@@ -0,0 +1,45 | |||||
|
1 | #!/bin/sh | |||
|
2 | ||||
|
3 | PREREQ="dropbear" | |||
|
4 | ||||
|
5 | prereqs() { | |||
|
6 | echo "$PREREQ" | |||
|
7 | } | |||
|
8 | ||||
|
9 | case "$1" in | |||
|
10 | prereqs) | |||
|
11 | prereqs | |||
|
12 | exit 0 | |||
|
13 | ;; | |||
|
14 | esac | |||
|
15 | ||||
|
16 | . "${CONFDIR}/initramfs.conf" | |||
|
17 | . /usr/share/initramfs-tools/hook-functions | |||
|
18 | ||||
|
19 | if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then | |||
|
20 | cat > "${DESTDIR}/bin/unlock" << EOF | |||
|
21 | #!/bin/sh | |||
|
22 | if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then | |||
|
23 | kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\` | |||
|
24 | # following line kill the remote shell right after the passphrase has | |||
|
25 | # been entered. | |||
|
26 | kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\` | |||
|
27 | exit 0 | |||
|
28 | fi | |||
|
29 | exit 1 | |||
|
30 | EOF | |||
|
31 | ||||
|
32 | chmod 755 "${DESTDIR}/bin/unlock" | |||
|
33 | ||||
|
34 | mkdir -p "${DESTDIR}/lib/unlock" | |||
|
35 | cat > "${DESTDIR}/lib/unlock/plymouth" << EOF | |||
|
36 | #!/bin/sh | |||
|
37 | [ "\$1" == "--ping" ] && exit 1 | |||
|
38 | /bin/plymouth "\$@" | |||
|
39 | EOF | |||
|
40 | ||||
|
41 | chmod 755 "${DESTDIR}/lib/unlock/plymouth" | |||
|
42 | ||||
|
43 | echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd | |||
|
44 | ||||
|
45 | fi No newline at end of file |
@@ -418,6 +418,12 Set cipher specification string. `aes-xts*` ciphers are strongly recommended. | |||||
418 | ##### `CRYPTFS_XTSKEYSIZE`=512 |
|
418 | ##### `CRYPTFS_XTSKEYSIZE`=512 | |
419 | Sets key size in bits. The argument has to be a multiple of 8. |
|
419 | Sets key size in bits. The argument has to be a multiple of 8. | |
420 |
|
420 | |||
|
421 | ##### `CRYPTFS_DROPBEAR`=false | |||
|
422 | Enable Dropbear Initramfs support | |||
|
423 | ||||
|
424 | ##### `CRYPTFS_DROPBEAR_PUBKEY`="" | |||
|
425 | Provide path to dropbear Public RSA-OpenSSH Key | |||
|
426 | ||||
421 | --- |
|
427 | --- | |
422 |
|
428 | |||
423 | #### Build settings: |
|
429 | #### Build settings: |
@@ -43,8 +43,43 if [ "$ENABLE_INITRAMFS" = true ] ; then | |||||
43 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" |
|
43 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
44 | fi |
|
44 | fi | |
45 |
|
45 | |||
|
46 | if [ "$CRYPTFS_DROPBEAR" = true ]; then | |||
|
47 | if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then | |||
|
48 | install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
49 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |||
|
50 | else | |||
|
51 | # Create key | |||
|
52 | chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear | |||
|
53 | ||||
|
54 | # Convert dropbear key to openssh key | |||
|
55 | chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa | |||
|
56 | ||||
|
57 | # Get Public Key Part | |||
|
58 | chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub | |||
|
59 | ||||
|
60 | # Delete unwanted lines | |||
|
61 | sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
62 | sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub | |||
|
63 | ||||
|
64 | # Trust the new key | |||
|
65 | cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys | |||
|
66 | ||||
|
67 | # Save Keys - convert with putty from rsa/openssh to puttkey | |||
|
68 | cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa | |||
|
69 | ||||
|
70 | # Get unlock script | |||
|
71 | install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh | |||
|
72 | ||||
|
73 | # Enable Dropbear inside initramfs | |||
|
74 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |||
|
75 | ||||
|
76 | # Enable Dropbear inside initramfs | |||
|
77 | sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear | |||
|
78 | fi | |||
|
79 | else | |||
46 |
|
|
80 | # Disable SSHD inside initramfs | |
47 |
|
|
81 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
|
82 | fi | |||
48 |
|
83 | |||
49 | # Add cryptsetup modules to initramfs |
|
84 | # Add cryptsetup modules to initramfs | |
50 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
|
85 | printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" |
@@ -86,9 +86,6 fi | |||||
86 |
|
86 | |||
87 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then |
|
87 | if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |
88 |
