initrd_luks_pkcs/decrypt_pkcs_hook
Alex 1195a1a762 [feat] Allow custom commands
* Decipher command
  * Smartcard presence test
2021-04-05 09:51:47 +02:00

75 lines
2.1 KiB
Bash
Executable file

#!/bin/sh
set -e
PREREQ="cryptroot"
prereqs()
{
echo "$PREREQ"
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
. /lib/cryptsetup/functions
if [ ! -x "$DESTDIR/lib/cryptsetup/scripts/decrypt_pkcs" ] || [ ! -f "$TABFILE" ]; then
exit 0
fi
# Fetching local parameters
if [ -f /etc/default/decrypt_pkcs ] ; then
. /etc/default/decrypt_pkcs
fi
DECIPHER_COMMAND=${DECIPHER_COMMAND:-/usr/bin/pkcs15-crypt}
SMARTCARD_PRESENCE_COMMAND=${SMARTCARD_PRESENCE_COMMAND:-/usr/bin/opensc-tool}
# Hooks for loading smartcard reading software into the initramfs
copy_keys() {
crypttab_parse_options
if [ "${CRYPTTAB_OPTION_keyscript-}" = "/lib/cryptsetup/scripts/decrypt_pkcs" ]; then
if [ -f "$CRYPTTAB_KEY" ]; then
[ -f "$DESTDIR$CRYPTTAB_KEY" ] || copy_file keyfile "$CRYPTTAB_KEY" || RV=$?
else
cryptsetup_message "ERROR: Target $CRYPTTAB_NAME has a non-existing key file $CRYPTTAB_KEY"
RV=1
fi
fi
}
RV=0
#copy default key
crypttab_foreach_entry copy_keys
#copy all users keys
#mkdir -p "$DESTDIR/etc/keys"
#cp /etc/keys/pass*.enc "$DESTDIR/etc/keys/"
# Install directories needed by smartcard reading daemon, command, and
# key-script
mkdir -p -- "$DESTDIR/etc/opensc" "$DESTDIR/usr/lib/pcsc" "$DESTDIR/var/run" "$DESTDIR/tmp" "$DESTDIR/etc/default"
# Install pcscd daemon, drivers, conf file
copy_exec /usr/sbin/pcscd
LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')"
find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
copy_exec "$so"
done
cp -rt "$DESTDIR/usr/lib" /usr/lib/pcsc
cp -t "$DESTDIR/etc" /etc/reader.conf || true
cp -t "$DESTDIR/etc" /etc/libccid_Info.plist
# Install opensc commands and conf file
copy_exec /usr/bin/opensc-tool
copy_exec $SMARTCARD_PRESENCE_COMMAND
copy_exec $DECIPHER_COMMAND
cp -t "$DESTDIR/etc/opensc" /etc/opensc/opensc.conf
cp -t "$DESTDIR/etc/default" /etc/default/decrypt_pkcs
exit $RV