V8.13.440.2025.11.19
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m23s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -14,13 +14,67 @@
|
||||
# SPDX-PackageName: CISS.debian.live.builder
|
||||
# SPDX-Security-Contact: security@coresecret.eu
|
||||
|
||||
# Purpose: Open /live/ciss_rootfs.crypt (LUKS) and present its SquashFS as /run/live/rootfs
|
||||
# Purpose: Open /live/ciss_rootfs.crypt (LUKS) for final processing in '9990-overlay.sh'
|
||||
# Phase : premount (executed by live-boot inside the initramfs)
|
||||
|
||||
set -eu
|
||||
|
||||
printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/0024-ciss-crypt-squash] ... \n\e[0m"
|
||||
|
||||
#######################################
|
||||
# Ask for a passphrase on /dev/console, mask input with '*'.
|
||||
# Globals:
|
||||
# None
|
||||
# Arguments:
|
||||
# None
|
||||
# Returns:
|
||||
# 0: on success
|
||||
# 1: on failure / empty
|
||||
#######################################
|
||||
ask_pass_console() {
|
||||
PASSPHRASE=""
|
||||
SAVED_STTY=""
|
||||
|
||||
if command -v stty >/dev/null 2>&1; then
|
||||
|
||||
SAVED_STTY="$(stty -g </dev/console 2>/dev/null || printf '')"
|
||||
stty -echo </dev/console >/dev/console 2>/dev/null || SAVED_STTY=""
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[93m[INFO] Enter LUKS passphrase: \n\e[0m" >/dev/console 2>/dev/null || return 1
|
||||
|
||||
while :; do
|
||||
|
||||
C="$(dd if=/dev/console bs=1 count=1 2>/dev/null | tr -d '\r\n')"
|
||||
|
||||
[ -z "${C}" ] && break
|
||||
|
||||
PASSPHRASE="${PASSPHRASE}${C}"
|
||||
|
||||
printf "*" >/dev/console 2>/dev/null || :
|
||||
|
||||
done
|
||||
|
||||
if [ -n "${SAVED_STTY}" ]; then
|
||||
|
||||
stty "${SAVED_STTY}" </dev/console >/dev/console 2>/dev/null || :
|
||||
|
||||
else
|
||||
|
||||
stty echo </dev/console >/dev/console 2>/dev/null || :
|
||||
|
||||
fi
|
||||
|
||||
printf "\n" >/dev/console 2>/dev/null || :
|
||||
|
||||
[ -n "${PASSPHRASE}" ] || return 1
|
||||
|
||||
printf '%s\n' "${PASSPHRASE}"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
#######################################
|
||||
# Premount logging helper.
|
||||
# Globals:
|
||||
@@ -181,7 +235,7 @@ chmod 0600 /lib/cryptsetup/passfifo 2>/dev/null || true
|
||||
|
||||
printf "\e[93m[INFO] Trying to unlock via cryptsetup ...\n\e[0m" >/dev/console 2>/dev/null || true
|
||||
|
||||
printf '%s\n' "${PASS}" | cryptsetup open --type luks--readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console
|
||||
printf '%s\n' "${PASS}" | cryptsetup open --type luks --readonly "${LOOP}" "${CDLB_MAPPER_NAME}" --key-file - 2>/dev/console
|
||||
|
||||
if [ -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
|
||||
@@ -224,7 +278,7 @@ PID_BROKER="$!"
|
||||
) &
|
||||
PID_PROMPT="$!"
|
||||
|
||||
### Main process: wait bounded time for mapper to appear. ----------------------------------------------------------------------
|
||||
### Main process: wait bounded time for the mapper to appear. ------------------------------------------------------------------
|
||||
REMAINING="${CDLB_REMOTE_WAIT_SECS}"
|
||||
|
||||
if [ ! -b "${CDLB_MAPPER_DEV}" ]; then
|
||||
|
||||
Reference in New Issue
Block a user