87 lines
2.4 KiB
Bash
87 lines
2.4 KiB
Bash
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
PREREQ="cryptroot"
|
|
|
|
prereqs()
|
|
{
|
|
echo "$PREREQ"
|
|
}
|
|
|
|
case "$1" in
|
|
prereqs)
|
|
prereqs
|
|
exit 0
|
|
;;
|
|
esac
|
|
|
|
. /usr/share/initramfs-tools/hook-functions
|
|
. /lib/cryptsetup/functions
|
|
|
|
if [ ! -x "$DESTDIR/lib/cryptsetup/scripts/decrypt_gnupg-sc" ] || [ ! -f "$TABFILE" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Hooks for loading gnupg software and encrypted key into the initramfs
|
|
copy_keys() {
|
|
crypttab_parse_options
|
|
if [ "${CRYPTTAB_OPTION_keyscript-}" = "/lib/cryptsetup/scripts/decrypt_gnupg-sc" ]; then
|
|
if [ -f "$CRYPTTAB_KEY" ]; then
|
|
[ -f "$DESTDIR$CRYPTTAB_KEY" ] || copy_file keyfile "$CRYPTTAB_KEY" || RV=$?
|
|
else
|
|
cryptsetup_message "ERROR: Target $CRYPTTAB_NAME has a non-existing key file $CRYPTTAB_KEY"
|
|
RV=1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
RV=0
|
|
crypttab_foreach_entry copy_keys
|
|
|
|
PUBRING="/etc/cryptsetup-initramfs/pubring.gpg"
|
|
if [ ! -f "$PUBRING" ]; then
|
|
cryptsetup_message "WARNING: $PUBRING: No such file"
|
|
else
|
|
[ -d "$DESTDIR/cryptroot/gnupghome" ] || mkdir -pm0700 "$DESTDIR/cryptroot/gnupghome"
|
|
# let gpg(1) create the keyring on the fly; we're not relying on its
|
|
# internals since it's the very same binary we're copying to the
|
|
# initramfs
|
|
/usr/bin/gpg --no-options --no-autostart --trust-model=always \
|
|
--quiet --batch --no-tty --logger-file=/dev/null \
|
|
--homedir="$DESTDIR/cryptroot/gnupghome" --import <"$PUBRING"
|
|
# make sure not to clutter the initramfs with backup keyrings
|
|
find "$DESTDIR/cryptroot" -name "*~" -type f -delete
|
|
fi
|
|
|
|
copy_exec /usr/bin/gpg
|
|
copy_exec /usr/bin/gpg-agent
|
|
copy_exec /usr/lib/gnupg/scdaemon
|
|
copy_exec /usr/bin/gpgconf
|
|
copy_exec /usr/bin/gpg-connect-agent
|
|
|
|
if [ ! -x "$DESTDIR/usr/bin/pinentry" ]; then
|
|
if [ -x "/usr/bin/pinentry-curses" ]; then
|
|
pinentry="/usr/bin/pinentry-curses"
|
|
elif [ -x "/usr/bin/pinentry-tty" ]; then
|
|
pinentry="/usr/bin/pinentry-tty"
|
|
else
|
|
cryptsetup_message "ERROR: missing required binary pinentry-curses or pinentry-tty"
|
|
RV=1
|
|
fi
|
|
copy_exec "$pinentry"
|
|
ln -s "$pinentry" "$DESTDIR/usr/bin/pinentry"
|
|
fi
|
|
|
|
# #1028202: ncurses-base: move terminfo files from /lib/terminfo to
|
|
# /usr/share/terminfo
|
|
for d in "/usr/share/terminfo" "/lib/terminfo"; do
|
|
if [ -f "$d/l/linux" ]; then
|
|
if [ ! -f "$DESTDIR$d/l/linux" ]; then
|
|
copy_file terminfo "$d/l/linux" || RV=$?
|
|
fi
|
|
break
|
|
fi
|
|
done
|
|
|
|
exit $RV
|