msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-21 14:26:55 +00:00
parent d216f07adc
commit eabf55a545
1 changed files with 57 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash
View File

@@ -14,13 +14,67 @@
# SPDX-PackageName: CISS.debian.live.builder # SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu # SPDX-Security-Contact: security@coresecret.eu
# Purpose: Open /live/ciss_rootfs.crypt (LUKS) and present its SquashFS as /run/live/rootfs # Purpose: Open /live/ciss_rootfs.crypt (LUKS) for final processing in '9990-overlay.sh'
# Phase : premount (executed by live-boot inside the initramfs) # Phase : premount (executed by live-boot inside the initramfs)
set -eu set -eu
printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0024-ciss-crypt-squash] ... \n\e[0m" printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0024-ciss-crypt-squash] ... \n\e[0m"
#######################################
# Ask for a passphrase on /dev/console, mask input with '*'.
# Globals:
# None
# Arguments:
# None
# Returns:
# 0: on success
# 1: on failure / empty
#######################################
ask_pass_console() {
PASSPHRASE=""
SAVED_STTY=""
if command -v stty >/dev/null 2>&1; then
SAVED_STTY="$(stty -g </dev/console 2>/dev/null || printf '')"
stty -echo </dev/console >/dev/console 2>/dev/null || SAVED_STTY=""
fi
printf "\e[93m[INFO] Enter LUKS passphrase: \n\e[0m" >/dev/console 2>/dev/null || return 1
while :; do
C="$(dd if=/dev/console bs=1 count=1 2>/dev/null | tr -d '\r\n')"
[ -z "${C}" ] && break
PASSPHRASE="${PASSPHRASE}${C}"
printf "*" >/dev/console 2>/dev/null || :
done
if [ -n "${SAVED_STTY}" ]; then
stty "${SAVED_STTY}" </dev/console >/dev/console 2>/dev/null || :
else
stty echo </dev/console >/dev/console 2>/dev/null || :
fi
printf "\n" >/dev/console 2>/dev/null || :
[ -n "${PASSPHRASE}" ] || return 1
printf '%s\n' "${PASSPHRASE}"
return 0
}
####################################### #######################################
# Premount logging helper. # Premount logging helper.
# Globals: # Globals:
@@ -181,7 +235,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true
printf "\e[93m[INFO] Trying to unlock via cryptsetup ...\n\e[0m" >/dev/console 2>/dev/null || true printf "\e[93m[INFO] Trying to unlock via cryptsetup ...\n\e[0m" >/dev/console 2>/dev/null || true
printf '%s\n' "${PASS}" | cryptsetup open --type luks--readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console printf '%s\n' "${PASS}" | cryptsetup open --type luks --readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console
if [ -b "${CDLB_MAPPER_DEV}" ]; then if [ -b "${CDLB_MAPPER_DEV}" ]; then
@@ -224,7 +278,7 @@ PID_BROKER="$!"
) & ) &
PID_PROMPT="$!" PID_PROMPT="$!"
### Main process: wait bounded time for mapper to appear. ---------------------------------------------------------------------- ### Main process: wait bounded time for the mapper to appear. ------------------------------------------------------------------
REMAINING="${CDLB_REMOTE_WAIT_SECS}" REMAINING="${CDLB_REMOTE_WAIT_SECS}"
if [ ! -b "${CDLB_MAPPER_DEV}" ]; then if [ ! -b "${CDLB_MAPPER_DEV}" ]; then