diff options
Diffstat (limited to 'debian/cryptsetup-nuke-password.postinst')
| -rw-r--r-- | debian/cryptsetup-nuke-password.postinst | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/debian/cryptsetup-nuke-password.postinst b/debian/cryptsetup-nuke-password.postinst new file mode 100644 index 0000000..cc083bc --- /dev/null +++ b/debian/cryptsetup-nuke-password.postinst @@ -0,0 +1,87 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +password_hash_path="/etc/cryptsetup-nuke-password/password_hash" + +get_nuke_password() { + db_get cryptsetup-nuke-password/password || true + local NUKE_PASS="$RET" + db_get cryptsetup-nuke-password/password-again || true + local NUKE_PASS_CONFIRMATION="$RET" + + if [ "$NUKE_PASS" != "$NUKE_PASS_CONFIRMATION" ]; then + return + fi + + echo -n "$NUKE_PASS" +} + +log() { + if [ -n "$DEBCONF_RECONFIGURE" ]; then + echo "$1" + fi +} + +store_password_hash() { + local password=$(get_nuke_password) + + if [ -z "$password" ]; then + if [ -e "$password_hash_path" ]; then + log "INFO: Keeping current nuke password." + else + log "INFO: No nuke password found in debconf's database, nothing to configure." + log "INFO: Try 'dpkg-reconfigure cryptsetup-nuke-password' to set a nuke password." + fi + return + fi + + echo "INFO: Storing the nuke password's crypted hash in $password_hash_path" + mkdir -p $(dirname $password_hash_path) + :> $password_hash_path + chmod 600 $password_hash_path + echo "$password" | /usr/lib/cryptsetup-nuke-password/crypt --generate >$password_hash_path + + # Drop the password from the debconf database for extra safety + db_reset cryptsetup-nuke-password/password || true + db_reset cryptsetup-nuke-password/password-again || true +} + +configure_nuke_password() { + db_get cryptsetup-nuke-password/already-configured || true + what="$RET" + + case "$what" in + keep) + # Nothing to do, move on + if [ -e "$password_hash_path" ]; then + log "INFO: Keeping current nuke password." + fi + ;; + remove) + if [ -e "$password_hash_path" ]; then + echo "INFO: Removing current nuke password." + rm -f "$password_hash_path" + fi + ;; + overwrite) + store_password_hash + ;; + *) + echo "WARNING: unexpected value in debconf's cryptsetup-nuke-password/already-configured: '$what'" >&2 + ;; + esac + + # Reset to default value for next time we reconfigure + db_reset cryptsetup-nuke-password/already-configured || true +} + +case "$1" in + configure) + configure_nuke_password + ;; +esac + +#DEBHELPER# |