Added a patch from Nelson Batalha <nelson_batalha@hotmail.com> from bug #174294 to...
authorChris Gianelloni <wolf31o2@gentoo.org>
Thu, 21 Jun 2007 20:25:43 +0000 (20:25 +0000)
committerChris Gianelloni <wolf31o2@gentoo.org>
Thu, 21 Jun 2007 20:25:43 +0000 (20:25 +0000)
git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@516 67a159dc-881f-0410-a524-ba9dfbe2cb84

ChangeLog
generic/initrd.scripts
generic/linuxrc

index ccbb6259d523929ee811ee348f7837a9455e311e..b90751be62b3a3b6df020998281f8ca59171e77e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@
 # Copyright 2006-2007 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+  21 Jun 2007; Chris Gianelloni <wolf31o2@gentoo.org>
+  generic/initrd.scripts, generic/linuxrc:
+  Added a patch from Nelson Batalha <nelson_batalha@hotmail.com> from bug
+  #174294 to enable the use of encryption on a CD and the location of a key.
+
   21 Jun 2007; Chris Gianelloni <wolf31o2@gentoo.org> gen_determineargs.sh,
   gen_funcs.sh, genkernel, genkernel.8, genkernel.conf:
   Added two patches from John R. Graham <john_r_graham@mindspring.com> from
index 0fd14e87314ccbaae2e34e496cfe80d2236bb7e6..4493bf89028a8dce3d22972baad0d09c2a8cc409 100644 (file)
@@ -100,6 +100,39 @@ findcdmount() {
        fi
 }
 
+findkeymount() {
+        if [ "$#" -gt "0" ]
+        then
+                for x in $*
+                do
+                        # Check for a block device to mount
+                        if [ -b "${x}" ]
+                        then
+                                good_msg "Attempting to mount key media:- ${x}"
+                                mount -r -t auto ${x} ${NEW_ROOT}/mnt/key \
+                                                > /dev/null 2>&1
+                                fi
+                                if [ "$?" = '0' ]
+                                then
+                                        # Check for the key
+                                        if [ -e ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} ]
+                                        then
+                                                KEY_ROOT="${x}"
+                                                break
+                                        else
+                                                umount ${NEW_ROOT}/mnt/key
+                                        fi
+                                fi
+                        fi
+                done
+                if [ "${KEY_ROOT}" != '' ]
+                then
+                        good_msg "Key media found on ${x}"
+                fi
+        fi
+}
+
+
 cache_cd_contents() {
        # Check loop file exists and cache to ramdisk if DO_cache is enabled
        if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ]
@@ -357,6 +390,23 @@ bootstrapCD() {
        findcdmount $DEVICES
 }
 
+bootstrapKey() {
+        # Locate the device with our key on it.
+        # USB Keychain/Storage
+        KEYDEVS="/dev/sd*"
+        # CDROM DEVICES
+        KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
+        # IDE devices
+        KEYDEVS="${KEYDEVS} /dev/hd*"
+        # USB using the USB Block Driver
+        KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*"
+        # iSeries devices
+        KEYDEVS="${KEYDEVs} /dev/iseries/vcd*"
+
+        findkeymount ${KEYDEVS}
+}
+
+
 cmdline_hwopts() {
        # Scan CMDLINE for any "doscsi" or "noscsi"-type arguments
        
index 019b4032f004a593cfba490e25b3feff25e14d20..6d7c74b0bd28028c49b1762e96bbf09b830516c0 100644 (file)
@@ -72,13 +72,16 @@ do
                        CDROOT=1
                        CDROOT_DEV=`parse_opt "${x}"`
                ;;
-               # Start livecd loop and looptype options
+               # Start livecd loop, looptype options and encryption
                loop\=*)
                        LOOP=`parse_opt "${x}"`
                ;;
                looptype\=*)
                        LOOPTYPE=`parse_opt "${x}"`
                ;;
+               loop_crypt\=*)
+                       LOOP_CRYPT=`parse_opt "${x}"`
+               ;;
                # Start Device Manager options 
                devfs)
                        USE_DEVFS_NORMAL=1
@@ -261,7 +264,7 @@ then
                mount -t tmpfs tmpfs ${NEW_ROOT}
        fi
        
-       for i in dev mnt mnt/cdrom mnt/livecd tmp tmp/.initrd mnt/gentoo sys
+       for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys
        do
                mkdir -p ${NEW_ROOT}/$i
                chmod 755 ${NEW_ROOT}/$i
@@ -490,66 +493,104 @@ then
        fi
 
        cache_cd_contents
-       # Setup the loopback mounts
+       
 
-       if [ "${LOOPTYPE}" = 'normal' ]
+        # If encrypted, find key and mount, otherwise mount as usual
+       if [ "${LOOP_CRYPT}" != '' ] 
        then
-               good_msg 'Mounting loop filesystem'
-               mount -t ext2 -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
-               test_success 'Mount filesystem'
-               FS_LOCATION='mnt/livecd'
+               good_msg 'You booted an encrypted livecd'
+               KEYNAME=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
 
+               if [ "${KEYNAME}" = '' ]
+               then 
+                       good_msg 'It's not locked with a gpg key, attempting to decrypt manually'
+                       losetup -e ${LOOP_CRYPT} /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
+                       
 
-       elif [ "${LOOPTYPE}" = 'squashfs' ]
-       then
-               good_msg 'Mounting squashfs filesystem'
-               mount -t squashfs -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
+               else 
+                       good_msg 'Livecd locked with gpg key'
+                       bootstrapKey
+                       good_msg 'Attempting to decrypt with key'
+                       losetup -K ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} -e ${LOOP_CRYPT} /dev/loop1 \
+                               ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
+               fi
+
+               test_success 'Unencrypting loop'
                
