JDM170/build
1
0
Fork 0
mirror of https://github.com/armbian/build synced 2025-09-24 19:47:06 +07:00
Code Issues Packages Projects Releases Wiki Activity

New option: CRYPTROOT_MAPPER. Make ROOT_MAPPER name for CRYPTROOT changable.

Browse Source
This commit is contained in:
user
2024-11-05 10:28:35 +07:00
committed by Igor
parent 817519210b
commit 502e139598
5 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/fs-cryptroot-support.sh
View File

@@ -26,10 +26,10 @@ function prepare_root_device__encrypt_root_device() {
check_loop_device "$rootdevice" check_loop_device "$rootdevice"
display_alert "Extension: ${EXTENSION}: Encrypting root partition with LUKS..." "cryptsetup luksFormat $rootdevice" "" display_alert "Extension: ${EXTENSION}: Encrypting root partition with LUKS..." "cryptsetup luksFormat $rootdevice" ""
echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksFormat $CRYPTROOT_PARAMETERS $rootdevice - echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksFormat $CRYPTROOT_PARAMETERS $rootdevice -
echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksOpen $rootdevice $ROOT_MAPPER - echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksOpen $rootdevice $CRYPTROOT_MAPPER -
display_alert "Extension: ${EXTENSION}: Root partition encryption complete." "" "ext" display_alert "Extension: ${EXTENSION}: Root partition encryption complete." "" "ext"
# TODO: pass /dev/mapper to Docker # TODO: pass /dev/mapper to Docker
rootdevice=/dev/mapper/$ROOT_MAPPER # used by `mkfs` and `mount` commands rootdevice=/dev/mapper/$CRYPTROOT_MAPPER # used by `mkfs` and `mount` commands
} }
function pre_install_kernel_debs__adjust_dropbear_configuration() { function pre_install_kernel_debs__adjust_dropbear_configuration() {

2
lib/functions/configuration/main-config.sh
View File

@@ -166,10 +166,10 @@ function do_main_configuration() {
# Support for LUKS / cryptroot # Support for LUKS / cryptroot
if [[ $CRYPTROOT_ENABLE == yes ]]; then if [[ $CRYPTROOT_ENABLE == yes ]]; then
enable_extension "fs-cryptroot-support" # add the tooling needed, cryptsetup enable_extension "fs-cryptroot-support" # add the tooling needed, cryptsetup
ROOT_MAPPER="armbian-root" # TODO: fixed name can't be used for parallel image building (rpardini: ?)
if [[ -z $CRYPTROOT_PASSPHRASE ]]; then # a passphrase is mandatory if rootfs encryption is enabled if [[ -z $CRYPTROOT_PASSPHRASE ]]; then # a passphrase is mandatory if rootfs encryption is enabled
exit_with_error "Root encryption is enabled but CRYPTROOT_PASSPHRASE is not set" exit_with_error "Root encryption is enabled but CRYPTROOT_PASSPHRASE is not set"
fi fi
[[ -z $CRYPTROOT_MAPPER ]] && CRYPTROOT_MAPPER="armbian-root" # TODO: fixed name can't be used for parallel image building (rpardini: ?)
[[ -z $CRYPTROOT_SSH_UNLOCK ]] && CRYPTROOT_SSH_UNLOCK=yes [[ -z $CRYPTROOT_SSH_UNLOCK ]] && CRYPTROOT_SSH_UNLOCK=yes
[[ -z $CRYPTROOT_SSH_UNLOCK_PORT ]] && CRYPTROOT_SSH_UNLOCK_PORT=2022 [[ -z $CRYPTROOT_SSH_UNLOCK_PORT ]] && CRYPTROOT_SSH_UNLOCK_PORT=2022
# Default to pdkdf2, this used to be the default with cryptroot <= 2.0, however # Default to pdkdf2, this used to be the default with cryptroot <= 2.0, however

