initrd_luks_pkcs/etc/initramfs-tools/hooks/decrypt_pkcs

91 lines
2.6 KiB
Text
Raw Normal View History

2021-04-04 17:51:53 +00:00
#!/bin/sh
set -e
PREREQ="cryptroot"
prereqs()
{
echo "$PREREQ"
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
. /lib/cryptsetup/functions
if [ ! -x "$DESTDIR/lib/cryptsetup/scripts/decrypt_pkcs" ] || [ ! -f "$TABFILE" ]; then
exit 0
fi
# Fetching local parameters
if [ -f /etc/default/decrypt_pkcs ] ; then
. /etc/default/decrypt_pkcs
fi
DECIPHER_COMMAND=${DECIPHER_COMMAND:-/usr/bin/pkcs15-crypt}
SMARTCARD_PRESENCE_COMMAND=${SMARTCARD_PRESENCE_COMMAND:-/usr/bin/opensc-tool}
2021-04-11 14:29:58 +00:00
DECIPHER_MULTI=${DECIPHER_MULTI:-0}
2021-04-04 17:51:53 +00:00
# Hooks for loading smartcard reading software into the initramfs
copy_keys() {
crypttab_parse_options
if [ "${CRYPTTAB_OPTION_keyscript-}" = "/lib/cryptsetup/scripts/decrypt_pkcs" ]; then
if [ -f "$CRYPTTAB_KEY" ]; then
[ -f "$DESTDIR$CRYPTTAB_KEY" ] || copy_file keyfile "$CRYPTTAB_KEY" || RV=$?
else
cryptsetup_message "ERROR: Target $CRYPTTAB_NAME has a non-existing key file $CRYPTTAB_KEY"
RV=1
fi
fi
}
RV=0
#copy default key
crypttab_foreach_entry copy_keys
2021-04-11 14:29:58 +00:00
if [ $DECIPHER_MULTI = 1 ] ; then
#copy all keys
mkdir -p "$DESTDIR/${DECIPHER_MULTI_FOLDER}"
cp -t "$DESTDIR/${DECIPHER_MULTI_FOLDER}" "${DECIPHER_MULTI_FOLDER}/${DECIPHER_MULTI_PATTERN}"*
fi
2021-04-04 17:51:53 +00:00
# Install directories needed by smartcard reading daemon, command, and
# key-script
mkdir -p -- "$DESTDIR/etc/opensc" "$DESTDIR/usr/lib/pcsc" "$DESTDIR/var/run" "$DESTDIR/tmp" "$DESTDIR/etc/default"
2021-04-04 17:51:53 +00:00
# Install pcscd daemon, drivers, conf file
copy_exec /usr/sbin/pcscd
LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')"
find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
copy_exec "$so"
done
cp -rt "$DESTDIR/usr/lib" /usr/lib/pcsc
cp -t "$DESTDIR/etc" /etc/reader.conf || true
cp -t "$DESTDIR/etc" /etc/libccid_Info.plist
# Install opensc commands and conf file
copy_exec /usr/bin/opensc-tool
copy_exec $SMARTCARD_PRESENCE_COMMAND
copy_exec $DECIPHER_COMMAND
2021-04-04 17:51:53 +00:00
cp -t "$DESTDIR/etc/opensc" /etc/opensc/opensc.conf
cp -t "$DESTDIR/etc/default" /etc/default/decrypt_pkcs
2021-04-04 17:51:53 +00:00
2021-04-11 14:29:58 +00:00
# If Multi
if [ $DECIPHER_MULTI = 1 ] ; then
mkdir -p $DESTDIR/$(dirname "${DECIPHER_MULTI_SCRIPT}")
cp -t $DESTDIR/$(dirname "${DECIPHER_MULTI_SCRIPT}") "${DECIPHER_MULTI_SCRIPT}"
chmod +x $DESTDIR/"${DECIPHER_MULTI_SCRIPT}"
for bin in $DECIPHER_MULTI_SCRIPT_DEPENDS ; do
copy_exec $bin
done
fi
2021-04-04 17:51:53 +00:00
exit $RV