From 519e9158e8e0860b99104868643dfd44a8fd8a4b Mon Sep 17 00:00:00 2001
From: pks <pks@pks.rocks>
Date: Sun, 8 Aug 2021 15:39:55 +0200
Subject: overhaul

---
 bin/busybox      | Bin 2304000 -> 2691440 bytes
 bin/cryptsetup   | Bin 1524840 -> 2260384 bytes
 bin/resume       | Bin 1317856 -> 0 bytes
 etc/suspend.conf |   8 ++++++--
 init             |  50 +++++++++++++++++++++++++++++++++++++++-----------
 make             |   5 -----
 scripts/create   |   9 +++++++++
 scripts/install  |   8 ++++++++
 8 files changed, 62 insertions(+), 18 deletions(-)
 delete mode 100755 bin/resume
 delete mode 100755 make
 create mode 100755 scripts/create
 create mode 100755 scripts/install

diff --git a/bin/busybox b/bin/busybox
index 8919e12..63b3a30 100755
Binary files a/bin/busybox and b/bin/busybox differ
diff --git a/bin/cryptsetup b/bin/cryptsetup
index aae4b30..a8e299a 100755
Binary files a/bin/cryptsetup and b/bin/cryptsetup differ
diff --git a/bin/resume b/bin/resume
deleted file mode 100755
index 977924b..0000000
Binary files a/bin/resume and /dev/null differ
diff --git a/etc/suspend.conf b/etc/suspend.conf
index e7e9a15..53308bc 100644
--- a/etc/suspend.conf
+++ b/etc/suspend.conf
@@ -1,8 +1,12 @@
+snapshot device = /dev/snapshot
 resume device = /dev/sda1
-resume offset = 1702432 # value=`swap-offset /swapfile`
+#resume offset = 1702432 # value=`swap-offset /swapfile`
 #image size = 2147483648
+#RSA key file = /etc/suspend.key
+#image size = 350000000
+#suspend loglevel = 2
 #compute checksum = y
 #compress = y
 #encrypt = y
-#RSA key file = /etc/suspend.key
 #early writeout = y
+#splash = y
diff --git a/init b/init
index 8c1f7d0..eb7f5d3 100755
--- a/init
+++ b/init
@@ -1,15 +1,23 @@
 #!/bin/busybox sh
 
-ROOT=/dev/disk/by-label/rootfs
-HOME=/dev/disk/by-uuid/092fdc4a-4356-47d9-9272-9a5f58e33bbf
+ROOT_DEV=/dev/disk/by-label/rootfs
+# USB stick w/ keys
+USB_KEY_ID=0781:5567
+USB_KEY_DEV=/dev/disk/by-uuid/953f675b-5c6c-4ae9-ab1b-189e923c945d
+# encrypted home
+HOME_KEY_FILE_NAME=.bogues-home.key
+HOME_DEV=/dev/disk/by-uuid/092fdc4a-4356-47d9-9272-9a5f58e33bbf
+# encrypted sdcard
+EXT_SD_KEY_FILE_NAME=.bogues-ext_sd.key
+EXT_SD_DEV=/dev/disk/by-uuid/c3834c30-2f8e-4955-a682-cf898979b41f
 
 prep_dev()
 {
     for opt in `cat /proc/cmdline`; do
-      name=$(echo $opt | cut -d'=' -f 1)
-      if [ $name == "root" ] || [ $name == "crypt_part" ]; then
+      name=$(echo $opt | cut -d= -f 1)
+      if [ $name == "root" ] || [ $name == "home" ] || [ $name == "ext_sd" ] || [ $name == "usb_key" ]; then
         type=$(echo $opt | cut -d'=' -f 2)
-        id=$(echo $opt | cut -d'=' -f 3)
+        id=$(echo $opt | cut -d= -f 3)
         if [ $type == LABEL ]; then
           prefix="/dev/disk/by-label";
         elif [ $type == UUID ]; then
@@ -34,7 +42,12 @@ rescue_shell()
 cryptsetup_do()
 {
   echo "cryptsetup $1 $2"
-  cryptsetup -T 3 luksOpen $1 $2
+  mkdir -p /run/cryptsetup
+  if [ -f $3 ]; then
+    cryptsetup luksOpen $1 $2 --key-file $3
+  else
+    cryptsetup -T 3 luksOpen $1 $2
+  fi
 }
 
 mount_root()
@@ -43,21 +56,36 @@ mount_root()
   mount $1 /newroot
 }
 
-mkdir -p /dev /proc /sys /newroot /etc
+mkdir -p /dev /proc /sys /newroot /etc /key
 touch /etc/mtab
 
 mount -t devtmpfs none /dev
 mount -t proc none /proc
 mount -t sysfs none /sys
 
+# wait for USB stick w/ keys on it
+for _ in {1..3}; do
+  sleep 3
+  lsusb | grep $USB_KEY_ID 2>&1 /dev/null
+  if [[ $? == 0 ]]; then break; fi
+done
 prep_dev
-resume
-cryptsetup_do $HOME home
-mount_root $ROOT || rescue_shell
+
+# `resume` is currently not used
+#resume
+
+mount_root $ROOT_DEV || rescue_shell
+
+if [ -e $USB_KEY_DEV ]; then
+  mount $USB_KEY_DEV /key 2>&1 > /dev/null
+fi
+
+cryptsetup_do $HOME_DEV home /key/$HOME_KEY_FILE_NAME
+cryptsetup_do $EXT_SD_DEV ext_sd /key/$EXT_SD_KEY_FILE_NAME
 
 umount /dev
 umount /proc
 umount /sys
+umount /key 2>&1 > /dev/null
 
 exec switch_root /newroot /sbin/init
-
diff --git a/make b/make
deleted file mode 100755
index f1c3dab..0000000
--- a/make
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/zsh -x
-
-cp -a /etc/suspend.conf etc/
-find . \( ! -regex '.*/\..*' \) -print0 | sed "s|\./make||" | sed "s|\./README\.md||" | cpio --null -ov --format=newc | xz --check=crc32 > /tmp/initramfs.cpio.xz
-
diff --git a/scripts/create b/scripts/create
new file mode 100755
index 0000000..567902a
--- /dev/null
+++ b/scripts/create
@@ -0,0 +1,9 @@
+#!/bin/zsh -x
+
+cp -a /etc/suspend.conf etc/
+find . \( ! -regex '.*/\..*' \) -print0 \
+  | sed "s|\./scripts||" \
+  | sed "s|\./scripts/create||" \
+  | sed "s|\./scripts/install||" \
+  | sed "s|\./README\.md||" \
+  | cpio --null -ov --format=newc | xz --check=crc32 > /tmp/initramfs.cpio.xz
diff --git a/scripts/install b/scripts/install
new file mode 100755
index 0000000..4d6fa1b
--- /dev/null
+++ b/scripts/install
@@ -0,0 +1,8 @@
+#!/usr/bin/env zsh
+
+if [ -f /tmp/initramfs.cpio.xz ]; then
+  sudo mv /tmp/initramfs.cpio.xz /boot
+  sudo lilo
+else
+  echo "Couldn't find /tmp/initramfs.cpio.xz"
+fi
-- 
cgit v1.2.3