diff options
author | Karel Kočí <karel.koci@nic.cz> | 2020-02-25 17:47:58 +0100 |
---|---|---|
committer | Karel Kočí <karel.koci@nic.cz> | 2020-02-25 17:52:55 +0100 |
commit | d6205d3a165e01d6c427e9160f36b51cfdc4e2b4 (patch) | |
tree | ce631e293026850429049457aecdef226310fc06 | |
parent | 67320a1307feada9e25a3f08e8aba7179004d85c (diff) | |
download | gentoo-personal-overlay-d6205d3a165e01d6c427e9160f36b51cfdc4e2b4.tar.gz gentoo-personal-overlay-d6205d3a165e01d6c427e9160f36b51cfdc4e2b4.tar.bz2 gentoo-personal-overlay-d6205d3a165e01d6c427e9160f36b51cfdc4e2b4.zip |
sys-boot/myinitramfs: extend to optionally autounlock
-rwxr-xr-x | sys-boot/myinitramfs/files/gen.sh | 22 | ||||
-rwxr-xr-x | sys-boot/myinitramfs/files/init.enc | 6 | ||||
-rwxr-xr-x | sys-boot/myinitramfs/files/initramfs_password | 6 | ||||
-rw-r--r-- | sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild (renamed from sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild) | 11 |
4 files changed, 36 insertions, 9 deletions
diff --git a/sys-boot/myinitramfs/files/gen.sh b/sys-boot/myinitramfs/files/gen.sh index 958b974..136f7ff 100755 --- a/sys-boot/myinitramfs/files/gen.sh +++ b/sys-boot/myinitramfs/files/gen.sh @@ -8,19 +8,29 @@ cd "$(dirname "$(readlink -f "$0")")" LIST="$(mktemp)" +add_exec() { + P="$(which "$1")" + echo "# $EXE" >> "$LIST" + echo "file $P $P 755 0 0" >> "$LIST" + ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do + echo "file $LIB $LIB 755 0 0" >> "$LIST" + done +} + # Base list cp baselist "$LIST" # Init script echo "file /init ./init.enc 755 0 0" >> "$LIST" echo >> "$LIST" +# Executables required when USE_DMI +if [ -n "$USE_DMI" ]; then + echo "file /sbin/initramfs_password ./initramfs_password 755 0 0" >> "$LIST" + add_exec dmidecode + add_exec sha512sum +fi # Executables while read -r EXE; do - P="$(which "$EXE")" - echo "# $EXE" >> "$LIST" - echo "file $P $P 755 0 0" >> "$LIST" - ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do - echo "file $LIB $LIB 755 0 0" >> "$LIST" - done + add_exec "$EXE" done <exelist # Buld initramfs diff --git a/sys-boot/myinitramfs/files/init.enc b/sys-boot/myinitramfs/files/init.enc index b1cd3a2..0514508 100755 --- a/sys-boot/myinitramfs/files/init.enc +++ b/sys-boot/myinitramfs/files/init.enc @@ -83,7 +83,11 @@ root="$(blkid | awk -v uuid="UUID=\"$uuid\"" '$2 == uuid { gsub(/:$/,"",$1); pri [ -e "$root" ] || fail "Root not located!" echo -e "${C_GREEN}Unlocking root...${C_NO}" -cryptsetup open "$root" encroot || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)" +if command -v initramfs_password >/dev/null; then + initramfs_password | cryptsetup open --key-file=- "$root" encroot +else + cryptsetup open "$root" encroot +fi || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)" echo -e "${C_GREEN}Mounting root...${C_NO}" mount -t btrfs -o "$rootflags" /dev/mapper/encroot /mnt/root \ diff --git a/sys-boot/myinitramfs/files/initramfs_password b/sys-boot/myinitramfs/files/initramfs_password new file mode 100755 index 0000000..8ad64bb --- /dev/null +++ b/sys-boot/myinitramfs/files/initramfs_password @@ -0,0 +1,6 @@ +#!/bin/sh +{ + dmidecode -s system-uuid + dmidecode -s baseboard-serial-number + dmidecode -s processor-version +} | sha512sum | cut -f1 -d ' ' diff --git a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild index e31efdc..84be803 100644 --- a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild +++ b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild @@ -13,12 +13,16 @@ S="${WORKDIR}/myinitramfs-${VER}" LICENSE="GPLv2" SLOT="0" KEYWORDS="amd64 x86" -IUSE="" +IUSE="dmi" DEPEND="sys-fs/cryptsetup sys-fs/btrfs-progs sys-apps/linux-misc-apps -sys-apps/busybox[static]" +sys-apps/busybox[static] +dmi? ( + sys-apps/dmidecode + sys-apps/coreutils +)" RDEPEND="${DEPEND} sys-kernel/linux[initramfs]" @@ -28,6 +32,7 @@ src_unpack() { } src_compile() { + use dmi || export USE_DMI=1 "${FILESDIR}/gen.sh" initramfs-gentoo } @@ -35,4 +40,6 @@ src_install() { dodir /boot insinto /boot newins initramfs-gentoo initramfs-gentoo + + dosbin "${FILESDIR}/initramfs_password" } |