V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m37s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m37s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -27,7 +27,7 @@ guard_sourcing
|
|||||||
#######################################
|
#######################################
|
||||||
write_fstab() {
|
write_fstab() {
|
||||||
declare _uuid="$1" _path="$2" _fs="$3" _opts="$4" _pass="$5"
|
declare _uuid="$1" _path="$2" _fs="$3" _opts="$4" _pass="$5"
|
||||||
printf "UUID=%s %s %s %s 0 %s\n" "${_uuid}" "${_path}" "${_fs}" "${_opts}" "${_pass}" >> "${TARGET}/etc/fstab"
|
printf "UUID=%s %s %s %s 0 %s\n" "${_uuid}" "${_path}" "${_fs}" "${_opts}" "${_pass}" >> "${TARGET}/etc/fstab"
|
||||||
do_log "info" "true" "fstab entry generated: 'UUID=${_uuid} ${_path} ${_fs} ${_opts} 0 ${_pass}'."
|
do_log "info" "true" "fstab entry generated: 'UUID=${_uuid} ${_path} ${_fs} ${_opts} 0 ${_pass}'."
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ guard_sourcing
|
|||||||
#######################################
|
#######################################
|
||||||
write_crypttab() {
|
write_crypttab() {
|
||||||
declare _label="$1" _device="$2" _key_file="$3" _opts="$4"
|
declare _label="$1" _device="$2" _key_file="$3" _opts="$4"
|
||||||
printf "%s %s %s %s \n" "${_label}" "${_device}" "${_key_file}" "${_opts}" >> "${TARGET}/etc/crypttab"
|
printf "%s %s %s %s\n" "${_label}" "${_device}" "${_key_file}" "${_opts}" >> "${TARGET}/etc/crypttab"
|
||||||
do_log "info" "true" "crypttab entry generated: '${_label} ${_device} ${_key_file} ${_opts}'."
|
do_log "info" "true" "crypttab entry generated: '${_label} ${_device} ${_key_file} ${_opts}'."
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@@ -46,7 +46,7 @@ write_crypttab() {
|
|||||||
# 0: Successfully executed commands.
|
# 0: Successfully executed commands.
|
||||||
#######################################
|
#######################################
|
||||||
generate_crypttab() {
|
generate_crypttab() {
|
||||||
declare var_key var_encryption_label var_luks_uuid var_ephemeral_enclabel var_ephemeral_fs_label
|
declare var_key var_encryption_label var_luks_uuid
|
||||||
|
|
||||||
### Generate '${TARGET}/etc/crypttab' header.
|
### Generate '${TARGET}/etc/crypttab' header.
|
||||||
: >| "${TARGET}/etc/crypttab"
|
: >| "${TARGET}/etc/crypttab"
|
||||||
@@ -70,7 +70,9 @@ generate_crypttab() {
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
### Generate '${TARGET}/etc/crypttab' entries.
|
### Generate '${TARGET}/etc/crypttab' entries.
|
||||||
for var_key in "${HMP_PATH_LUKSUUID[@]}"; do
|
declare var_ephemeral_enclabel var_ephemeral_fs_label
|
||||||
|
|
||||||
|
for var_key in "${!HMP_PATH_LUKSUUID[@]}"; do
|
||||||
|
|
||||||
var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}"
|
var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}"
|
||||||
var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}"
|
var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}"
|
||||||
@@ -78,19 +80,17 @@ EOF
|
|||||||
if [[ "${accounts_dropbear_unlock,,}" == "true" ]]; then
|
if [[ "${accounts_dropbear_unlock,,}" == "true" ]]; then
|
||||||
|
|
||||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
|
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
|
||||||
contine
|
|
||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard"
|
write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard"
|
||||||
contine
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
### Generate '${TARGET}/etc/crypttab' ephemeral entries.
|
### Generate '${TARGET}/etc/crypttab' ephemeral entries.
|
||||||
for var_key in "${HMP_EPHEMERAL_ENCLABEL[@]}"; do
|
for var_key in "${!HMP_EPHEMERAL_ENCLABEL[@]}"; do
|
||||||
|
|
||||||
var_ephemeral_enclabel="${HMP_EPHEMERAL_ENCLABEL["${var_key}"]}"
|
var_ephemeral_enclabel="${HMP_EPHEMERAL_ENCLABEL["${var_key}"]}"
|
||||||
var_ephemeral_fs_label="${HMP_EPHEMERAL_FS_LABEL["${var_key}"]}"
|
var_ephemeral_fs_label="${HMP_EPHEMERAL_FS_LABEL["${var_key}"]}"
|
||||||
@@ -104,6 +104,9 @@ EOF
|
|||||||
write_crypttab "${var_ephemeral_enclabel}" "LABEL=${var_ephemeral_fs_label}" "/dev/random" "offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,tmp=ext4"
|
write_crypttab "${var_ephemeral_enclabel}" "LABEL=${var_ephemeral_fs_label}" "/dev/random" "offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,tmp=ext4"
|
||||||
continue
|
continue
|
||||||
;;
|
;;
|
||||||
|
*)
|
||||||
|
do_log "error" "false" "Only 'SWAP' and '/tmp' are valid Partitions for Ephemeral Encryption. Given value was: '${var_key}'."
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|||||||
Reference in New Issue
Block a user