|
88 | |||
89 | # RPI0,3,3P Use default ttyS0 (mini-UART)as serial interface |
|
|||
90 | SET_SERIAL="ttyS0" |
|
|||
91 |
|
||||
92 | # Bluetooth enabled |
|
89 | # Bluetooth enabled | |
93 | if [ "$ENABLE_BLUETOOTH" = true ] ; then |
|
90 | if [ "$ENABLE_BLUETOOTH" = true ] ; then | |
94 | # Create temporary directory for Bluetooth sources |
|
91 | # Create temporary directory for Bluetooth sources | |
@@ -111,6 +108,10 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
111 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" |
|
108 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart" | |
112 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" |
|
109 | install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper" | |
113 |
|
110 | |||
|
111 | # make scripts executable | |||
|
112 | chmod +x "${R}/usr/bin/bthelper" | |||
|
113 | chmod +x "${R}/usr/bin/btuart" | |||
|
114 | ||||
114 | # Install bluetooth udev rule |
|
115 | # Install bluetooth udev rule | |
115 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" |
|
116 | install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules" | |
116 |
|
117 | |||
@@ -121,12 +122,12 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
121 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" |
|
122 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service" | |
122 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" |
|
123 | install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service" | |
123 |
|
124 | |||
124 |
# Remove temporary director |
|
125 | # Remove temporary directories | |
125 | rm -fr "${temp_dir}" |
|
126 | rm -fr "${temp_dir}" | |
|
127 | rm -fr "${R}"/tmp/pi-bluetooth | |||
126 |
|
128 | |||
127 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 |
|
129 | # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0 | |
128 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then |
|
130 | if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then | |
129 | SET_SERIAL="ttyAMA0" |
|
|||
130 |
|
131 | |||
131 | # set overlay to swap ttyAMA0 and ttyS0 |
|
132 | # set overlay to swap ttyAMA0 and ttyS0 | |
132 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" |
|
133 | echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt" | |
@@ -135,23 +136,15 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then | |||||
135 | if [ "$ENABLE_TURBO" = false ] ; then |
|
136 | if [ "$ENABLE_TURBO" = false ] ; then | |
136 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" |
|
137 | echo "core_freq=250" >> "${BOOT_DIR}/config.txt" | |
137 | fi |
|
138 | fi | |
|
139 | fi | |||
138 |
|
140 | |||
139 |
|
|
141 | # Activate services | |
140 |
|
|
142 | chroot_exec systemctl enable pi-bluetooth.hciuart.service | |
141 | #chroot_exec systemctl enable pi-bluetooth.bthelper@.service |
|
|||
142 | else |
|
|||
143 | chroot_exec systemctl enable pi-bluetooth.hciuart.service |
|
|||
144 | #chroot_exec systemctl enable pi-bluetooth.bthelper@.service |
|
|||
145 | fi |
|
|||
146 |
|
143 | |||
147 | else # if ENABLE_BLUETOOTH = false |
|
144 | else # if ENABLE_BLUETOOTH = false | |
148 | # set overlay to disable bluetooth |
|
145 | # set overlay to disable bluetooth | |
149 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" |
|
146 | echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt" | |
150 | fi # ENABLE_BLUETOOTH end |
|
147 | fi # ENABLE_BLUETOOTH end | |
151 |
|
||||
152 | else |
|
|||
153 | # RPI1,1P,2 Use default ttyAMA0 (full UART) as serial interface |
|
|||
154 | SET_SERIAL="ttyAMA0" |
|
|||
155 | fi |
|
148 | fi | |
156 |
|
149 | |||
157 | # may need sudo systemctl disable hciuart |
|
150 | # may need sudo systemctl disable hciuart | |
@@ -161,9 +154,10 if [ "$ENABLE_CONSOLE" = true ] ; then | |||||
161 | CMDLINE="${CMDLINE} console=serial0,115200" |
|
154 | CMDLINE="${CMDLINE} console=serial0,115200" | |
162 |
|
155 | |||
163 | # Enable serial console systemd style |
|
156 | # Enable serial console systemd style | |
164 |
chroot_exec systemctl enable serial-getty\@ |
|
157 | chroot_exec systemctl enable serial-getty\@serial0.service | |
165 | else |
|
158 | else | |
166 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" |
|
159 | echo "enable_uart=0" >> "${BOOT_DIR}/config.txt" | |
|
160 | ||||
167 | # disable serial console systemd style |
|
161 | # disable serial console systemd style | |
