[SCM] live-boot branch, debian-next, updated. debian/3.0_a22-1-25-gf885467
Daniel Baumann
daniel at debian.org
Thu Nov 24 17:37:31 UTC 2011
The following commit has been merged in the debian-next branch:
commit ef22a990570cd3658c7a693796e4470994b86fb9
Author: Tails developers <amnesia at boum.org>
Date: Sat Nov 12 05:56:06 2011 +0100
Changing persistent-encryption to accept a list TYPE... instead.
The comma-separated list TYPE... specifies which types of encryption
to allow for persistent media, and whether to allow plaintext media.
The possible TYPEs are the old {none, luks}, with default "none". The
only change is that this allow plaintext and encrypted media to be
used simultaneously.
diff --git a/scripts/live b/scripts/live
index 970853c..c28314f 100755
--- a/scripts/live
+++ b/scripts/live
@@ -395,19 +395,23 @@ Arguments ()
export UNIONTYPE
fi
- if [ "${PERSISTENT_ENCRYPTION}" = "luks" ]
+ if [ -z "${PERSISTENT_ENCRYPTION}" ]
+ then
+ PERSISTENT_ENCRYPTION="none"
+ export PERSISTENT_ENCRYPTION
+ elif echo ${PERSISTENT_ENCRYPTION} | grep -qw luks
then
if ! modprobe dm-crypt
then
log_warning_msg "Unable to load module dm-crypt"
- PERSISTENT_ENCRYPTION="none"
+ PERSISTENT_ENCRYPTION=$(echo ${PERSISTENT_ENCRYPTION} | sed -e 's/\<luks,\|,\?luks$//g')
export PERSISTENT_ENCRYPTION
fi
if [ ! -x /lib/cryptsetup/askpass ] || [ ! -x /sbin/cryptsetup ]
then
log_warning_msg "cryptsetup in unavailable"
- PERSISTENT_ENCRYPTION="none"
+ PERSISTENT_ENCRYPTION=$(echo ${PERSISTENT_ENCRYPTION} | sed -e 's/\<luks,\|,\?luks$//g')
export PERSISTENT_ENCRYPTION
fi
fi
diff --git a/scripts/live-helpers b/scripts/live-helpers
index 33d2ee7..9e45517 100644
--- a/scripts/live-helpers
+++ b/scripts/live-helpers
@@ -311,6 +311,37 @@ try_mount ()
fi
}
+open_luks_device ()
+{
+ dev="${1}"
+ name="$(basename ${dev})"
+ opts="--key-file=-"
+
+ load_keymap
+
+ while true
+ do
+ /lib/cryptsetup/askpass "Enter passphrase for ${dev}: " | \
+ /sbin/cryptsetup -T 1 luksOpen ${dev} ${name} ${opts}
+
+ if [ 0 -eq ${?} ]
+ then
+ luks_device="/dev/mapper/${name}"
+ echo ${luks_device}
+ return 0
+ fi
+
+ echo >&6
+ echo -n "There was an error decrypting ${dev} ... Retry? [Y/n] " >&6
+ read answer
+
+ if [ "$(echo "${answer}" | cut -b1 | tr A-Z a-z)" = "n" ]
+ then
+ return 2
+ fi
+ done
+}
+
find_persistent_media ()
{
# Scans devices for overlays and snapshots, and returns a whitespace
@@ -344,36 +375,20 @@ find_persistent_media ()
luks_device=""
# Checking for a luks device
- if [ "${PERSISTENT_ENCRYPTION}" = "luks" ]
+ if echo ${PERSISTENT_ENCRYPTION} | grep -qw luks && \
+ /sbin/cryptsetup isLuks ${dev}
then
- if ! /sbin/cryptsetup isLuks ${dev}
+ if luks_device=$(open_luks_device "${dev}")
then
- # skip device since we strictly want luks devices
+ dev="${luks_device}"
+ else
+ # skip $dev since we failed/chose not to open it
continue
fi
-
- load_keymap
-
- while true
- do
- /lib/cryptsetup/askpass "Enter passphrase for ${dev}: " | /sbin/cryptsetup -T 1 luksOpen ${dev} $(basename ${dev}) --key-file=-
-
- if [ 0 -eq ${?} ]
- then
- luks_device="/dev/mapper/$(basename ${dev})"
- dev="${luks_device}"
- break
- fi
-
- echo >&6
- echo -n "There was an error decrypting ${dev} ... Retry? [Y/n] " >&6
- read answer
-
- if [ "$(echo "${answer}" | cut -b1 | tr A-Z a-z)" = "n" ]
- then
- break
- fi
- done
+ elif echo ${PERSISTENT_ENCRYPTION} | grep -qwv none
+ then
+ # skip $dev since we don't allow unencrypted storage
+ continue
fi
if echo ${PERSISTENT_STORAGE} | grep -qw filesystem
--
live-boot
More information about the debian-live-changes
mailing list