg_tty_cmd="${gpg_tty_cmd} --quiet --decrypt ${mntkey}${luks_key} | "
                    # but when plymouth is in use, keyfile passphrase piped in
-                    gpg_ply_cmd="/usr/bin/gpg --logger-file /dev/null"
+                    gpg_ply_cmd="/usr/bin/staticgpg --logger-file /dev/null"
                    gpg_ply_cmd="${gpg_ply_cmd} --quiet --passphrase-fd 0 --batch --no-tty"
                    gpg_ply_cmd="${gpg_ply_cmd} --decrypt ${mntkey}${luks_key} | "
                else
@ -222,8 +233,10 @@ _open_luks() {
            # At this point, keyfile or not, we're ready!
            local ply_cmd="${gpg_ply_cmd}${CRYPTSETUP_BIN}"
            local tty_cmd="${gpg_tty_cmd}${CRYPTSETUP_BIN}"
-            ply_cmd="${ply_cmd} ${cryptsetup_opts} luksOpen ${luks_device} ${luks_dev_name}"
+
-            tty_cmd="${tty_cmd} ${cryptsetup_opts} luksOpen ${luks_device} ${luks_dev_name}"
+            # Using hard-coded remote header, which is at the same place as the key.
            ply_cmd="${ply_cmd} ${cryptsetup_opts} --header=${mntkey}/header.img  luksOpen ${luks_device} ${luks_dev_name}"
            tty_cmd="${tty_cmd} ${cryptsetup_opts} --header=${mntkey}/header.img  luksOpen ${luks_device} ${luks_dev_name}"
            # send to a temporary shell script, so plymouth can
            # invoke the pipeline successfully
            local ply_cmd_file="$(mktemp -t "ply_cmd.XXXXXX")"
--- a/defaults/linuxrc
+++ b/defaults/linuxrc
@ -294,14 +294,14 @@ cd /
 start_iscsi
 start_volumes
 zfs_start_volumes
 setup_keymap
 # Initialize LUKS root device except for livecd's
 is_livecd || start_luks
 start_volumes
 zfs_start_volumes
 # Initialize resume from hibernation
 is_livecd || resume_init
--- a/ebuilds/genkernel-denes-60.ebuild
+++ b/ebuilds/genkernel-denes-60.ebuild
@ -0,0 +1,88 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/genkernel-next/genkernel-next-60.ebuild,v 1.1 2015/01/20 08:25:58 lxnay Exp $
 EAPI=5
 #if [[ "${PV}" != "9999" ]]; then
 #	SRC_URI="http://dev.gentoo.org/~lxnay/genkernel-next/${P}.tar.xz"
 #else
 #	EGIT_REPO_URI="git://github.com/Sabayon/genkernel-next.git"
 #	inherit git-2
 #fi
 EGIT_REPO_URI="git://github.com/cs0rbagomba/genkernel-next.git"
 EGIT_MASTER="denes"
 inherit git-2
 inherit bash-completion-r1 eutils
 #if [[ "${PV}" == "9999" ]]; then
 #	KEYWORDS=""
 #else
 #	KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~x86"
 #fi
 KEYWORDS="~amd64"
 #DESCRIPTION="Gentoo automatic kernel building scripts, reloaded"
 #HOMEPAGE="http://www.gentoo.org"
 DESCRIPTION="Fork of genkernel-next with sakaki's staticgpg and remote LUKS header."
 HOMEPAGE="https://github.com/cs0rbagomba/genkernel-next/"
 LICENSE="GPL-2"
 SLOT="0"
 RESTRICT=""
 #IUSE="cryptsetup dmraid gpg iscsi plymouth selinux"
 IUSE="cryptsetup staticgpg zfs selinux"
 DEPEND="app-text/asciidoc
 	sys-fs/e2fsprogs
 	!sys-fs/eudev[-kmod,modutils]
 	selinux? ( sys-libs/libselinux )"
 #RDEPEND="${DEPEND}
 #	!sys-kernel/genkernel
 #	cryptsetup? ( sys-fs/cryptsetup )
 #	dmraid? ( >=sys-fs/dmraid-1.0.0_rc16 )
 #	gpg? ( app-crypt/gnupg )
 #	iscsi? ( sys-block/open-iscsi )
 #	plymouth? ( sys-boot/plymouth )
 #	app-portage/portage-utils
 #	app-arch/cpio
 #	>=app-misc/pax-utils-0.6
 #	!<sys-apps/openrc-0.9.9
 #	sys-apps/util-linux
 #	sys-block/thin-provisioning-tools
 #	sys-fs/lvm2"
 RDEPEND="${DEPEND}
 	!sys-kernel/genkernel
 	!sys-kernel/genkernel-next
 	cryptsetup? ( sys-fs/cryptsetup )
 	staticgpg? ( app-crypt/staticgpg )
 	zfs? ( sys-kernel/zfs )
 	app-portage/portage-utils
 	app-arch/cpio
 	>=app-misc/pax-utils-0.6
 	!<sys-apps/openrc-0.9.9
 	sys-apps/util-linux
 	sys-block/thin-provisioning-tools
 	sys-fs/lvm2"
 src_prepare() {
 	sed -i "/^GK_V=/ s:GK_V=.*:GK_V=${PV}:g" "${S}/genkernel" || \
 		die "Could not setup release"
 	epatch_user
 }
 src_install() {
 	emake DESTDIR="${D}" install || die "make install failed"
 	doman "${S}"/genkernel.8 || die "doman"
 	dodoc "${S}"/AUTHORS || die "dodoc"
 	newbashcomp "${S}"/genkernel.bash genkernel
 }
--- a/gen_initramfs.sh
+++ b/gen_initramfs.sh
@ -590,7 +590,7 @@ append_gpg() {
    mkdir -p "${TEMP}/initramfs-gpg-temp/sbin/"
    print_info 1 "Including GPG support"
-    copy_binaries "${TEMP}/initramfs-gpg-temp" /usr/bin/gpg
+    copy_binaries "${TEMP}/initramfs-gpg-temp" /usr/bin/staticgpg
    cd "${TEMP}/initramfs-gpg-temp/"
    log_future_cpio_content
Author	SHA1	Message	Date
dmatetelki	a5404f416a	Looking for LUKS header in the remote header and not in the encrypted device.	10 years ago
dmatetelki	d3ae804ac8	EGIT_REPO_URI+denes branch instead of compressed archive as source.	10 years ago
Denes Matetelki	f2fdbc1595	fixing typo	10 years ago
Denes Matetelki	b934f616c9	Adding back selinux to IUSE flags.	10 years ago
Denes Matetelki	6f0ab4f086	Initial ebuild version with dependencies to staticgpg and zfs.	10 years ago
Denes Matetelki	0bd3587494	LUKS uses remote header, which is currently hard-coded as /header.img	10 years ago
Denes Matetelki	80d3241329	Including and using sakaki's staticgpgp instead of gnugpg.	10 years ago
Denes Matetelki	fe8a1a3933	Fixing LUKS - volumes order.	10 years ago