Continued implementation of encryption procedures for pi

This commit is contained in:
Kevin Veen-Birkenbach 2020-05-25 13:40:03 +02:00
parent d6bb5a2d18
commit 19bd0979b3
4 changed files with 41 additions and 7 deletions

View File

@ -0,0 +1,10 @@
# Packages to install LUKS on servers
sudo
git
rsync
base-devel
uboot-tools
dropbear
mkinitcpio-utils
mkinitcpio-netconf
mkinitcpio-dropbear

View File

@ -93,6 +93,16 @@ overwritte_device_with_zeros(){
fi fi
} }
get_packages(){
for package_collection in "$@"
do
package_collection_path="$PACKAGE_PATH""$package_collection.txt" &&
info "Loading package collection from $package_collection_path..." &&
echo "$(sed -e "/^#/d" -e "s/#.*//" "$package_collection_path" | tr '\n' ' ')" ||
error
done
}
HEADER(){ HEADER(){
echo echo
echo "${COLOR_YELLOW}The" echo "${COLOR_YELLOW}The"

View File

@ -6,13 +6,6 @@
# shellcheck disable=SC2086 # Deactivating escaping warning, because it's wrong concerning pacman_packages # shellcheck disable=SC2086 # Deactivating escaping warning, because it's wrong concerning pacman_packages
source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
get_packages(){
for package_collection in "$@"
do
echo "$(sed -e "/^#/d" -e "s/#.*//" "$PACKAGE_PATH""$package_collection.txt" | tr '\n' ' ')" || error "Loading package wasn't possible."
done
}
install_yay_packages_if_needed(){ install_yay_packages_if_needed(){
info "Checking yay packages [ $1 ]..." info "Checking yay packages [ $1 ]..."
for package in $1; do for package in $1; do

View File

@ -370,6 +370,27 @@ if [ "$update_system" == "y" ]
) | chroot "$root_mount_path" /bin/bash || error ) | chroot "$root_mount_path" /bin/bash || error
fi fi
question "Should the system be encrypted?(y/N)" && read -r encrypt_system
if [ "$encrypt_system" == "y" ]
then
# @see https://gist.github.com/gea0/4fc2be0cb7a74d0e7cc4322aed710d38
search_hooks="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)"
replace_hooks="HOOKS=(base udev autodetect modconf block sleep netconf dropbear encryptssh filesystems keyboard fsck)"
mkinitcpio_path="/etc/mkinitcpio.conf"
mkinitcpio_rescue_path="$mkinitcpio_path.$(date +%s).rescue"
search_modules="MODULES=()"
replace_modules="MODULES=(g_cdc usb_f_acm usb_f_ecm smsc95xx g_ether)"
info "Setup encryption..." &&
(
echo "yes | pacman -S --needed $(get_packages "server/luks")"
echo "cp -v /home/$target_username/.ssh/authorized_keys /etc/dropbear/root_key"
echo "cp -v $mkinitcpio_path $mkinitcpio_rescue_path"
echo "sed -i 's/$search_modules/$replace_modules/g' $mkinitcpio_path"
echo "sed -i 's/$search_hooks/$replace_hooks/g' $mkinitcpio_path"
echo "mkinitcpio -P"
) | chroot "$root_mount_path" /bin/bash || error
fi
# question "Do you want to copy all Wifi passwords to the device?(y/n)" && read -r copy_wifi # question "Do you want to copy all Wifi passwords to the device?(y/n)" && read -r copy_wifi
# if [ "$copy_wifi" = "y" ] # if [ "$copy_wifi" = "y" ]
# then # then