[PC-BSD Commits] r6386 - pcbsd/trunk/pc-sysinstall/backend

svn at pcbsd.org svn at pcbsd.org
Wed Mar 10 23:55:57 PST 2010


Author: kris
Date: 2010-03-10 23:55:56 -0800 (Wed, 10 Mar 2010)
New Revision: 6386

Modified:
   pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh
   pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh
   pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh
   pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh
Log:

Updated pc-sysinstall to allow us to specify a passphrase, doesn't fully work yet, need way to pass the passphrase
via script to geli



Modified: pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh	2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh	2010-03-11 07:55:56 UTC (rev 6386)
@@ -1,6 +1,23 @@
 #!/bin/sh
 # Functions related to disk operations using bsdlabel
 
+# Check if we are are provided a geli password on the nextline of the config
+check_for_enc_pass()
+{
+  CURLINE="${1}"
+ 
+  get_next_cfg_line "${CFGF}" "${CURLINE}" 
+  echo ${VAL} | grep "^encpass=" >/dev/null 2>/dev/null
+  if [ "$?" = "0" ] ; then
+    # Found a password, return it
+    get_value_from_string "${VAL}"
+    return
+  fi
+
+  VAL="" ; export VAL
+  return -1
+};
+
 # On check on the disk-label line if we have any extra vars for this device
 # Only enabled for ZFS devices now, may add other xtra options in future for other FS's
 get_fs_line_xvars()
@@ -137,16 +154,22 @@
       then
         FS="`echo ${FS} | cut -d '.' -f 1`"
         ENC="ON"
+        check_for_enc_pass "${line}"
+        if [ "${VAL}" != "" ] ; then
+          # We have a user supplied password, save it for later
+          ENCPASS="${VAL}" 
+        fi
       else
         ENC="OFF"
       fi
 
       # Check if the user tried to setup / as an encrypted partition
-      if [ "${MNT}" = "/" -a "${ENC}" = "ON" ]
+      check_for_mount "${MNT}" "/"
+      if [ "${?}" = "0" -a "${ENC}" = "ON" ]
       then
         USINGENCROOT="0" ; export USINGENCROOT
-      fi 
-
+      fi
+          
       # Now check that these values are sane
       case $FS in
        UFS|UFS+S|UFS+J|ZFS|SWAP) ;;
@@ -234,6 +257,11 @@
       # Save this data to our partition config dir
       echo "${FS}:${MNT}:${ENC}:${PLABEL}:MBR:${XTRAOPTS}" >${PARTDIR}/${WRKSLICE}${PARTLETTER}
 
+      # If we have a enc password, save it as well
+      if [ ! -z "${ENCPASS}" ] ; then
+        echo "${ENCPASS}" >${PARTDIR}-enc/${WRKSLICE}${PARTLETTER}-encpass
+      fi
+
       # This partition letter is used, get the next one
       case ${PARTLETTER} in
           a) PARTLETTER="b" ;;
@@ -304,12 +332,18 @@
       then
         FS="`echo ${FS} | cut -d '.' -f 1`"
         ENC="ON"
+        check_for_enc_pass "${line}"
+        if [ "${VAL}" != "" ] ; then
+          # We have a user supplied password, save it for later
+          ENCPASS="${VAL}" 
+        fi
       else
         ENC="OFF"
       fi
 
       # Check if the user tried to setup / as an encrypted partition
-      if [ "${MNT}" = "/" -a "${ENC}" = "ON" ]
+      check_for_mount "${MNT}" "/"
+      if [ "${?}" = "0" -a "${ENC}" = "ON" ]
       then
         USINGENCROOT="0" ; export USINGENCROOT
       fi
@@ -394,6 +428,11 @@
       # Save this data to our partition config dir
       echo "${FS}:${MNT}:${ENC}:${PLABEL}:GPT:${XTRAOPTS}" >${PARTDIR}/${DISK}p${CURPART}
 
+      # If we have a enc password, save it as well
+      if [ ! -z "${ENCPASS}" ] ; then
+        echo "${ENCPASS}" >${PARTDIR}-enc/${DISK}p${CURPART}-encpass
+      fi
+
       # Increment our parts counter
       CURPART="`expr ${CURPART} + 1`"
 
@@ -505,6 +544,8 @@
   # Make the tmp directory where we'll store FS info & mount-points
   rm -rf ${PARTDIR} >/dev/null 2>/dev/null
   mkdir -p ${PARTDIR} >/dev/null 2>/dev/null
+  rm -rf ${PARTDIR}-enc >/dev/null 2>/dev/null
+  mkdir -p ${PARTDIR}-enc >/dev/null 2>/dev/null
 
   for i in $WORKINGSLICES
   do

Modified: pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh	2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh	2010-03-11 07:55:56 UTC (rev 6386)
@@ -263,6 +263,14 @@
      echo "geli_${PART}_keyfile0_type=\"${PART}:geli_keyfile0\"" >> ${FSMNT}/boot/loader.conf 
      echo "geli_${PART}_keyfile0_name=\"/boot/keys/${KEYFILE}\"" >> ${FSMNT}/boot/loader.conf 
 
+     # If we have a passphrase, set it up now
+     if [ -e "${PARTDIR}-enc/${PART}-encpass" ] ; then
+       # KPM KPM KPM
+       # FIXME, geli needs to read passphrase from variable
+       geli setkey -n 0 -p -k ${KEYFILE} -K ${KEYFILE} ${PART}
+       geli configure -b ${PART}
+     fi
+
      # Copy the key to the disk
      cp ${KEYFILE} ${FSMNT}/boot/keys/${KEYFILE}
   done

Modified: pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh	2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh	2010-03-11 07:55:56 UTC (rev 6386)
@@ -85,6 +85,7 @@
        rc_halt "dd if=/dev/random of=${GELIKEYDIR}/${PART}.key bs=64 count=1"
        rc_halt "geli init -b -s 4096 -P -K ${GELIKEYDIR}/${PART}.key /dev/${PART}"
        rc_halt "geli attach -p -k ${GELIKEYDIR}/${PART}.key /dev/${PART}"
+
        EXT=".eli"
      else
        # No Encryption

Modified: pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh	2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh	2010-03-11 07:55:56 UTC (rev 6386)
@@ -180,3 +180,26 @@
     
   return 1
 };
+
+# Function which returns the next line in the specified config file
+get_next_cfg_line()
+{
+  CURFILE="$1"
+  CURLINE="$2"
+
+  FOUND="1"
+  
+  while read line
+  do
+    if [ "$FOUND" = "0" ] ; then
+      VAL="$line" ; export VAL
+      return
+    fi
+    if [ "$line" = "${CURLINE}" ] ; then
+      FOUND="0"
+    fi
+  done <${CURFILE}
+
+  # Got here, couldn't find this line or at end of file, set VAL to ""
+  VAL="" ; export VAL
+};



More information about the Commits mailing list