-               test_success 'Mount filesystem'
-               FS_LOCATION='mnt/livecd'
-       
-       elif [ "${LOOPTYPE}" = 'gcloop' ]
-       then
-               good_msg 'Mounting gcloop filesystem'
-               echo ' ' | losetup -E 19 -e ucl-0 -p0 ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
-               test_success 'losetup the loop device'
+               case ${LOOPTYPE} in
+                       squashfs)
+                               MOUNTTYPE="squashfs"
+                       normal)
+                               MOUNTTYPE="ext2"
+               esac
 
-               mount -t ext2 -o ro ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/livecd
-               test_success 'Mount the losetup loop device'
+               mount -t ${MOUNTTYPE} -o ro /dev/loop1 ${NEW_ROOT}/mnt/livecd 
+                               
+               test_success 'Mount filesystem, checking key'   
                FS_LOCATION='mnt/livecd'
-       
-       elif [ "${LOOPTYPE}" = 'zisofs' ]
-       then
-               FS_LOCATION="mnt/cdrom/${LOOPEXT}${LOOP}"
-       
-       elif [ "${LOOPTYPE}" = 'noloop' ]
-       then
-               FS_LOCATION='mnt/cdrom'
 
-       elif [ "${LOOPTYPE}" = 'sgimips' ]
-       then
-               # getdvhoff finds the starting offset (in bytes) of the squashfs
-               # partition on the cdrom and returns this offset for losetup
-               #
-               # All currently supported SGI Systems use SCSI CD-ROMs, so
-               # so we know that the CD-ROM is usually going to be /dev/sr0.
-               #
-               # We use the value given to losetup to set /dev/loop0 to point
-               # to the liveCD root partition, and then mount /dev/loop0 as
-               # the LiveCD rootfs
-               good_msg 'Locating the SGI LiveCD Root Partition'
-               echo ' ' | \
-                       losetup -o $(/bin/getdvhoff ${NEW_ROOT}${REAL_ROOT} 0) \
-                               ${NEW_ROOT}${CDROOT_DEV} \
-                               ${NEW_ROOT}${REAL_ROOT}
-               test_success 'losetup /dev/sr0 /dev/loop0'
-
-               good_msg 'Mounting the Root Partition'
-               mount -t squashfs -o ro ${NEW_ROOT}${CDROOT_DEV} ${NEW_ROOT}/mnt/livecd
-               test_success 'mount /dev/loop0 /'
-               FS_LOCATION='mnt/livecd'
-       fi
 
+
+       # Setup the loopback mounts, if unencrypted
+       else
+               if [ "${LOOPTYPE}" = 'normal' ]
+               then
+                       good_msg 'Mounting loop filesystem'
+                       mount -t ext2 -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
+                       test_success 'Mount filesystem'
+                       FS_LOCATION='mnt/livecd'
+       
+       
+               elif [ "${LOOPTYPE}" = 'squashfs' ]
+               then
+                       good_msg 'Mounting squashfs filesystem'
+                       mount -t squashfs -o loop,ro ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} ${NEW_ROOT}/mnt/livecd
+                       
+                       test_success 'Mount filesystem'
+                       FS_LOCATION='mnt/livecd'
+               
+               elif [ "${LOOPTYPE}" = 'gcloop' ]
+               then
+                       good_msg 'Mounting gcloop filesystem'
+                       echo ' ' | losetup -E 19 -e ucl-0 -p0 ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
+                       test_success 'losetup the loop device'
+       
+                       mount -t ext2 -o ro ${NEW_ROOT}/dev/loop0 ${NEW_ROOT}/mnt/livecd
+                       test_success 'Mount the losetup loop device'
+                       FS_LOCATION='mnt/livecd'
+               
+               elif [ "${LOOPTYPE}" = 'zisofs' ]
+               then
+                       FS_LOCATION="mnt/cdrom/${LOOPEXT}${LOOP}"
+               
+               elif [ "${LOOPTYPE}" = 'noloop' ]
+               then
+                       FS_LOCATION='mnt/cdrom'
+       
+               elif [ "${LOOPTYPE}" = 'sgimips' ]
+               then
+                       # getdvhoff finds the starting offset (in bytes) of the squashfs
+                       # partition on the cdrom and returns this offset for losetup
+                       #
+                       # All currently supported SGI Systems use SCSI CD-ROMs, so
+                       # so we know that the CD-ROM is usually going to be /dev/sr0.
+                       #
+                       # We use the value given to losetup to set /dev/loop0 to point
+                       # to the liveCD root partition, and then mount /dev/loop0 as
+                       # the LiveCD rootfs
+                       good_msg 'Locating the SGI LiveCD Root Partition'
+                       echo ' ' | \
+                               losetup -o $(/bin/getdvhoff ${NEW_ROOT}${REAL_ROOT} 0) \
+                                       ${NEW_ROOT}${CDROOT_DEV} \
+                                       ${NEW_ROOT}${REAL_ROOT}
+                       test_success 'losetup /dev/sr0 /dev/loop0'
+       
+                       good_msg 'Mounting the Root Partition'
+                       mount -t squashfs -o ro ${NEW_ROOT}${CDROOT_DEV} ${NEW_ROOT}/mnt/livecd
+                       test_success 'mount /dev/loop0 /'
+                       FS_LOCATION='mnt/livecd'
+               fi
+       
 #
 # End cdrom looptype determination and mounting if necessary
 #