V8.13.440.2025.11.19
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m37s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m37s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -43,8 +43,6 @@ ask_pass_console() {
|
||||
### Non-canonical mode, no echo, 1 byte at a time.
|
||||
stty -echo -icanon time 0 min 1 </dev/console 2>/dev/null || return 1
|
||||
|
||||
printf '\e[93m[INFO] Enter LUKS passphrase: \n\e[0m' > /dev/console
|
||||
|
||||
cr=$(printf '\r')
|
||||
bs=$(printf '\b')
|
||||
del=$(printf '\177')
|
||||
@@ -67,13 +65,13 @@ ask_pass_console() {
|
||||
case "${c}" in
|
||||
|
||||
"${cr}")
|
||||
### Enter: finish input.
|
||||
### Enter: finish input.
|
||||
printf '\n' > /dev/console
|
||||
break
|
||||
;;
|
||||
|
||||
"${bs}"|"${del}")
|
||||
### Backspace, delete: delete one character, if available.
|
||||
### Backspace, delete: delete one character, if available.
|
||||
if [ -n "${PASSPHRASE}" ]; then
|
||||
|
||||
PASSPHRASE=${PASSPHRASE%?}
|
||||
@@ -83,7 +81,7 @@ ask_pass_console() {
|
||||
;;
|
||||
|
||||
*)
|
||||
### Normal character: append and mask output.
|
||||
### Normal character: append and mask output.
|
||||
PASSPHRASE="${PASSPHRASE}${c}"
|
||||
printf '*' > /dev/console
|
||||
;;
|
||||
@@ -120,6 +118,7 @@ export CDLB_ISO_LABEL="CISS.debian.live"
|
||||
export CDLB_LUKS_FS="/live/ciss_rootfs.crypt"
|
||||
export CDLB_MAPPER_NAME="crypt_liveiso"
|
||||
export CDLB_MAPPER_DEV="/dev/mapper/${CDLB_MAPPER_NAME}"
|
||||
export CDLB_LUKS_ROOTFS_MNT="/run/live/ciss-rootfs"
|
||||
CDLB_REMOTE_WAIT_SECS="${CDLB_REMOTE_WAIT_SECS:-3600}"
|
||||
MNT_MEDIUM="/run/live/medium"
|
||||
MNT_ROOTFS="/run/live/rootfs"
|
||||
@@ -282,6 +281,8 @@ PID_BROKER="$!"
|
||||
set +e
|
||||
|
||||
PASS=""
|
||||
PASS_SENT=0
|
||||
WAIT_LOOP=0
|
||||
|
||||
while :; do
|
||||
|
||||
@@ -291,12 +292,38 @@ PID_BROKER="$!"
|
||||
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2310
|
||||
PASS="$(ask_pass_console)" || continue
|
||||
if [ "${PASS_SENT}" -eq 0 ]; then
|
||||
|
||||
printf '%s\n' "${PASS}" >| /lib/cryptsetup/passfifo 2>/dev/null || :
|
||||
printf '\e[93m[INFO] Enter LUKS passphrase: \n\e[0m' > /dev/console
|
||||
|
||||
# shellcheck disable=SC2310
|
||||
PASS="$(ask_pass_console)" || continue
|
||||
|
||||
printf '%s\n' "${PASS}" >| /lib/cryptsetup/passfifo 2>/dev/null || :
|
||||
|
||||
PASS_SENT=1
|
||||
WAIT_LOOP=0
|
||||
|
||||
else
|
||||
|
||||
WAIT_LOOP=$((WAIT_LOOP + 1))
|
||||
|
||||
if [ "${WAIT_LOOP}" -ge 160 ]; then
|
||||
|
||||
printf '\e[91m[WARN] Please try again : \n\e[0m' > /dev/console
|
||||
|
||||
PASS_SENT=0
|
||||
WAIT_LOOP=0
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
sleep 0.1
|
||||
|
||||
done
|
||||
|
||||
return 0
|
||||
) &
|
||||
PID_PROMPT="$!"
