From 19bd0979b3dfd5b498e70ca0da170aae028b6b9a Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Mon, 25 May 2020 13:40:03 +0200 Subject: [PATCH] Continued implementation of encryption procedures for pi --- configuration/packages/server/luks.txt | 10 ++++++++++ scripts/base.sh | 10 ++++++++++ scripts/client/setup.sh | 7 ------- scripts/image/setup.sh | 21 +++++++++++++++++++++ 4 files changed, 41 insertions(+), 7 deletions(-) create mode 100644 configuration/packages/server/luks.txt diff --git a/configuration/packages/server/luks.txt b/configuration/packages/server/luks.txt new file mode 100644 index 0000000..238cb70 --- /dev/null +++ b/configuration/packages/server/luks.txt @@ -0,0 +1,10 @@ +# Packages to install LUKS on servers +sudo +git +rsync +base-devel +uboot-tools +dropbear +mkinitcpio-utils +mkinitcpio-netconf +mkinitcpio-dropbear diff --git a/scripts/base.sh b/scripts/base.sh index 6409b79..4d69e6f 100644 --- a/scripts/base.sh +++ b/scripts/base.sh @@ -93,6 +93,16 @@ overwritte_device_with_zeros(){ fi } +get_packages(){ + for package_collection in "$@" + do + package_collection_path="$PACKAGE_PATH""$package_collection.txt" && + info "Loading package collection from $package_collection_path..." && + echo "$(sed -e "/^#/d" -e "s/#.*//" "$package_collection_path" | tr '\n' ' ')" || + error + done +} + HEADER(){ echo echo "${COLOR_YELLOW}The" diff --git a/scripts/client/setup.sh b/scripts/client/setup.sh index 608f840..4c568c1 100644 --- a/scripts/client/setup.sh +++ b/scripts/client/setup.sh @@ -6,13 +6,6 @@ # shellcheck disable=SC2086 # Deactivating escaping warning, because it's wrong concerning pacman_packages source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) -get_packages(){ - for package_collection in "$@" - do - echo "$(sed -e "/^#/d" -e "s/#.*//" "$PACKAGE_PATH""$package_collection.txt" | tr '\n' ' ')" || error "Loading package wasn't possible." - done -} - install_yay_packages_if_needed(){ info "Checking yay packages [ $1 ]..." for package in $1; do diff --git a/scripts/image/setup.sh b/scripts/image/setup.sh index 5f22062..4d0a2cb 100644 --- a/scripts/image/setup.sh +++ b/scripts/image/setup.sh @@ -370,6 +370,27 @@ if [ "$update_system" == "y" ] ) | chroot "$root_mount_path" /bin/bash || error fi +question "Should the system be encrypted?(y/N)" && read -r encrypt_system +if [ "$encrypt_system" == "y" ] + then + # @see https://gist.github.com/gea0/4fc2be0cb7a74d0e7cc4322aed710d38 + search_hooks="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)" + replace_hooks="HOOKS=(base udev autodetect modconf block sleep netconf dropbear encryptssh filesystems keyboard fsck)" + mkinitcpio_path="/etc/mkinitcpio.conf" + mkinitcpio_rescue_path="$mkinitcpio_path.$(date +%s).rescue" + search_modules="MODULES=()" + replace_modules="MODULES=(g_cdc usb_f_acm usb_f_ecm smsc95xx g_ether)" + info "Setup encryption..." && + ( + echo "yes | pacman -S --needed $(get_packages "server/luks")" + echo "cp -v /home/$target_username/.ssh/authorized_keys /etc/dropbear/root_key" + echo "cp -v $mkinitcpio_path $mkinitcpio_rescue_path" + echo "sed -i 's/$search_modules/$replace_modules/g' $mkinitcpio_path" + echo "sed -i 's/$search_hooks/$replace_hooks/g' $mkinitcpio_path" + echo "mkinitcpio -P" + ) | chroot "$root_mount_path" /bin/bash || error +fi + # question "Do you want to copy all Wifi passwords to the device?(y/n)" && read -r copy_wifi # if [ "$copy_wifi" = "y" ] # then