diff options
author | mwberry | 2016-11-12 15:21:41 -0800 |
---|---|---|
committer | mwberry | 2016-11-12 18:12:08 -0800 |
commit | ba6b34efbf480e8cb528a22b50fd30c6d780418c (patch) | |
tree | 2dedde0fa01879ebeb53fb5edaff6325975395dd | |
parent | 5e3dbf7cc7110217239017879c49287d6cd633fa (diff) | |
download | aur-ba6b34efbf480e8cb528a22b50fd30c6d780418c.tar.gz |
extract common functions from install
-rwxr-xr-x | install | 59 | ||||
-rwxr-xr-x | nannycam.functions | 50 |
2 files changed, 61 insertions, 48 deletions
@@ -3,60 +3,23 @@ set -e set -u -# This script is expected to be called from mkinitcpio, if not... -if [ -z ${BUILDROOT:-} ]; then - # ...then mock out enough of the environment to enable testing - saveOpts=$(set +o | egrep 'xtrace|errexit|nounset') - saveGlob=$(shopt -p | grep extglob) - shopt -s extglob - set +e - set +u - set +x - . "/usr/lib/initcpio/functions" - BUILDROOT=$(initialize_buildroot $(uname -r) $(mktemp -d --tmpdir mkinitcpio.XXXXXX)) - _optgenimg=$(find /boot -name '*.img' 2>/dev/null | head -n 1) - _optquiet=1 - eval "$saveOpts" - eval "$saveGlob" -fi +source nannycam.functions -assert_ephemeral() { - fsType=$(df "$1" | tail -n 1 | cut -f 1 -d ' ') - if [[ "tmpfs" != "$fsType" ]]; then - (cat <<TMPWARN -"$1" is not on an ephemeral file system. Cowardly aborting in order to avoid -leaking the private key that will authenticate the encrypted boot device. -TMPWARN -) >&2 - exit 1 - fi -} +# This script is expected to be called from mkinitcpio, setup env otherwise +ensure_mkcpinitio_environment -assert_boot_part_encrypted() { - fsMnt=$(df "$_optgenimg" | tail -n 1 | egrep -o ' [^ ]+$' | tail -c +2) - isCrypt=$(lsblk -ro TYPE,MOUNTPOINT | egrep "$fsMnt$" | egrep '^crypt' | wc -l) - if [ ! $isCrypt -eq 1 ]; then - (cat <<DESTWARN -Destination location for the initramfs image is not on an encrypted device. -The nannycam software can only protect against Evil Maid style attacks if -the initramfs (and therefore the authentication key) is stored inside an -encrypted boot partition. Cowardly aborting in order to avoid leaking the -private key. -Image location: $_optgenimg -DESTWARN -) >&2 - exit 2 - fi -} +# The BUILDROOT and _optgenimg varibles are set in mkinitcpio and I do feel +# fairly bad for relying on the implementation details, but the interface +# exposed by init_functions is not really sufficient for determining if the +# private key will be safe. Better safe than sorry. assert_ephemeral "$BUILDROOT" assert_ephemeral "/tmp" -assert_boot_part_encrypted +assert_encrypted "$_optgenimg" -if [ 0 -ne $(id -u) ]; then - echo "Must be running as root" >&2 - exit 3 -fi +# If any other process on the box reads the private key file then all the +# protections are for naught. +assert_root KEYFILE="/tmp/boot_partition_auth.pem" PUBFILE="/tmp/boot_partition_auth.pub" diff --git a/nannycam.functions b/nannycam.functions index 8db1d6191ffc..9bdc02dacdf5 100755 --- a/nannycam.functions +++ b/nannycam.functions @@ -12,6 +12,25 @@ ensure_initramfs_environment() { fi } +ensure_mkcpinitio_environment() { + # This script is expected to be called from mkinitcpio, if not... + if [ -z ${BUILDROOT:-} ]; then + # ...then mock out enough of the environment to enable testing + saveOpts=$(set +o | egrep 'xtrace|errexit|nounset') + saveGlob=$(shopt -p | grep extglob) + shopt -s extglob + set +e + set +u + set +x + . "/usr/lib/initcpio/functions" + BUILDROOT=$(initialize_buildroot $(uname -r) $(mktemp -d --tmpdir mkinitcpio.XXXXXX)) + _optgenimg=$(find /boot -name '*.img' 2>/dev/null | head -n 1) + _optquiet=1 + eval "$saveOpts" + eval "$saveGlob" + fi +} + nannycam_usage () { cat <<HELPEOF nannycam -k keyfile -m hash -p hash [-e hash] @@ -170,3 +189,34 @@ assert_root() { exit 4 fi } + + +assert_ephemeral() { + fsType=$(df "$1" | tail -n 1 | cut -f 1 -d ' ') + if [[ "tmpfs" != "$fsType" ]]; then + (cat <<TMPWARN +"$1" is not on an ephemeral file system. Cowardly aborting in order to avoid +leaking the private key that will authenticate the encrypted boot device. +TMPWARN +) >&2 + exit 1 + fi +} + +assert_encrypted() { + fsMnt=$(df "$1" | tail -n 1 | egrep -o ' [^ ]+$' | tail -c +2) + isCrypt=$(lsblk -ro TYPE,MOUNTPOINT | egrep "$fsMnt$" | egrep '^crypt' | wc -l) + if [ ! $isCrypt -eq 1 ]; then + (cat <<DESTWARN +Destination location for the initramfs image is not on an encrypted device. +The nannycam software can only protect against Evil Maid style attacks if +the initramfs (and therefore the authentication key) is stored inside an +encrypted boot partition. Cowardly aborting in order to avoid leaking the +private key. +Image location: $_optgenimg +DESTWARN +) >&2 + exit 2 + fi +} + |