|
||||
|
||||
@@ -337,14 +364,57 @@ kill "${PID_PROMPT}" 2>/dev/null || true
|
||||
wait "${PID_BROKER}" 2>/dev/null || true
|
||||
rm -f /lib/cryptsetup/passfifo 2>/dev/null || true
|
||||
|
||||
printf "\e[92m[INFO] LUKS mapper : [%s] is now present.\n\e[0m" "${CDLB_MAPPER_DEV}"
|
||||
printf "\e[92m[INFO] CISS LUKS decryption : [%s] is now present.\n\e[0m" "${CDLB_MAPPER_DEV}"
|
||||
|
||||
### Mount the decrypted root device to use as the PLAIN_ROOT artifact in '9990-main.sh'. ---------------------------------------
|
||||
if ! mount -t squashfs -o ro "${CDLB_MAPPER_DEV}" "${CDLB_LUKS_ROOTFS_MNT}"; then
|
||||
|
||||
log "Failed to mount SquashFS from [${CDLB_MAPPER_DEV}] on [${CDLB_LUKS_ROOTFS_MNT}]"
|
||||
printf "\e[91m[WARN] CISS LUKS decryption : SquashFS mount failed: [%s] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_LUKS_ROOTFS_MNT}"
|
||||
exit 42
|
||||
|
||||
else
|
||||
|
||||
printf "\e[92m[INFO] CISS LUKS decryption : Mounted SquashFS: [%s] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}" "${CDLB_LUKS_ROOTFS_MNT}"
|
||||
|
||||
fi
|
||||
|
||||
### Expose the decrypted root device for live-boot overlay. The live-boot components will pick this up in '9990-overlay.sh'. ---
|
||||
echo "${CDLB_MAPPER_DEV}" >| /run/ciss-rootdev
|
||||
cat << EOF >| /run/ciss-rootdev
|
||||
export CDLB_ISO_LABEL=${CDLB_ISO_LABEL}
|
||||
export CDLB_LUKS_FS=${CDLB_LUKS_FS}
|
||||
export CDLB_MAPPER_NAME=${CDLB_MAPPER_NAME}
|
||||
export CDLB_MAPPER_DEV=${CDLB_MAPPER_DEV}
|
||||
export CDLB_LUKS_ROOTFS_MNT=${CDLB_LUKS_ROOTFS_MNT}
|
||||
MNT_MEDIUM="/run/live/medium"
|
||||
MNT_ROOTFS="/run/live/rootfs"
|
||||
EOF
|
||||
|
||||
chmod 0644 /run/ciss-rootdev 2>/dev/null || true
|
||||
export CISS_ROOT_DEV="${CDLB_MAPPER_DEV}"
|
||||
export CISS_ROOT_DIR=""
|
||||
|
||||
# TODO: Remove Debug
|
||||
if [ -e /conf/param.conf ]; then
|
||||
printf "\e[92m[INFO] CISS LUKS decryption : Printing existing [/conf/param.conf] \n\e[0m"
|
||||
cat /conf/param.conf >/dev/console 2>&1 || :
|
||||
{
|
||||
printf '\n'
|
||||
printf 'PLAIN_ROOT=1\n'
|
||||
printf 'ROOT=%s\n' "${MNT_ROOTFS}"
|
||||
} >> /conf/param.conf 2>/dev/null || true
|
||||
else
|
||||
printf "\e[92m[INFO] CISS LUKS decryption : Not existing [/conf/param.conf] \n\e[0m"
|
||||
{
|
||||
printf '\n'
|
||||
printf 'PLAIN_ROOT=1\n'
|
||||
printf 'ROOT=%s\n' "${MNT_ROOTFS}"
|
||||
} >| /conf/param.conf 2>/dev/null || true
|
||||
fi
|
||||
|
||||
printf "\e[92m[INFO] CISS LUKS decryption : Final state [/conf/param.conf] \n\e[0m"
|
||||
cat /conf/param.conf >/dev/console 2>&1 || :
|
||||
|
||||
log "Decrypted root device exposed at [/run/ciss-rootdev] -> [${CDLB_MAPPER_DEV}]"
|
||||
printf "\e[92m[INFO] CISS LUKS decryption : Decrypted root device exposed at: [/run/ciss-rootdev] -> [%s] \n\e[0m" "${CDLB_MAPPER_DEV}"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user