[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [HOOK] yet another encrypted home hook

Using persistent option with this hook installed was not possible,just if you used it with lukshome. Corrected.

-----------------
#!/bin/sh

# This hook will add an entry to crypttab and to fstab so the default
# boot system of debian will mount an encrypted partition as /home.
#
# 1 - Create a partition for the live image in the USB key. One where the live
# image will fit.
#
# 2 - Create the luks partition with an ext2 filesystem in it
# and copy /home/* into it. An existing ext2 encrypted /home partition
# on harddisk can be used instead - change the update to fstab to use
# another filesystem.
#
# 3 - Find what is the uuid of the encrypted partition:
#
#       ls -l /dev/disks/by-uuid
#
# 4 - Now paste the uuid into this hook and (re)build your live cd.
#
# 5 - Use unetbootin or copy the live image manually to the first partition.
#
# 6 - Boot with "lukshome" boot option to enable the hook.
#
# NOTE: You can't use "persistent" and "lukshome" at the same time! If you do,
# lukshome hook will be *skipped*, but any persistent partition or file
# will be mounted.
#
# TODO/FIXME: add a boot option to select partition from boot options,
# like "lukshome_uuid="500a7752-385b-45e1-8119-dd35ce3544fb" and/or
# lukshome_part=/dev/sdb4 (this last one not hardware independent).


# scripts/live-bottom/13usb_luks_home, right after 12fstab
echo "I: creating /usr/share/initramfs-tools/scripts/live-bottom/13usb_luks_home"

cat > /usr/share/initramfs-tools/scripts/live-bottom/13usb_luks_home << 'EOF'
#!/bin/sh

#set -e

# initramfs-tools header

PREREQ=""

prereqs()
{
    echo "${PREREQ}"
}

case "${1}" in
    prereqs)
        prereqs
        exit 0
        ;;
esac

. /scripts/live-functions

# live-initramfs hook to add the luks home partition to crypttab and fstab

log_begin_msg "Executing usb-luks-home"

# get boot option lukshome without persistent- adapted from live-helpers
for ARGUMENT in $(cat /proc/cmdline)
do
    case "${ARGUMENT}" in
        lukshome)
            LUKSHOME=1
            ;;
    esac
done

# don't use persistent* and lukshome
if [ -n "${PERSISTENT}" ] && [  -n "${LUKSHOME}" ]
then
    # FIXME: should we panic instead?
    echo "You should not use persistent and lukshome at the same time."
    echo "Skipping lukshome. Persistent medium will be used instead."
    log_end_msg
    exit 0
fi

# if no lukshome boot option, exit
if [ -z "${LUKSHOME}" ]
then
    echo "Nothing to do."
    log_end_msg
    exit 0
fi

# Encrypted partition uuid to be used as /home. Use (sudo) blkid to find it.
LUKSHOME_UUID="500a7752-385b-45e1-8119-dd35ce3544fb"

echo "Adding ${LUKSHOME_UUID} to /etc/crypttab and setting it as /home in /etc/fstab."

# update crypttab
echo "home /dev/disk/by-uuid/${LUKSHOME_UUID} none luks,check,timeout" >> /root/etc/crypttab

# update fstab
echo "/dev/mapper/home /home ext2 defaults,noatime 0 0" >> /root/etc/fstab

log_end_msg

EOF

chmod 0755 /usr/share/initramfs-tools/scripts/live-bottom/13usb_luks_home


# if you already have the update-initramfs.sh hook, you can remove this.
echo "I: update-initramfs to include 13usb_luks_home."

for KERNEL in /boot/vmlinuz-*
do
    VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"

    update-initramfs -k ${VERSION} -t -u
done
----------------------


Rui M. P. Bernardo
Reply to: