[PATCH] New options for lukshome hook.
Please accept the following patch to lukshome hook. Makes the hook
more flexible by allowing the user to specify another partition label
and/or filename of the encrypted file.
Changes:
* Added new lukspart boot option to specify a partition label other
than 'lukshome'.
* Added new luksfile boot option to specify a filename other than
'luks-home.img'.
* Some gramatical corrections.
I could send another patch without the gramatical corrections for
clarity if you want.
One question: although the lukshome hook still works with live-helper
2.0 and with live-boot, at least in Lenny, I'd like to know if
live-boot will still use
/usr/share/initramfs-tools/scripts/live-bottom/ in the future, or will
it be dropped in favour of /lib/live/config/.
Thank you,
Rui M. P. Bernardo
diff --git a/examples/hooks/all_chroot_losetup-lukshome.sh b/examples/hooks/all_chroot_losetup-lukshome.sh
index 5542438..c332d6b 100755
--- a/examples/hooks/all_chroot_losetup-lukshome.sh
+++ b/examples/hooks/all_chroot_losetup-lukshome.sh
@@ -25,7 +25,7 @@
# detects a partition with lukshome label, updates fstab and crypttab so
# the encrypted file is mounted later in a loopback device (/dev/loopX).
# It also changes /etc/init.d/umountfs so the encrypted home is correctly
-# umounted.
+# umounted.
#
# /usr/share/initramfs-tools/scripts/live-bottom/13live_luks_home
# a live-initramfs hook to execute lukshome.sh script
@@ -52,18 +52,28 @@
# create-lukshome-file.sh script.
#
# Reboot and now use the "lukshome" boot option to mount the encrypted /home,
-# like in using "persistent" boot option with a home-rw file in some partition.
+# like when using "persistent" boot option with a home-rw file in some partition.
#
-echo "I: to see how use lukshome hook run create-lukshome-file.sh as root."
+# install needed packages (in case apt recommends are off)
+# make sure that cryptsetup is installed
+echo "I: checking for cryptsetup."
+if [ ! -x /sbin/cryptsetup ]
+then
+ echo "I: installing cryptsetup."
+ DEBIAN_FRONTEND="dialog" apt-get install --yes --force-yes -y cryptsetup
+fi
+
+
+echo "I: to see how to use lukshome hook run create-lukshome-file.sh as root."
echo "I: creating script /usr/local/sbin/create-lukshome-file.sh"
cat > /usr/local/sbin/create-lukshome-file.sh << 'EOF'
#!/bin/sh
-# This script is to create an encrypted filesystem in a file to
+# This script will create an encrypted filesystem in a file to
# be used as /home in a live system built with Debian Live Helper with
-# the lukshome hook in config/chroot_local-hooks/.
+# this hook in config/chroot_local-hooks/.
#
# The lukshome boot option will do the following:
# - search for a partition with label 'lukshome'
@@ -109,6 +119,19 @@ cat > /usr/local/sbin/create-lukshome-file.sh << 'EOF'
# Reboot and use the "lukshome" boot option to mount the encrypted /home,
# like in using "persistent" boot option with a home-rw file in some partition.
#
+# To use another partition label use the following boot options:
+# lukshome lukspart=partition_label
+#
+# If you want to use another filename instead of luks-home.img, rename (mv)
+# the file and use the following boot options:
+# lukshome luksfile=filename
+#
+# Both boot options can be used at the same time, but always with lukshome:
+# lukshome lukspart=partition_label luksfile=filename
+#
+# By default, if just the lukshome boot option is used, the script will
+# search for a partition labeled 'lukshome' and a file named 'luks-home.img'.
+#
# Press Shift-PgUp/Shift-PgDn to scrool the instructions on the screen.
@@ -144,7 +167,7 @@ fi
# show instructions
echo ""
echo "** Instructions to use create-lukshome-file.sh (this script):"
-sed -n '2,51p' /usr/local/sbin/create-lukshome-file.sh | sed 's/^.//'
+sed -n '2,64p' /usr/local/sbin/create-lukshome-file.sh | sed 's/^.//'
echo ""
@@ -171,13 +194,13 @@ read FILE_SIZE
echo ""
echo "** Creating file luks-home.img."
echo "** Filling file image with /dev/urandom output. It will take some time."
