V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 59s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 59s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -85,29 +85,39 @@ EOF
|
||||
|
||||
if [[ "${VAR_DROPBEAR}" == "true" ]]; then
|
||||
|
||||
if [[ "${var_key}" == "/" ]]; then
|
||||
case "${var_key,,}" in
|
||||
|
||||
mkdir -p "${TARGET}/etc/initramfs-tools/files"
|
||||
mkdir -p "${TARGET}/usr/lib/cryptsetup/scripts"
|
||||
"/")
|
||||
mkdir -p "${TARGET}/etc/initramfs-tools/files"
|
||||
mkdir -p "${TARGET}/usr/lib/cryptsetup/scripts"
|
||||
|
||||
### Install the script to be called inside initramfs environment for unlocking LUKS and NUKE Devices.
|
||||
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
|
||||
"${TARGET}/etc/initramfs-tools/files/"
|
||||
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
|
||||
"${TARGET}/lib/cryptsetup/scripts/"
|
||||
### Install the script to be called inside initramfs environment for unlocking LUKS and NUKE Devices.
|
||||
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
|
||||
"${TARGET}/etc/initramfs-tools/files/"
|
||||
install -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper.sh" \
|
||||
"${TARGET}/lib/cryptsetup/scripts/"
|
||||
|
||||
#write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
|
||||
#write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
|
||||
printf "### Early-unlocked (initramfs) - single passphrase via decrypt_keyctl\n" >> "${TARGET}/etc/crypttab"
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
|
||||
;;
|
||||
|
||||
elif [[ "${var_key}" == "/usr" ]]; then
|
||||
"/usr")
|
||||
printf "### Early-unlocked (initramfs) - single passphrase via decrypt_keyctl\n" >> "${TARGET}/etc/crypttab"
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
|
||||
;;
|
||||
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
|
||||
"/boot")
|
||||
printf "### LUKS encrypted '/boot' – different passphrase, not in initramfs\n" >> "${TARGET}/etc/crypttab"
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard"
|
||||
;;
|
||||
|
||||
else
|
||||
*)
|
||||
printf "### Late-unlocked (userspace) – no initramfs, independent prompts / tokens\n" >> "${TARGET}/etc/crypttab"
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard"
|
||||
;;
|
||||
|
||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=decrypt_keyctl,tries=1"
|
||||
|
||||
fi
|
||||
esac
|
||||
|
||||
else
|
||||
|
||||
|
||||
Reference in New Issue
Block a user