diff options
| author | pks <pks@pks.rocks> | 2021-08-08 15:39:55 +0200 |
|---|---|---|
| committer | pks <pks@pks.rocks> | 2021-08-08 15:39:55 +0200 |
| commit | 519e9158e8e0860b99104868643dfd44a8fd8a4b (patch) | |
| tree | d400f839c485f09e78455f57a81c08a1efa6a08a | |
| parent | f3d725b0eddb643016a5cda9ba5eea62fed0d96f (diff) | |
| -rwxr-xr-x | bin/busybox | bin | 2304000 -> 2691440 bytes | |||
| -rwxr-xr-x | bin/cryptsetup | bin | 1524840 -> 2260384 bytes | |||
| -rwxr-xr-x | bin/resume | bin | 1317856 -> 0 bytes | |||
| -rw-r--r-- | etc/suspend.conf | 8 | ||||
| -rwxr-xr-x | init | 50 | ||||
| -rwxr-xr-x | make | 5 | ||||
| -rwxr-xr-x | scripts/create | 9 | ||||
| -rwxr-xr-x | scripts/install | 8 |
8 files changed, 62 insertions, 18 deletions
diff --git a/bin/busybox b/bin/busybox Binary files differindex 8919e12..63b3a30 100755 --- a/bin/busybox +++ b/bin/busybox diff --git a/bin/cryptsetup b/bin/cryptsetup Binary files differindex aae4b30..a8e299a 100755 --- a/bin/cryptsetup +++ b/bin/cryptsetup diff --git a/bin/resume b/bin/resume Binary files differdeleted file mode 100755 index 977924b..0000000 --- a/bin/resume +++ /dev/null diff --git a/etc/suspend.conf b/etc/suspend.conf index e7e9a15..53308bc 100644 --- a/etc/suspend.conf +++ b/etc/suspend.conf @@ -1,8 +1,12 @@ +snapshot device = /dev/snapshot resume device = /dev/sda1 -resume offset = 1702432 # value=`swap-offset /swapfile` +#resume offset = 1702432 # value=`swap-offset /swapfile` #image size = 2147483648 +#RSA key file = /etc/suspend.key +#image size = 350000000 +#suspend loglevel = 2 #compute checksum = y #compress = y #encrypt = y -#RSA key file = /etc/suspend.key #early writeout = y +#splash = y @@ -1,15 +1,23 @@ #!/bin/busybox sh -ROOT=/dev/disk/by-label/rootfs -HOME=/dev/disk/by-uuid/092fdc4a-4356-47d9-9272-9a5f58e33bbf +ROOT_DEV=/dev/disk/by-label/rootfs +# USB stick w/ keys +USB_KEY_ID=0781:5567 +USB_KEY_DEV=/dev/disk/by-uuid/953f675b-5c6c-4ae9-ab1b-189e923c945d +# encrypted home +HOME_KEY_FILE_NAME=.bogues-home.key +HOME_DEV=/dev/disk/by-uuid/092fdc4a-4356-47d9-9272-9a5f58e33bbf +# encrypted sdcard +EXT_SD_KEY_FILE_NAME=.bogues-ext_sd.key +EXT_SD_DEV=/dev/disk/by-uuid/c3834c30-2f8e-4955-a682-cf898979b41f prep_dev() { for opt in `cat /proc/cmdline`; do - name=$(echo $opt | cut -d'=' -f 1) - if [ $name == "root" ] || [ $name == "crypt_part" ]; then + name=$(echo $opt | cut -d= -f 1) + if [ $name == "root" ] || [ $name == "home" ] || [ $name == "ext_sd" ] || [ $name == "usb_key" ]; then type=$(echo $opt | cut -d'=' -f 2) - id=$(echo $opt | cut -d'=' -f 3) + id=$(echo $opt | cut -d= -f 3) if [ $type == LABEL ]; then prefix="/dev/disk/by-label"; elif [ $type == UUID ]; then @@ -34,7 +42,12 @@ rescue_shell() cryptsetup_do() { echo "cryptsetup $1 $2" - cryptsetup -T 3 luksOpen $1 $2 + mkdir -p /run/cryptsetup + if [ -f $3 ]; then + cryptsetup luksOpen $1 $2 --key-file $3 + else + cryptsetup -T 3 luksOpen $1 $2 + fi } mount_root() @@ -43,21 +56,36 @@ mount_root() mount $1 /newroot } -mkdir -p /dev /proc /sys /newroot /etc +mkdir -p /dev /proc /sys /newroot /etc /key touch /etc/mtab mount -t devtmpfs none /dev mount -t proc none /proc mount -t sysfs none /sys +# wait for USB stick w/ keys on it +for _ in {1..3}; do + sleep 3 + lsusb | grep $USB_KEY_ID 2>&1 /dev/null + if [[ $? == 0 ]]; then break; fi +done prep_dev -resume -cryptsetup_do $HOME home -mount_root $ROOT || rescue_shell + +# `resume` is currently not used +#resume + +mount_root $ROOT_DEV || rescue_shell + +if [ -e $USB_KEY_DEV ]; then + mount $USB_KEY_DEV /key 2>&1 > /dev/null +fi + +cryptsetup_do $HOME_DEV home /key/$HOME_KEY_FILE_NAME +cryptsetup_do $EXT_SD_DEV ext_sd /key/$EXT_SD_KEY_FILE_NAME umount /dev umount /proc umount /sys +umount /key 2>&1 > /dev/null exec switch_root /newroot /sbin/init - @@ -1,5 +0,0 @@ -#!/bin/zsh -x - -cp -a /etc/suspend.conf etc/ -find . \( ! -regex '.*/\..*' \) -print0 | sed "s|\./make||" | sed "s|\./README\.md||" | cpio --null -ov --format=newc | xz --check=crc32 > /tmp/initramfs.cpio.xz - diff --git a/scripts/create b/scripts/create new file mode 100755 index 0000000..567902a --- /dev/null +++ b/scripts/create @@ -0,0 +1,9 @@ +#!/bin/zsh -x + +cp -a /etc/suspend.conf etc/ +find . \( ! -regex '.*/\..*' \) -print0 \ + | sed "s|\./scripts||" \ + | sed "s|\./scripts/create||" \ + | sed "s|\./scripts/install||" \ + | sed "s|\./README\.md||" \ + | cpio --null -ov --format=newc | xz --check=crc32 > /tmp/initramfs.cpio.xz diff --git a/scripts/install b/scripts/install new file mode 100755 index 0000000..4d6fa1b --- /dev/null +++ b/scripts/install @@ -0,0 +1,8 @@ +#!/usr/bin/env zsh + +if [ -f /tmp/initramfs.cpio.xz ]; then + sudo mv /tmp/initramfs.cpio.xz /boot + sudo lilo +else + echo "Couldn't find /tmp/initramfs.cpio.xz" +fi |