168 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service |
|
162 | chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service | |
169 | fi |
|
163 | fi | |
@@ -204,6 +198,7 else | |||||
204 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" |
|
198 | CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4" | |
205 | fi |
|
199 | fi | |
206 | fi |
|
200 | fi | |
|
201 | ||||
207 |
|
|
202 | if [ "$KERNEL_SECURITY" = true ] ; then | |
208 |
|
|
203 | CMDLINE="${CMDLINE} apparmor=1 security=apparmor" | |
209 |
|
|
204 | fi |
@@ -57,6 +57,20 else # ENABLE_DHCP=false | |||||
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ |
|
57 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ | |
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ |
|
58 | -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ | |
59 | "${ETC_DIR}/systemd/network/eth.network" |
|
59 | "${ETC_DIR}/systemd/network/eth.network" | |
|
60 | ||||
|
61 | if [ "$CRYPTFS_DROPBEAR" = true ] ; then | |||
|
62 | # Get cdir from NET_ADDRESS e.g. 24 | |||
|
63 | cdir=$(${NET_ADDRESS} | cut -d '/' -f2) | |||
|
64 | ||||
|
65 | # Convert cdir ro netmask e.g. 24 to 255.255.255.0 | |||
|
66 | NET_MASK=$(cdr2mask "$cdir") | |||
|
67 | ||||
|
68 | # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
69 | sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf | |||
|
70 | ||||
|
71 | # Regenerate initramfs | |||
|
72 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |||
|
73 | fi | |||
60 | fi |
|
74 | fi | |
61 |
|
75 | |||
62 | # Remove empty settings from network configuration |
|
76 | # Remove empty settings from network configuration |
@@ -32,6 +32,7 if [ "$ENABLE_IPTABLES" = true ] ; then | |||||
32 | #iptables-save and -restore are slaves of iptables and thus are set accordingly |
|
32 | #iptables-save and -restore are slaves of iptables and thus are set accordingly | |
33 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy |
|
33 | chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy | |
34 | fi |
|
34 | fi | |
|
35 | ||||
35 | # Install ip6tables systemd service |
|
36 | # Install ip6tables systemd service | |
36 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" |
|
37 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" | |
37 |
|
38 |
@@ -22,8 +22,3 else | |||||
22 | # Set no root password to disable root login |
|
22 | # Set no root password to disable root login | |
23 | chroot_exec usermod -p \'!\' root |
|
23 | chroot_exec usermod -p \'!\' root | |
24 | fi |
|
24 | fi | |
25 |
|
||||
26 | # Enable serial console systemd style |
|
|||
27 | if [ "$ENABLE_CONSOLE" = true ] ; then |
|
|||
28 | chroot_exec systemctl enable serial-getty\@ttyAMA0.service |
|
|||
29 | fi |
|
@@ -50,4 +50,7 if [ "$ENABLE_VIDEOCORE" = true ] ; then | |||||
50 |
|
50 | |||
51 | #back to root of scriptdir |
|
51 | #back to root of scriptdir | |
52 | cd "${WORKDIR}" |
|
52 | cd "${WORKDIR}" | |
|
53 | ||||
|
54 | # Remove videocore sources | |||
|
55 | rm -fr "${R}"/tmp/userland/ | |||
53 | fi |
|
56 | fi |
@@ -8,6 +8,7 INITRAMFS_UBOOT="${INITRAMFS}.uboot" | |||||
8 | # Extract kernel arch |
|
8 | # Extract kernel arch | |
9 | case "${KERNEL_ARCH}" in |
|
9 | case "${KERNEL_ARCH}" in | |
10 | arm*) KERNEL_ARCH=arm ;; |
|
10 | arm*) KERNEL_ARCH=arm ;; | |
|
11 | aarch64) KERNEL_ARCH=arm64 ;; | |||
11 | esac |
|
12 | esac | |
12 |
|
13 | |||
13 | # Regenerate initramfs |
|
14 | # Regenerate initramfs |
@@ -74,18 +74,28 chroot_install_cc() { | |||||
74 | # Install c/c++ build environment inside the chroot |
|
74 | # Install c/c++ build environment inside the chroot | |
75 | if [ -z "${COMPILER_PACKAGES}" ] ; then |
|
75 | if [ -z "${COMPILER_PACKAGES}" ] ; then | |
76 | COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }') |
|
76 | COMPILER_PACKAGES=$(chroot_exec apt-get -s install g++ make bc | grep "^Inst " | awk -v ORS=" " '{ print $2 }') | |
77 | # Install COMPILER_PACKAGES in chroot |
|
77 | # Install COMPILER_PACKAGES in chroot - NEVER do "${COMPILER_PACKAGES}" -> breaks uboot | |
78 |
chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install |
|
78 | chroot_exec apt-get -q -y --allow-unauthenticated --no-install-recommends install ${COMPILER_PACKAGES} | |
79 | fi |
|
79 | fi | |
80 | } |
|
80 | } | |
81 |
|
81 | |||
82 | chroot_remove_cc() { |
|
82 | chroot_remove_cc() { | |
83 | # Remove c/c++ build environment from the chroot |
