diff options
author | Eugene Sovetkin | 2015-06-08 11:11:44 +0200 |
---|---|---|
committer | Eugene Sovetkin | 2015-06-08 11:11:44 +0200 |
commit | f82c9aa4ac2cb3cdabcbaa78b296d6ceacd71b8d (patch) | |
tree | 0428f6c23a71873379f7e2d14523a8cf142688b5 | |
download | aur-f82c9aa4ac2cb3cdabcbaa78b296d6ceacd71b8d.tar.gz |
Initial commit
-rw-r--r-- | .SRCINFO | 19 | ||||
-rw-r--r-- | PKGBUILD | 26 | ||||
-rw-r--r-- | encrypt2.conf | 7 | ||||
-rw-r--r-- | encrypt2.hook | 20 | ||||
-rw-r--r-- | encrypt2.install | 22 | ||||
-rw-r--r-- | usage.install | 5 |
6 files changed, 99 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..8e21886ebe8a --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,19 @@ +pkgbase = mkinitcpio-shredkeyfiles + pkgdesc = mkinitcpio hook to shred keyfiles during the boot + pkgver = 0.0.0 + pkgrel = 1 + url = https://aur.archlinux.org/packages/mkinitcpio-shredkeyfiles/ + install = usage.install + arch = any + license = unknown + depends = mkinitcpio + backup = etc/encrypt2.conf + source = encrypt2.hook + source = encrypt2.install + source = encrypt2.conf + md5sums = ac1b3ad839f3461bd3bc967c58a804be + md5sums = 6c4f19ba9a331e5b40825f7857bb40cd + md5sums = 50030f303d861649cfdc9f2ce7d9bb75 + +pkgname = mkinitcpio-shredkeyfiles + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..77d1d6352ed9 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,26 @@ +# Maintainer: Jenya Sovetkin <e.sovetkin@gmail.com> +pkgname=mkinitcpio-shredkeyfiles +pkgver=0.0.0 +pkgrel=1 +pkgdesc="mkinitcpio hook to shred keyfiles during the boot" +arch=(any) +license=('unknown') +url="https://aur.archlinux.org/packages/mkinitcpio-shredkeyfiles/" +depends=(mkinitcpio) +install="usage.install" +backup=('etc/encrypt2.conf') +source=('encrypt2.hook' + 'encrypt2.install' + 'encrypt2.conf') +md5sums=('ac1b3ad839f3461bd3bc967c58a804be' + '6c4f19ba9a331e5b40825f7857bb40cd' + '50030f303d861649cfdc9f2ce7d9bb75') + +package() { + install -Dm 644 encrypt2.hook \ + "${pkgdir}/usr/lib/initcpio/hooks/encrypt2" + install -Dm 644 encrypt2.install \ + "${pkgdir}/usr/lib/initcpio/install/encrypt2" + install -Dm 644 encrypt2.conf \ + "${pkgdir}/etc/encrypt2.conf" +} diff --git a/encrypt2.conf b/encrypt2.conf new file mode 100644 index 000000000000..c728e3a1b6f0 --- /dev/null +++ b/encrypt2.conf @@ -0,0 +1,7 @@ +# beware of the CoW filesystem attribute on the cryptkey_device. If +# the feature is on, then keyfiles might not be securely deleted. + +# device with keyfiles on +cryptkey_device=/dev/disk/by-uuid/765d9f71-5eab-4030-93f3-5de35825329d +# list of keyfiles +keyfiles=("keyfile-cryptroot" "keyfile-lenovo-cryptroot") diff --git a/encrypt2.hook b/encrypt2.hook new file mode 100644 index 000000000000..a70f5ff654a5 --- /dev/null +++ b/encrypt2.hook @@ -0,0 +1,20 @@ +run_hook () +{ + source encrypt2.conf + echo "Waiting 10 seconds for device $cryptkey_device ..." + sleep 10 + + mkdir encrypt2_device + mount $cryptkey_device encrypt2_device &> /dev/null + + cat encrypt2_file.list | while read keyfile; do + dd if=/dev/urandom of="encrypt2_device/$keyfile" \ + bs=1024 count=2 &> /dev/null + dd if=/dev/urandom of="encrypt2_device/$keyfile" \ + bs=1024 count=2 &> /dev/null + dd if=/dev/urandom of="encrypt2_device/$keyfile" \ + bs=1024 count=2 &> /dev/null + done + + umount encrypt2_device &> /dev/null +} diff --git a/encrypt2.install b/encrypt2.install new file mode 100644 index 000000000000..34d5c373c749 --- /dev/null +++ b/encrypt2.install @@ -0,0 +1,22 @@ +build () +{ + grep "cryptkey_device=" /etc/encrypt2.conf > "$BUILDROOT/encrypt2.conf" + + source "/etc/encrypt2.conf" + + if [ -e "$BUILDROOT/encrypt2_file.list" ]; then + rm "$BUILDROOT/encrypt2_file.list" + fi + + for keyfile in ${keyfiles[@]}; do + echo $keyfile >> "$BUILDROOT/encrypt2_file.list" + done + + add_runscript +} +help () +{ +cat<<HELPEOF + Shreds keyfiles on boot +HELPEOF +}
\ No newline at end of file diff --git a/usage.install b/usage.install new file mode 100644 index 000000000000..ecc404968bdf --- /dev/null +++ b/usage.install @@ -0,0 +1,5 @@ +post_install() { + echo "" + echo "Don't forget to add the encrypt2 before encrypt in your /etc/mkinitcpio.conf and run mkinitcpio -p linux..." + echo "" +} |