diff options
author | lemmarathon <lemmarathon@protonmail.com> | 2018-04-30 20:51:50 -0400 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-12 17:34:46 +0000 |
commit | fdc28f072ae269ab9c3f876ed452c6c3d5a769aa (patch) | |
tree | 15961c7ab86722293264aa6a149bd13145e4c277 /test.sh | |
parent | 7e7fed4fee4c2e0bafd4a9714649b185b8696921 (diff) | |
download | mkinitfs-fdc28f072ae269ab9c3f876ed452c6c3d5a769aa.tar.bz2 mkinitfs-fdc28f072ae269ab9c3f876ed452c6c3d5a769aa.tar.xz |
Add support for keyfiles
The "cryptkey" boot parameter enables keyfile decryption. By default,
init will look for a keyfile named "/crypto_keyfile.bin". Another file
may be specified like so: "cryptkey=/path/to/keyfile.bin". If keyfile
decryption fails, init will fall back to passphrase mode.
Diffstat (limited to 'test.sh')
-rwxr-xr-x | test.sh | 28 |
1 files changed, 28 insertions, 0 deletions
@@ -76,6 +76,13 @@ then [ "$operation" = "header" ] && echo "> Formatting '$block' with header '$header' and passphrase '$passphrase'." [ "$operation" != "header" ] && printf "%s" "$passphrase" | sudo cryptsetup luksFormat -q $block - 2>&1 | sed 's/^/\t/g' [ "$operation" = "header" ] && printf "%s" "$passphrase" | sudo cryptsetup luksFormat -q --header $header $block - 2>&1 | sed 's/^/\t/g' + + echo "> Creating keyfile" + dd if=/dev/urandom of=keyfile count=1 bs=512 2>&1 | sed 's/^/\t/g' + echo "> Adding keyfile to device" + [ "$operation" != "header" ] && printf "%s" "$passphrase" | sudo cryptsetup luksAddKey -q $block keyfile - 2>&1 | sed 's/^/\t/g' + [ "$operation" = "header" ] && printf "%s" "$passphrase" | sudo cryptsetup luksAddKey -q --header $header $block keyfile - 2>&1 | sed 's/^/\t/g' + echo "> Opening the device '$block' as /dev/mapper/temp-test" [ "$operation" != "header" ] && printf "%s" "$passphrase" | sudo cryptsetup luksOpen -q $block temp-test - 2>&1 | sed 's/^/\t/g' [ "$operation" = "header" ] && printf "%s" "$passphrase" | sudo cryptsetup luksOpen -q --header $header $block temp-test - 2>&1 | sed 's/^/\t/g' @@ -92,6 +99,27 @@ then echo "> Closing the device '/dev/mapper/temp-test'" sudo cryptsetup luksClose temp-test + echo "> Testing nlplug-findfs on $block using keyfile" + [ "$operation" != "header" ] && { echo "$passphrase" | sudo ./nlplug-findfs -p /sbin/mdev ${flags} -c $block -k keyfile -m 'test-device' /dev/mapper/test-device || retcode=1; } + [ "$operation" = "header" ] && { echo "$passphrase" | sudo ./nlplug-findfs -p /sbin/mdev ${flags} -H $header -c $block -k keyfile -m 'test-device' /dev/mapper/test-device || retcode=1; } + + if [ $retcode -eq 0 ]; then + echo "> Mounting the device" + sudo mount /dev/mapper/test-device local-mount + echo "> Getting proof" + check=$(cat local-mount/proof) + echo "Retrieved proof is: $check" + if [ "$check" != "$proof" ]; then + retcode=1 + fi + fi + [ $retcode -eq 0 ] && echo "Operation succeeded, proofs match" || echo "Operation failed, proofs don't match" + + echo "> Unmounting the fs" + mountpoint local-mount && sudo umount local-mount + echo "> Closing the device '/dev/mapper/test-device'" + [ -b /dev/mapper/test-device ] && sudo cryptsetup luksClose test-device + echo "> Testing nlplug-findfs on $block (passphrase was '$passphrase')" [ "$operation" != "header" ] && { echo "$passphrase" | sudo ./nlplug-findfs -p /sbin/mdev ${flags} -c $block -m 'test-device' /dev/mapper/test-device || retcode=1; } [ "$operation" = "header" ] && { echo "$passphrase" | sudo ./nlplug-findfs -p /sbin/mdev ${flags} -H $header -c $block -m 'test-device' /dev/mapper/test-device || retcode=1; } |