From eabf55a54553641b1d67a3729a34ad82dd2f0ca4f453cd0f878d7d6787f00090 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Fri, 21 Nov 2025 14:26:55 +0000 Subject: [PATCH] V8.13.440.2025.11.19 Signed-off-by: Marc S. Weidner --- .../usr/lib/live/boot/0024-ciss-crypt-squash | 60 ++++++++++++++++++- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash index 4035c53..b061bc5 100644 --- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash +++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash @@ -14,13 +14,67 @@ # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu -# Purpose: Open /live/ciss_rootfs.crypt (LUKS) and present its SquashFS as /run/live/rootfs +# Purpose: Open /live/ciss_rootfs.crypt (LUKS) for final processing in '9990-overlay.sh' # Phase : premount (executed by live-boot inside the initramfs) set -eu printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0024-ciss-crypt-squash] ... \n\e[0m" +####################################### +# Ask for a passphrase on /dev/console, mask input with '*'. +# Globals: +# None +# Arguments: +# None +# Returns: +# 0: on success +# 1: on failure / empty +####################################### +ask_pass_console() { + PASSPHRASE="" + SAVED_STTY="" + + if command -v stty >/dev/null 2>&1; then + + SAVED_STTY="$(stty -g /dev/null || printf '')" + stty -echo /dev/console 2>/dev/null || SAVED_STTY="" + + fi + + printf "\e[93m[INFO] Enter LUKS passphrase: \n\e[0m" >/dev/console 2>/dev/null || return 1 + + while :; do + + C="$(dd if=/dev/console bs=1 count=1 2>/dev/null | tr -d '\r\n')" + + [ -z "${C}" ] && break + + PASSPHRASE="${PASSPHRASE}${C}" + + printf "*" >/dev/console 2>/dev/null || : + + done + + if [ -n "${SAVED_STTY}" ]; then + + stty "${SAVED_STTY}" /dev/console 2>/dev/null || : + + else + + stty echo /dev/console 2>/dev/null || : + + fi + + printf "\n" >/dev/console 2>/dev/null || : + + [ -n "${PASSPHRASE}" ] || return 1 + + printf '%s\n' "${PASSPHRASE}" + + return 0 +} + ####################################### # Premount logging helper. # Globals: @@ -181,7 +235,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true printf "\e[93m[INFO] Trying to unlock via cryptsetup ...\n\e[0m" >/dev/console 2>/dev/null || true - printf '%s\n' "${PASS}" | cryptsetup open --type luks--readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console + printf '%s\n' "${PASS}" | cryptsetup open --type luks --readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console if [ -b "${CDLB_MAPPER_DEV}" ]; then @@ -224,7 +278,7 @@ PID_BROKER="$!" ) & PID_PROMPT="$!" -### Main process: wait bounded time for mapper to appear. ---------------------------------------------------------------------- +### Main process: wait bounded time for the mapper to appear. ------------------------------------------------------------------ REMAINING="${CDLB_REMOTE_WAIT_SECS}" if [ ! -b "${CDLB_MAPPER_DEV}" ]; then