[PC-BSD Commits] r6386 - pcbsd/trunk/pc-sysinstall/backend
svn at pcbsd.org
svn at pcbsd.org
Wed Mar 10 23:55:57 PST 2010
Author: kris
Date: 2010-03-10 23:55:56 -0800 (Wed, 10 Mar 2010)
New Revision: 6386
Modified:
pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh
pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh
pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh
pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh
Log:
Updated pc-sysinstall to allow us to specify a passphrase, doesn't fully work yet, need way to pass the passphrase
via script to geli
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh 2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh 2010-03-11 07:55:56 UTC (rev 6386)
@@ -1,6 +1,23 @@
#!/bin/sh
# Functions related to disk operations using bsdlabel
+# Check if we are are provided a geli password on the nextline of the config
+check_for_enc_pass()
+{
+ CURLINE="${1}"
+
+ get_next_cfg_line "${CFGF}" "${CURLINE}"
+ echo ${VAL} | grep "^encpass=" >/dev/null 2>/dev/null
+ if [ "$?" = "0" ] ; then
+ # Found a password, return it
+ get_value_from_string "${VAL}"
+ return
+ fi
+
+ VAL="" ; export VAL
+ return -1
+};
+
# On check on the disk-label line if we have any extra vars for this device
# Only enabled for ZFS devices now, may add other xtra options in future for other FS's
get_fs_line_xvars()
@@ -137,16 +154,22 @@
then
FS="`echo ${FS} | cut -d '.' -f 1`"
ENC="ON"
+ check_for_enc_pass "${line}"
+ if [ "${VAL}" != "" ] ; then
+ # We have a user supplied password, save it for later
+ ENCPASS="${VAL}"
+ fi
else
ENC="OFF"
fi
# Check if the user tried to setup / as an encrypted partition
- if [ "${MNT}" = "/" -a "${ENC}" = "ON" ]
+ check_for_mount "${MNT}" "/"
+ if [ "${?}" = "0" -a "${ENC}" = "ON" ]
then
USINGENCROOT="0" ; export USINGENCROOT
- fi
-
+ fi
+
# Now check that these values are sane
case $FS in
UFS|UFS+S|UFS+J|ZFS|SWAP) ;;
@@ -234,6 +257,11 @@
# Save this data to our partition config dir
echo "${FS}:${MNT}:${ENC}:${PLABEL}:MBR:${XTRAOPTS}" >${PARTDIR}/${WRKSLICE}${PARTLETTER}
+ # If we have a enc password, save it as well
+ if [ ! -z "${ENCPASS}" ] ; then
+ echo "${ENCPASS}" >${PARTDIR}-enc/${WRKSLICE}${PARTLETTER}-encpass
+ fi
+
# This partition letter is used, get the next one
case ${PARTLETTER} in
a) PARTLETTER="b" ;;
@@ -304,12 +332,18 @@
then
FS="`echo ${FS} | cut -d '.' -f 1`"
ENC="ON"
+ check_for_enc_pass "${line}"
+ if [ "${VAL}" != "" ] ; then
+ # We have a user supplied password, save it for later
+ ENCPASS="${VAL}"
+ fi
else
ENC="OFF"
fi
# Check if the user tried to setup / as an encrypted partition
- if [ "${MNT}" = "/" -a "${ENC}" = "ON" ]
+ check_for_mount "${MNT}" "/"
+ if [ "${?}" = "0" -a "${ENC}" = "ON" ]
then
USINGENCROOT="0" ; export USINGENCROOT
fi
@@ -394,6 +428,11 @@
# Save this data to our partition config dir
echo "${FS}:${MNT}:${ENC}:${PLABEL}:GPT:${XTRAOPTS}" >${PARTDIR}/${DISK}p${CURPART}
+ # If we have a enc password, save it as well
+ if [ ! -z "${ENCPASS}" ] ; then
+ echo "${ENCPASS}" >${PARTDIR}-enc/${DISK}p${CURPART}-encpass
+ fi
+
# Increment our parts counter
CURPART="`expr ${CURPART} + 1`"
@@ -505,6 +544,8 @@
# Make the tmp directory where we'll store FS info & mount-points
rm -rf ${PARTDIR} >/dev/null 2>/dev/null
mkdir -p ${PARTDIR} >/dev/null 2>/dev/null
+ rm -rf ${PARTDIR}-enc >/dev/null 2>/dev/null
+ mkdir -p ${PARTDIR}-enc >/dev/null 2>/dev/null
for i in $WORKINGSLICES
do
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh 2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh 2010-03-11 07:55:56 UTC (rev 6386)
@@ -263,6 +263,14 @@
echo "geli_${PART}_keyfile0_type=\"${PART}:geli_keyfile0\"" >> ${FSMNT}/boot/loader.conf
echo "geli_${PART}_keyfile0_name=\"/boot/keys/${KEYFILE}\"" >> ${FSMNT}/boot/loader.conf
+ # If we have a passphrase, set it up now
+ if [ -e "${PARTDIR}-enc/${PART}-encpass" ] ; then
+ # KPM KPM KPM
+ # FIXME, geli needs to read passphrase from variable
+ geli setkey -n 0 -p -k ${KEYFILE} -K ${KEYFILE} ${PART}
+ geli configure -b ${PART}
+ fi
+
# Copy the key to the disk
cp ${KEYFILE} ${FSMNT}/boot/keys/${KEYFILE}
done
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh 2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh 2010-03-11 07:55:56 UTC (rev 6386)
@@ -85,6 +85,7 @@
rc_halt "dd if=/dev/random of=${GELIKEYDIR}/${PART}.key bs=64 count=1"
rc_halt "geli init -b -s 4096 -P -K ${GELIKEYDIR}/${PART}.key /dev/${PART}"
rc_halt "geli attach -p -k ${GELIKEYDIR}/${PART}.key /dev/${PART}"
+
EXT=".eli"
else
# No Encryption
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh 2010-03-11 02:01:23 UTC (rev 6385)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-parse.sh 2010-03-11 07:55:56 UTC (rev 6386)
@@ -180,3 +180,26 @@
return 1
};
+
+# Function which returns the next line in the specified config file
+get_next_cfg_line()
+{
+ CURFILE="$1"
+ CURLINE="$2"
+
+ FOUND="1"
+
+ while read line
+ do
+ if [ "$FOUND" = "0" ] ; then
+ VAL="$line" ; export VAL
+ return
+ fi
+ if [ "$line" = "${CURLINE}" ] ; then
+ FOUND="0"
+ fi
+ done <${CURFILE}
+
+ # Got here, couldn't find this line or at end of file, set VAL to ""
+ VAL="" ; export VAL
+};
More information about the Commits
mailing list