blob: 752474a9c01c5e6bc92fadbd34b0799f8069fee9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
#!/bin/sh
set -e
PREREQ="cryptroot"
prereqs()
{
echo "$PREREQ"
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
. /lib/cryptsetup/functions
if [ ! -x "$DESTDIR/lib/cryptsetup/scripts/decrypt_gnupg-sc" ] || [ ! -f "$TABFILE" ]; then
exit 0
fi
# Hooks for loading gnupg software and encrypted key into the initramfs
copy_keys() {
crypttab_parse_options
if [ "${CRYPTTAB_OPTION_keyscript-}" = "/lib/cryptsetup/scripts/decrypt_gnupg-sc" ]; then
if [ -f "$CRYPTTAB_KEY" ]; then
[ -f "$DESTDIR$CRYPTTAB_KEY" ] || copy_file keyfile "$CRYPTTAB_KEY" || RV=$?
else
cryptsetup_message "ERROR: Target $CRYPTTAB_NAME has a non-existing key file $CRYPTTAB_KEY"
RV=1
fi
fi
}
RV=0
crypttab_foreach_entry copy_keys
PUBRING="/etc/cryptsetup-initramfs/pubring.gpg"
if [ ! -f "$PUBRING" ]; then
cryptsetup_message "WARNING: $PUBRING: No such file"
else
[ -d "$DESTDIR/cryptroot/gnupghome" ] || mkdir -pm0700 "$DESTDIR/cryptroot/gnupghome"
# let gpg(1) create the keyring on the fly; we're not relying on its
# internals since it's the very same binary we're copying to the
# initramfs
/usr/bin/gpg --no-options --no-autostart --trust-model=always \
--quiet --batch --no-tty --logger-file=/dev/null \
--homedir="$DESTDIR/cryptroot/gnupghome" --import <"$PUBRING"
# make sure not to clutter the initramfs with backup keyrings
find "$DESTDIR/cryptroot" -name "*~" -type f -delete
fi
copy_exec /usr/bin/gpg
copy_exec /usr/bin/gpg-agent
copy_exec /usr/lib/gnupg/scdaemon
copy_exec /usr/bin/gpgconf
copy_exec /usr/bin/gpg-connect-agent
if [ ! -x "$DESTDIR/usr/bin/pinentry" ]; then
if [ -x "/usr/bin/pinentry-curses" ]; then
pinentry="/usr/bin/pinentry-curses"
elif [ -x "/usr/bin/pinentry-tty" ]; then
pinentry="/usr/bin/pinentry-tty"
else
cryptsetup_message "ERROR: missing required binary pinentry-curses or pinentry-tty"
RV=1
fi
copy_exec "$pinentry"
ln -s "$pinentry" "$DESTDIR/usr/bin/pinentry"
fi
[ -f "$DESTDIR/lib/terminfo/l/linux" ] || copy_file terminfo /lib/terminfo/l/linux || RV=$?
exit $RV
|