-echo "(Edit this script to use /dev/random. It's know to more secure but "
+echo "(Edit this script to use /dev/random. It's known to be more secure but "
echo "it will take a *very* long time to complete."
dd if=/dev/urandom of=luks-home.img bs=1M count=${FILE_SIZE}
# To use /dev/random comment the line above and uncomment the next line
#dd if=/dev/random of=luks-home.img ibs=128 obs=128 count=$((8192*${FILE_SIZE}))
# You might have to increase kernel entropy by moving the mouse, typing keyboard,
-# make the computer read disk or use network connections.
+# make the computer read the disk or use network connections.
echo "** Done."
echo ""
@@ -287,16 +310,39 @@ cat > /usr/local/sbin/lukshome.sh << 'EOF'
# functions taken from live-helpers
. /usr/share/initramfs-tools/scripts/live-helpers
-# search for a partition labeled "lukshome"
+# set default values
+LUKSPART="lukshome"
+LUKSFILE="luks-home.img"
+
+# get boot option lukshome - adapted from live-helpers
+for ARGUMENT in $(cat /proc/cmdline)
+do
+ case "${ARGUMENT}" in
+ lukshome)
+ LUKSHOME=1
+ ;;
+ luksfile=*)
+ LUKSFILE="${ARGUMENT#luksfile=}"
+ LUKSHOME=1
+ ;;
+ lukspart=*)
+ LUKSPART="${ARGUMENT#lukspart=}"
+ LUKSHOME=1
+ ;;
+
+ esac
+done
+
+# search for a partition labeled "lukshome" or $LUKSPART
for sysblock in $(echo /sys/block/* | tr ' ' '\n' | grep -v loop | grep -v ram | grep -v fd)
do
for dev in $(subdevices "${sysblock}")
do
devname=$(sys2dev "${dev}")
# find partition name and filesystem type
- if [ "$(/lib/udev/vol_id -l ${devname} 2>/dev/null)" = "lukshome" ]
+ if [ "$(/lib/udev/vol_id -l ${devname} 2>/dev/null)" = "${LUKSPART}" ]
then
- # found one partition named "lukshome"
+ # found one partition with correct label
CRYPTHOME="${devname}"
# don't search further
break
@@ -312,7 +358,7 @@ done
# if no partition found, exit
if [ -z "${CRYPTHOME}" ]
then
- echo "Could not find any partition with lukshome label. "
+ echo "Could not find any partition with ${LUKSPART} label. "
echo "Proceeding with no encrypted /home."
exit 0
fi
@@ -324,11 +370,11 @@ mount -t $(get_fstype "${CRYPTHOME}") "${CRYPTHOME}" /luks-home
# mount losetup encrypted file
FREE_LOOP="$(/sbin/losetup -f)"
-echo "Opening /luks-home/luks-home.img in ${FREE_LOOP}."
+echo "Opening file /luks-home/${LUKSFILE} in ${FREE_LOOP}."
-if [ -f /luks-home/luks-home.img ]
+if [ -f /luks-home/"${LUKSFILE}" ]
then
- /sbin/losetup ${FREE_LOOP} /luks-home/luks-home.img
+ /sbin/losetup ${FREE_LOOP} /luks-home/"${LUKSFILE}"
echo "Adding ${FREE_LOOP} home to /etc/crypttab and setting it as /home in /etc/fstab."
@@ -338,8 +384,9 @@ then
# update fstab
echo "/dev/mapper/home /home ext2 defaults,noatime 0 0" >> /etc/fstab
else
- echo "Did not found any luks-home.img file in ${CRYPTHOME}!"
+ echo "Did not found any file named ${LUKSFILE} in ${CRYPTHOME}!"
echo "Proceeding with no encrypted /home."
+ sleep 2
umount -r /luks-home
exit 0
fi
@@ -403,6 +450,15 @@ do
lukshome)
LUKSHOME=1
;;
+ luksfile=*)
+ LUKSFILE="${ARGUMENT#luksfile=}"
+ LUKSHOME=1
+ ;;
+ lukspart=*)
+ LUKSPART="${ARGUMENT#lukspart=}"
+ LUKSHOME=1
+ ;;
+
esac
done
@@ -436,9 +492,8 @@ umount /root/sys
umount /root/proc
umount /root/dev
-# delete the lukshome scripts, not needed anymore
+# delete the lukshome.sh script, not needed anymore
# rm -f /root/usr/local/sbin/lukshome.sh
-# rm -f /root/usr/local/sbin/create-lukshome-file.sh
log_end_msg
Reply to: