1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
TMPDIR="$AUTOPKGTEST_TMP"
# wrappers
luks1Format() {
cryptsetup luksFormat --batch-mode --type=luks1 \
--pbkdf-force-iterations=1000 \
"$@"
}
luks2Format() {
cryptsetup luksFormat --batch-mode --type=luks2 \
--pbkdf=argon2id --pbkdf-force-iterations=4 --pbkdf-memory=32 \
"$@"
}
diff() { command diff --color=auto --text "$@"; }
# create disk image
CRYPT_IMG="$TMPDIR/disk.img"
CRYPT_DEV=""
install -m0600 /dev/null "$TMPDIR/keyfile"
disk_setup() {
local lo
for lo in $(losetup -j "$CRYPT_IMG" | cut -sd: -f1); do
losetup -d "$lo"
done
dd if="/dev/zero" of="$CRYPT_IMG" bs=1M count=64
CRYPT_DEV="$(losetup --find --show -- "$CRYPT_IMG")"
}
# custom initramfs-tools configuration (to speed things up -- we use
# COMPRESS=zstd since it's reasonably fast and COMPRESS=none is not
# supported)
mkdir "$TMPDIR/initramfs-tools"
mkdir "$TMPDIR/initramfs-tools/conf.d" \
"$TMPDIR/initramfs-tools/scripts" \
"$TMPDIR/initramfs-tools/hooks"
cat >"$TMPDIR/initramfs-tools/initramfs.conf" <<-EOF
COMPRESS=zstd
MODULES=list
RESUME=none
UMASK=0077
EOF
INITRD_IMG="$TMPDIR/initrd.img"
UNMKINITRAMFS_DESTDIR="$TMPDIR/initrd"
unset INITRD_DIR
cleanup_initrd_dir() {
local d
if [ -n "${INITRD_DIR+x}" ] && [ -d "$INITRD_DIR" ]; then
for d in dev proc sys; do
mountpoint -q "$INITRD_DIR/$d" && umount "$INITRD_DIR/$d" || true
done
rm -rf --one-file-system -- "$INITRD_DIR"
fi
rm -rf --one-file-system -- "$UNMKINITRAMFS_DESTDIR"
unset INITRD_DIR
}
trap cleanup_initrd_dir EXIT INT TERM
mkinitramfs() {
local d p
command mkinitramfs -d "$TMPDIR/initramfs-tools" -o "$INITRD_IMG"
# `mkinitramfs -k` would be better but we can't set $DESTDIR in advance
cleanup_initrd_dir
command unmkinitramfs "$INITRD_IMG" "$UNMKINITRAMFS_DESTDIR"
if [ -f "$UNMKINITRAMFS_DESTDIR/sbin/cryptsetup" ]; then
INITRD_DIR="$UNMKINITRAMFS_DESTDIR"
else
for p in "$UNMKINITRAMFS_DESTDIR"/*/sbin/cryptsetup; do
if [ -f "$p" ] && [ -d "${p%"/sbin/cryptsetup"}/usr" ]; then
INITRD_DIR="${p%"/sbin/cryptsetup"}"
fi
done
fi
for d in dev proc sys; do
mkdir -p "$INITRD_DIR/$d"
mount --bind "/$d" "$INITRD_DIR/$d"
done
}
check_initrd_crypttab() {
local rv=0 err="${1+": $1"}"
diff --label=a/cryptroot/crypttab --label=b/cryptroot/crypttab \
--unified --ignore-space-change \
-- - "$INITRD_DIR/cryptroot/crypttab" || rv=$?
if [ $rv -ne 0 ]; then
printf "ERROR$err in file %s line %d\\n" "${BASH_SOURCE[0]}" ${BASH_LINENO[0]} >&2
exit 1
fi
}
# vim: set filetype=sh :
|
