diff options
| author | mwberry | 2016-11-12 15:21:42 -0800 |
|---|---|---|
| committer | mwberry | 2016-11-12 18:12:11 -0800 |
| commit | 1fb6b995965fe27344ee5792b4264b654c3a6b8c (patch) | |
| tree | 16cbde5efa35d539b3413c53d5e71d4196568053 | |
| parent | da6c732a4db991b917a49b4333ef2a7deea38a9d (diff) | |
| download | aur-1fb6b995965fe27344ee5792b4264b654c3a6b8c.tar.gz | |
hash and qr options for nannycam
| -rwxr-xr-x | nannycam | 22 | ||||
| -rwxr-xr-x | nannycam.functions | 8 |
2 files changed, 18 insertions, 12 deletions
@@ -6,16 +6,20 @@ set -e source nannycam.functions -HASH=sha256 - # Check if running outside the initramfs environment, setup env otherwise ensure_initramfs_environment # Parse options -while getopts ":k:m:p:e:" opt; do +while getopts ":k:h:q:m:p:e:" opt; do case $opt in k) - KEYFILE="$OPTARG" + AUTH_KEY_FILE="$OPTARG" + ;; + h) + HASH_ALG="$OPTARG" + ;; + q) + QR_OPTS="$OPTARG" ;; m) EXPECTED_MBR_HASH="$OPTARG" @@ -36,7 +40,7 @@ while getopts ":k:m:p:e:" opt; do esac done -[ -z ${KEYFILE:-} ] && err_required_arg k +[ -z ${AUTH_KEY_FILE:-} ] && err_required_arg k [ -z ${EXPECTED_MBR_HASH:-} ] && err_required_arg m [ -z ${EXPECTED_MBR_GAP_HASH:-} ] && err_required_arg p [ -z ${EXPECTED_EFI_STUB_HASH:-} ] && err_required_arg e @@ -48,15 +52,17 @@ ACTUAL_MBR_HASH="not checked" ACTUAL_MBR_GAP_HASH="not checked" ACTUAL_EFI_STUB_HASH="not checked" -if [ ! -f "$KEYFILE" ]; then - echo "Keyfile: $KEYFILE not found, aborting boot." >&2 +if [ ! -f "$AUTH_KEY_FILE" ]; then + echo "Keyfile: $AUTH_KEY_FILE not found, aborting boot." >&2 exit 2 fi check_mbr && check_mbr_gap && check_efi_stub || hash_mismatch DATE_TIME="$(date +%s)" -echo -n "$DATE_TIME" | openssl pkeyutl -inkey "$KEYFILE" -sign | qrencode -8 -t ANSIUTF8 -m1 +echo -n "$DATE_TIME" \ + | openssl pkeyutl -inkey "$AUTH_KEY_FILE" -sign \ + | qrencode -8 $QR_OPTS echo "$DATE_TIME" response="" diff --git a/nannycam.functions b/nannycam.functions index 9bdc02dacdf5..2a6d92968f4e 100755 --- a/nannycam.functions +++ b/nannycam.functions @@ -90,7 +90,7 @@ EFI) the EFI Stub from secure backups. Do NOT enter your root device passphrase unless you are certain this is a misconfiguration. -Hashing algorithm: $HASH +Hashing algorithm: $HASH_ALG MBR (expected) $EXPECTED_MBR_HASH MBR (actual) $ACTUAL_MBR_HASH MBR Gap (expected) $EXPECTED_MBR_GAP_HASH @@ -123,7 +123,7 @@ determine_mbr_boot_device () { hash_mbr () { local mbrDevice=$(determine_mbr_boot_device) # dd if="$mbrDevice" of=/tmp/mbr.bin bs=512 count=1 - ACTUAL_MBR_HASH="$(openssl dgst -$HASH /tmp/mbr.bin | cut -f 2 -d ' ')" + ACTUAL_MBR_HASH="$(openssl dgst -$HASH_ALG /tmp/mbr.bin | cut -f 2 -d ' ')" # rm /tmp/mbr.bin } @@ -140,7 +140,7 @@ hash_mbr_gap () { # local check=$(( $blocks * 512 )) # [ $part_start -eq $check ] || ( echo "Partition doesn't start at 512 byte boundary! Aborting." >&2; exit 3 ) # dd if="$mbrDevice" of=/tmp/gap.bin bs=512 skip=1 count=$blocks - ACTUAL_MBR_GAP_HASH="$(openssl dgst -$HASH /tmp/gap.bin | cut -f 2 -d ' ')" + ACTUAL_MBR_GAP_HASH="$(openssl dgst -$HASH_ALG /tmp/gap.bin | cut -f 2 -d ' ')" # rm /tmp/gap.bin } @@ -175,7 +175,7 @@ hash_efi_stub () { mountPath="/tmp/efi" mount $mountDevice $mountPoint fi - ACTUAL_EFI_STUB_HASH=$(openssl dgst -$HASH "$mountPoint$path" | cut -f 2 -d ' ') + ACTUAL_EFI_STUB_HASH=$(openssl dgst -$HASH_ALG "$mountPoint$path" | cut -f 2 -d ' ') } check_efi_stub () { |