V8.13.440.2025.11.19
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m2s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m2s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -37,7 +37,7 @@ install -d -m 0755 "${DESTDIR}/usr/sbin"
|
||||
|
||||
|
||||
### Include binaries -----------------------------------------------------------------------------------------------------------
|
||||
for bin in bash blkid busybox dmsetup gpgv losetup lsblk mkpasswd mountpoint sha384sum sha512sum sort timeout tree udevadm whois; do
|
||||
for bin in bash blkid busybox dd dmsetup gpgv losetup lsblk mkpasswd mountpoint sha384sum sha512sum sort stty timeout tr tree udevadm whois; do
|
||||
|
||||
path="$(command -v "${bin}" 2>/dev/null || true)"
|
||||
|
||||
|
||||
@@ -43,7 +43,6 @@ export CDLB_LUKS_FS="/live/ciss_rootfs.crypt"
|
||||
export CDLB_MAPPER_NAME="crypt_liveiso"
|
||||
export CDLB_MAPPER_DEV="/dev/mapper/${CDLB_MAPPER_NAME}"
|
||||
CDLB_REMOTE_WAIT_SECS="${CDLB_REMOTE_WAIT_SECS:-3600}"
|
||||
CDLB_MAX_TRIES="${CDLB_MAX_TRIES:-3}"
|
||||
MNT_MEDIUM="/run/live/medium"
|
||||
MNT_ROOTFS="/run/live/rootfs"
|
||||
_PARAMETER=""
|
||||
@@ -127,12 +126,16 @@ printf "\e[92m[INFO] CISS LUKS FS : [%s%s] \n\e[0m" "${MNT_MEDIUM}" "${CDLB_LU
|
||||
|
||||
### Attach a loop device read-only to the encrypted file. ----------------------------------------------------------------------
|
||||
LOOP="$(losetup -f --show -r "${MNT_MEDIUM}${CDLB_LUKS_FS}")" || { log "losetup failed"; exit 42; }
|
||||
|
||||
printf "\e[92m[INFO] Loop device : [%s] \n\e[0m" "${LOOP}"
|
||||
|
||||
### Expose the loop device for unlock-wrapper.sh, dropbear forced-command. -----------------------------------------------------
|
||||
mkdir -p /run 2>/dev/null || true
|
||||
|
||||
echo "${LOOP}" > /run/ciss-loopdev 2>/dev/null || true
|
||||
|
||||
chmod 0600 /run/ciss-loopdev 2>/dev/null || true
|
||||
|
||||
printf "\e[92m[INFO] Exposed LOOP : [/run/ciss-loopdev] -> [%s]\n\e[0m" "${LOOP}"
|
||||
|
||||
### Prepare fifo for passphrase. -----------------------------------------------------------------------------------------------
|
||||
@@ -153,20 +156,12 @@ fi
|
||||
|
||||
chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true
|
||||
|
||||
### Background cryptsetup-process, reading from fifo. --------------------------------------------------------------------------
|
||||
### Background broker: read FIFO, try cryptsetup per line. ---------------------------------------------------------------------
|
||||
(
|
||||
set +e
|
||||
cryptsetup open \
|
||||
--type luks \
|
||||
--readonly \
|
||||
"${LOOP}" "${CDLB_MAPPER_NAME}" \
|
||||
--key-file - < /lib/cryptsetup/passfifo 2>/dev/console
|
||||
) &
|
||||
PID_CRYPT="$!"
|
||||
|
||||
### Background console-prompt for passphrase reading into fifo. ----------------------------------------------------------------
|
||||
(
|
||||
set +e
|
||||
PASS=""
|
||||
|
||||
while :; do
|
||||
|
||||
if [ -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
@@ -175,26 +170,61 @@ PID_CRYPT="$!"
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[93m[INFO] Enter LUKS passphrase on: \n\e[0m" >/dev/console 2>/dev/null || break
|
||||
if ! IFS= read -r PASS < /lib/cryptsetup/passfifo; then
|
||||
|
||||
if IFS= read -r PASS </dev/console 2>/dev/null; then
|
||||
sleep 1
|
||||
continue
|
||||
|
||||
fi
|
||||
|
||||
[ -n "${PASS}" ] || continue
|
||||
|
||||
printf '%s\n' "${PASS}" > /lib/cryptsetup/passfifo 2>/dev/null || :
|
||||
printf "\e[93m[INFO] Trying to unlock via cryptsetup ...\n\e[0m" >/dev/console 2>/dev/null || true
|
||||
|
||||
else
|
||||
printf '%s\n' "${PASS}" | cryptsetup open --type luks--readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console
|
||||
|
||||
### No readable '/dev/console': break immediately
|
||||
if [ -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
|
||||
printf "\e[92m[INFO] LUKS mapper [%s] successfully opened.\n\e[0m" "${CDLB_MAPPER_DEV}" >/dev/console 2>/dev/null || true
|
||||
break
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
) &
|
||||
PID_BROKER="$!"
|
||||
|
||||
### Background process console-prompt feed passphrases into FIFO. --------------------------------------------------------------
|
||||
(
|
||||
set +e
|
||||
|
||||
PASS=""
|
||||
|
||||
while :; do
|
||||
|
||||
if [ -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
|
||||
break
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[93m[INFO] Enter LUKS passphrase on console: \n\e[0m" >/dev/console 2>/dev/null || break
|
||||
|
||||
if ! IFS= read -r PASS </dev/console 2>/dev/null; then
|
||||
|
||||
break
|
||||
|
||||
fi
|
||||
|
||||
[ -n "${PASS}" ] || continue
|
||||
|
||||
printf '%s\n' "${PASS}" >| /lib/cryptsetup/passfifo 2>/dev/null || :
|
||||
|
||||
done
|
||||
) &
|
||||
PID_PROMPT="$!"
|
||||
|
||||
### Main process: waiting for mapping to appear. -------------------------------------------------------------------------------
|
||||
### Main process: wait bounded time for mapper to appear. ----------------------------------------------------------------------
|
||||
REMAINING="${CDLB_REMOTE_WAIT_SECS}"
|
||||
|
||||
if [ ! -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
@@ -221,14 +251,14 @@ if [ ! -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
|
||||
printf "\e[91m[WARN] Timeout: mapper [%s] not present after %s seconds. \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_REMOTE_WAIT_SECS}"
|
||||
kill "${PID_PROMPT}" 2>/dev/null || true
|
||||
kill "${PID_CRYPT}" 2>/dev/null || true
|
||||
kill "${PID_BROKER}" 2>/dev/null || true
|
||||
rm -f /lib/cryptsetup/passfifo 2>/dev/null || true
|
||||
exit 42
|
||||
|
||||
fi
|
||||
|
||||
kill "${PID_PROMPT}" 2>/dev/null || true
|
||||
wait "${PID_CRYPT}" 2>/dev/null || true
|
||||
wait "${PID_BROKER}" 2>/dev/null || true
|
||||
rm -f /lib/cryptsetup/passfifo 2>/dev/null || true
|
||||
|
||||
printf "\e[92m[INFO] LUKS mapper : [%s] is now present.\n\e[0m" "${CDLB_MAPPER_DEV}"
|
||||
|
||||
Reference in New Issue
Block a user