|
83 | # Remove c/c++ build environment from the chroot | |
84 | if [ -n "${COMPILER_PACKAGES}" ] ; then |
|
84 | if [ -n "${COMPILER_PACKAGES}" ] ; then | |
85 |
chroot_exec apt-get -qq -y --auto-remove purge |
|
85 | chroot_exec apt-get -qq -y --auto-remove purge ${COMPILER_PACKAGES} | |
86 | COMPILER_PACKAGES="" |
|
86 | COMPILER_PACKAGES="" | |
87 | fi |
|
87 | fi | |
88 | } |
|
88 | } | |
|
89 | ||||
|
90 | # https://serverfault.com/a/682849 - converts e.g. /24 to 255.255.255.0 | |||
|
91 | cdr2mask () | |||
|
92 | { | |||
|
93 | # Number of args to shift, 255..255, first non-255 byte, zeroes | |||
|
94 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 | |||
|
95 | [ $1 -gt 1 ] && shift $1 || shift | |||
|
96 | echo ${1-0}.${2-0}.${3-0}.${4-0} | |||
|
97 | } | |||
|
98 | ||||
89 | # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh |
|
99 | # GPL v2.0 - #https://github.com/sakaki-/bcmrpi3-kernel-bis/blob/master/conform_config.sh | |
90 | set_kernel_config() { |
|
100 | set_kernel_config() { | |
91 | # flag as $1, value to set as $2, config must exist at "./.config" |
|
101 | # flag as $1, value to set as $2, config must exist at "./.config" | |
@@ -97,6 +107,7 set_kernel_config() { | |||||
97 | echo "${TGT}"="${2}" >> .config |
|
107 | echo "${TGT}"="${2}" >> .config | |
98 | fi |
|
108 | fi | |
99 | } |
|
109 | } | |
|
110 | ||||
100 | # unset kernel config parameter |
|
111 | # unset kernel config parameter | |
101 | unset_kernel_config() { |
|
112 | unset_kernel_config() { | |
102 | # unsets flag with the value of $1, config must exist at "./.config" |
|
113 | # unsets flag with the value of $1, config must exist at "./.config" |
@@ -209,6 +209,10 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""} | |||||
209 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} |
|
209 | CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"} | |
210 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} |
|
210 | CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"} | |
211 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} |
|
211 | CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512} | |
|
212 | #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup | |||
|
213 | CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false} | |||
|
214 | #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated | |||
|
215 | CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""} | |||
212 |
|
216 | |||
213 | # Chroot scripts directory |
|
217 | # Chroot scripts directory | |
214 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} |
|
218 | CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""} | |
@@ -227,11 +231,9 MISSING_PACKAGES="" | |||||
227 | # Packages installed for c/c++ build environment in chroot (keep empty) |
|
231 | # Packages installed for c/c++ build environment in chroot (keep empty) | |
228 | COMPILER_PACKAGES="" |
|
232 | COMPILER_PACKAGES="" | |
229 |
|
233 | |||
230 | set +x |
|
|||
231 |
|
||||
232 | #Check if apt-cacher-ng has port 3142 open and set APT_PROXY |
|
234 | # Check if apt-cacher-ng has port 3142 open and set APT_PROXY | |
233 |
APT_CACHER_RUNNING=$(lsof -i :3142 | |
|
235 | APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d') | |
234 |
if [ |
|
236 | if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then | |
235 | APT_PROXY=http://127.0.0.1:3142/ |
|
237 | APT_PROXY=http://127.0.0.1:3142/ | |
236 | fi |
|
238 | fi | |
237 |
|
239 | |||
@@ -393,6 +395,11 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then | |||||
393 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" |
|
395 | REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup" | |
394 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" |
|
396 | APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup" | |
395 |
|
397 | |||
|
398 | # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package | |||
|
399 | if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then | |||
|
400 | APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs" | |||
|
401 | fi | |||
|
402 | ||||
396 | if [ -z "$CRYPTFS_PASSWORD" ] ; then |
|
403 | if [ -z "$CRYPTFS_PASSWORD" ] ; then | |
397 | echo "error: no password defined (CRYPTFS_PASSWORD)!" |
|
404 | echo "error: no password defined (CRYPTFS_PASSWORD)!" | |
398 | exit 1 |
|
405 | exit 1 |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant