diff options
| author | Arvedui | 2021-06-07 11:51:11 +0200 |
|---|---|---|
| committer | Arvedui | 2021-06-07 11:51:11 +0200 |
| commit | df9410466425fda35ecaac8fd9205694d47e6be7 (patch) | |
| tree | d83704b7edb9d8f3b3c5ef724beb63e2c67ba721 /install-sd-encrypt | |
| parent | c3fe62282b6020310c0b74dee59afce08547cee6 (diff) | |
| download | aur-df9410466425fda35ecaac8fd9205694d47e6be7.tar.gz | |
cryptsetup-git: update hooks
Diffstat (limited to 'install-sd-encrypt')
| -rw-r--r-- | install-sd-encrypt | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/install-sd-encrypt b/install-sd-encrypt new file mode 100644 index 000000000000..42ee25fe98d2 --- /dev/null +++ b/install-sd-encrypt @@ -0,0 +1,61 @@ +#!/bin/bash + +build() { + local mod + + add_module "dm-crypt" + add_module "dm-integrity" + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done + else + add_all_modules "/crypto/" + fi + add_checked_modules "/drivers/char/tpm/" + + add_udev_rule "10-dm.rules" + add_udev_rule "13-dm-disk.rules" + add_udev_rule "60-fido-id.rules" + add_udev_rule "95-dm-notify.rules" + add_udev_rule "/usr/lib/initcpio/udev/11-dm-initramfs.rules" + + add_systemd_unit "cryptsetup.target" + add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator" + add_binary "/usr/lib/systemd/systemd-cryptsetup" + + add_systemd_unit "systemd-ask-password-console.path" + add_systemd_unit "systemd-ask-password-console.service" + + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" + + # add libraries dlopen()ed by systemd-cryptsetup + for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do + for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do + if [[ -L "${FILE}" ]]; then + add_symlink "${FILE}" + else + add_binary "${FILE}" + fi + done + done + + # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5)) + add_binary "mkswap" + + [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab" +} + +help() { + cat <<HELPEOF +This hook allows for an encrypted root device with systemd initramfs. + +See the manpage of systemd-cryptsetup-generator(8) for available kernel +command line options. Alternatively, if the file /etc/crypttab.initramfs +exists, it will be added to the initramfs as /etc/crypttab. See the +crypttab(5) manpage for more information on crypttab syntax. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: |