6
lib/functions/image/partitioning.sh
View File

@@ -310,7 +310,7 @@ function prepare_partitions() {
local rootfs local rootfs
if [[ $CRYPTROOT_ENABLE == yes ]]; then if [[ $CRYPTROOT_ENABLE == yes ]]; then
# map the LUKS container partition via its UUID to be the 'cryptroot' device # map the LUKS container partition via its UUID to be the 'cryptroot' device
echo "$ROOT_MAPPER UUID=${root_part_uuid} none luks" >> $SDCARD/etc/crypttab echo "$CRYPTROOT_MAPPER UUID=${root_part_uuid} none luks" >> $SDCARD/etc/crypttab
rootfs=$rootdevice # used in fstab rootfs=$rootdevice # used in fstab
else else
rootfs="UUID=$(blkid -s UUID -o value $rootdevice)" rootfs="UUID=$(blkid -s UUID -o value $rootdevice)"
@@ -369,7 +369,7 @@ function prepare_partitions() {
if [[ -f $SDCARD/boot/armbianEnv.txt ]]; then if [[ -f $SDCARD/boot/armbianEnv.txt ]]; then
display_alert "Found armbianEnv.txt" "${SDCARD}/boot/armbianEnv.txt" "debug" display_alert "Found armbianEnv.txt" "${SDCARD}/boot/armbianEnv.txt" "debug"
if [[ $CRYPTROOT_ENABLE == yes ]]; then if [[ $CRYPTROOT_ENABLE == yes ]]; then
echo "rootdev=$rootdevice cryptdevice=UUID=${root_part_uuid}:$ROOT_MAPPER" >> "${SDCARD}/boot/armbianEnv.txt" echo "rootdev=$rootdevice cryptdevice=UUID=${root_part_uuid}:$CRYPTROOT_MAPPER" >> "${SDCARD}/boot/armbianEnv.txt"
else else
echo "rootdev=$rootfs" >> "${SDCARD}/boot/armbianEnv.txt" echo "rootdev=$rootfs" >> "${SDCARD}/boot/armbianEnv.txt"
fi fi
@@ -389,7 +389,7 @@ function prepare_partitions() {
sed -i -e "s/rootfstype \"ext4\"/rootfstype \"$ROOTFS_TYPE\"/" $SDCARD/boot/boot.ini sed -i -e "s/rootfstype \"ext4\"/rootfstype \"$ROOTFS_TYPE\"/" $SDCARD/boot/boot.ini
if [[ $CRYPTROOT_ENABLE == yes ]]; then if [[ $CRYPTROOT_ENABLE == yes ]]; then
rootpart="UUID=${root_part_uuid}" rootpart="UUID=${root_part_uuid}"
sed -i 's/^setenv rootdev .*/setenv rootdev "\/dev\/mapper\/'$ROOT_MAPPER' cryptdevice='$rootpart':'$ROOT_MAPPER'"/' $SDCARD/boot/boot.ini sed -i 's/^setenv rootdev .*/setenv rootdev "\/dev\/mapper\/'$CRYPTROOT_MAPPER' cryptdevice='$rootpart':'$CRYPTROOT_MAPPER'"/' $SDCARD/boot/boot.ini
else else
sed -i 's/^setenv rootdev .*/setenv rootdev "'$rootfs'"/' $SDCARD/boot/boot.ini sed -i 's/^setenv rootdev .*/setenv rootdev "'$rootfs'"/' $SDCARD/boot/boot.ini
fi fi

2
lib/functions/image/rootfs-to-image.sh
View File

@@ -119,7 +119,7 @@ function create_image_from_sdcard_rootfs() {
wait_for_disk_sync "before umount MOUNT" wait_for_disk_sync "before umount MOUNT"
umount_chroot_recursive "${MOUNT}" "MOUNT" umount_chroot_recursive "${MOUNT}" "MOUNT"
[[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "$ROOT_MAPPER" [[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "$CRYPTROOT_MAPPER"
call_extension_method "post_umount_final_image" "config_post_umount_final_image" <<- 'POST_UMOUNT_FINAL_IMAGE' call_extension_method "post_umount_final_image" "config_post_umount_final_image" <<- 'POST_UMOUNT_FINAL_IMAGE'
*allow config to hack into the image after the unmount* *allow config to hack into the image after the unmount*

2
lib/functions/rootfs/trap-rootfs.sh
View File

@@ -63,7 +63,7 @@ function trap_handler_cleanup_rootfs_and_image() {
# unmount tmpfs mounted on SDCARD if it exists. #@TODO: move to new tmpfs-utils scheme # unmount tmpfs mounted on SDCARD if it exists. #@TODO: move to new tmpfs-utils scheme
mountpoint -q "${SDCARD}" && umount "${SDCARD}" mountpoint -q "${SDCARD}" && umount "${SDCARD}"
[[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "${ROOT_MAPPER}" [[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "${CRYPTROOT_MAPPER}"
if [[ "${PRESERVE_SDCARD_MOUNT}" == "yes" ]]; then if [[ "${PRESERVE_SDCARD_MOUNT}" == "yes" ]]; then
display_alert "Preserving SD card mount" "trap_handler_cleanup_rootfs_and_image" "warn" display_alert "Preserving SD card mount" "trap_handler_cleanup_rootfs_and_image" "warn"