File: initramfs-tools-hook

package info (click to toggle)
loop-aes-utils 2.12r-15%2Betch1
links: PTS
area: main
in suites: etch
size: 8,876 kB
ctags: 5,077
sloc: ansic: 46,163; sh: 11,326; makefile: 886; perl: 86; csh: 62; sed: 55
file content (170 lines) | stat: -rw-r--r-- 3,350 bytes
parent folder | download | duplicates (2)
#!/bin/sh

set -e

PREREQ=""

prereqs()
{
	echo "$PREREQ"
}

case $1 in
prereqs)
	prereqs
	exit 0
	;;
esac

#Check whether loop-aes support is forced on or off
case "${INITRAMFS_LOOPAES}" in
    0|no|off)
	exit 0
	;;
    1|yes|on)
	FORCE_LOOPAES=1
	;;
    auto|)
	;;
    *)
	echo "WARNING! (loop-aes) ignoring invalid INITRAMFS_LOOPAES value ${INITRAMFS_LOOPAES}" 1>&2
esac

. /usr/share/initramfs-tools/hook-functions

exit_unless_forced() {
    if [ -z "${FORCE_LOOPAES}" ]; then
	exit $1
    fi
}

get_root_device() {
    [ -r /etc/fstab ] || return

    grep '^[^#]' /etc/fstab | ( \
	while read dev mount type options dump pass; do
	    if [ "$mount" = "/" ]; then
		echo "rootdev=\"${dev}\" rootoptions=\"${options}\""
		return
	    fi
	done )
}

decode_cipher() {
    local cipher

    case "$1" in
	twofish*)
	    echo twofish
	    ;;
	blowfish*)
	    echo blowfish
	    ;;
	serpent*)
	    echo serpent
	    ;;
	mars*|rc6*|tripleDES)
	    echo "WARNING| (loop-aes) Don't know how to handle encryption type $1" 1>&2
	    ;;
	NONE|XOR|AES*)
	    ;;
	*)
	    echo "WARNING| (loop-aes) Unknown encryption type $1" 1>&2
	    ;;
    esac
}

iterate_cipher_module() {
    local cipher
    local IFS=":"
    for cipher in $2; do
	$1 "loop_${cipher}"
    done
}

get_root_opts() {
    local opt cipher
    local IFS=", "
    for opt in $rootoptions; do
	case "$opt" in
	    encryption=*)
		cipher="$(decode_cipher \"${opt#encryption=}\")"
		if [ -n "$cipher" ]; then
		    rootencryption="${rootencryption}${rootencryption:+:}${cipher}"
		fi
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    offset=*)
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    sizelimit=*)
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    pseed=*)
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    phash=*)
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    loinit=*)
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    itercountk=*)
		loopaes_opts="${loopaes_opts},${opt}"
		;;
	    gpgkey=*)
		rootgpgkey=${opt#gpgkey=}
		;;
	    gpghome=*)
		rootgpghome=${opt#gpghome=}
		;;
	    loop=*)
		rootloop=${opt#loop=}
		;;
	    *)
		# Presumably a non-supported or filesystem option
		;;
	esac
    done
}

# Find out which device root is on
eval $(get_root_device)
[ -z "${rootdev}" ] && exit_unless_forced 0
# We now have set: rootdev rootoptions

get_root_opts
[ -z "${rootloop}" ] && exit_unless_forced 0
loopaes_opts="${loopaes_opts},loop=${rootloop}"

# Prepare the initramfs
if [ -n "${rootgpgkey}" ]; then
    mkdir ${DESTDIR}/keys/
    cp "${rootgpgkey}" ${DESTDIR}/keys/rootkeyfile.gpg
    copy_exec /usr/bin/gpg /bin/
    loopaes_opts="${loopaes_opts},gpgkey=/keys/rootkeyfile.gpg"
fi

if [ -n "${rootgpghome}" ]; then
    cp -R "${rootgpghome}" ${DESTDIR}/.gnupg
else
    mkdir ${DESTDIR}/.gnupg/
fi
loopaes_opts="${loopaes_opts},gpghome=/.gnupg"

echo "LOOPAESOPTS=\"$loopaes_opts\"" > ${DESTDIR}/conf/conf.d/loopaes
copy_exec /sbin/losetup /sbin/
# Allow the correct keymap to be loaded if possible
if [ -e /bin/loadkeys -a -r /etc/console/boottime.kmap.gz ]; then
	copy_exec /bin/loadkeys /bin/
	cp /etc/console/boottime.kmap.gz $DESTDIR/etc/
fi
manual_add_modules loop
if [ -z "${FORCE_LOOPAES}" ]; then
    iterate_cipher_module "manual_add_modules" "$rootencryption"
else
    iterate_cipher_module "manual_add_modules" "serpent:blowfish:twofish"
fi

# Done
exit 0