diff options
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | PKGBUILD | 22 | ||||
-rw-r--r-- | veracrypt-hook.install | 28 | ||||
-rw-r--r-- | veracrypt_hook | 29 | ||||
-rw-r--r-- | veracrypt_install | 40 |
5 files changed, 137 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..fcc55ba6c262 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,18 @@ +pkgbase = veracrypt-hook-nonroot + pkgdesc = Extensive hook for operations on a veracrypt encrypted non root devices + pkgver = 1.0 + pkgrel = 1 + url = https://veracrypt.codeplex.com/ + install = veracrypt-hook.install + arch = any + license = GPL + depends = mkinitcpio + depends = veracrypt + conflicts = veracrypt-hook + source = veracrypt_hook + source = veracrypt_install + sha512sums = fc36ea94a02e801141a41a9063385f17a84c5d1ad44dbb1567cad77ae31bb431ba36c88bfb86d80f87a185f48fd24140a636be117967a279673ee879a286be34 + sha512sums = 22c513b19c7b3170497f54799487b61b34180db1c2d45edef3ef744a551e219685d838bf191be47f7503e7e7e8b9a6ee77f4fe3d5eb74105e943387605af10cb + +pkgname = veracrypt-hook-nonroot + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..3b57a440db15 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,22 @@ +# Maintainer: Nikita Ignatovich <nikita@ignatovich.me> +# Contributor: Nikita Ignatovich <nikita@ignatovich.me> +# Based on package veracrypt-hook 5.1-2 +pkgname=veracrypt-hook-nonroot +pkgver=1.0 +pkgrel=1 +pkgdesc="Extensive hook for operations on a veracrypt encrypted non root devices" +arch=(any) +url="https://veracrypt.codeplex.com/" +license=('GPL') +depends=(mkinitcpio veracrypt) +conflicts=('veracrypt-hook') +install=${pkgname}.install +source=(veracrypt_hook veracrypt_install) +sha512sums=('fc36ea94a02e801141a41a9063385f17a84c5d1ad44dbb1567cad77ae31bb431ba36c88bfb86d80f87a185f48fd24140a636be117967a279673ee879a286be34' + '22c513b19c7b3170497f54799487b61b34180db1c2d45edef3ef744a551e219685d838bf191be47f7503e7e7e8b9a6ee77f4fe3d5eb74105e943387605af10cb') + +package() { + install -o root -g root -D ${srcdir}/veracrypt_hook ${pkgdir}/usr/lib/initcpio/hooks/veracrypt + install -o root -g root -D ${srcdir}/veracrypt_install ${pkgdir}/usr/lib/initcpio/install/veracrypt +} + diff --git a/veracrypt-hook.install b/veracrypt-hook.install new file mode 100644 index 000000000000..280b97d6af2a --- /dev/null +++ b/veracrypt-hook.install @@ -0,0 +1,28 @@ +post_install() +{ + echo "To use this hook for veracrypt add hook veracrypt " + echo "to the mkinitcpio hooks in /etc/mkinitcpio.conf then" + echo "add vcdevice=<device>:<slotnum> to your kernel boot command line args" + echo "if you use grub check /boot/grub/menu.lst of /boot/grub/grub.cfg" + echo "The root device of a veracrypt encrypted device will be /dev/mapper/veracrypt<slotnum>" + echo "where as you may have guessed <slotnum> is the number given in vcdevice=<device>:<slotnum>" + echo "this works similar to how cryptluks works" +} + +post_upgrade() +{ + echo "To use this hook for veracrypt add hook veracrypt " + echo "to the mkinitcpio hooks in /etc/mkinitcpio.conf then" + echo "add vcdevice=<device>:<slotnum> to your kernel boot command line args" + echo "if you use grub check /boot/grub/menu.lst of /boot/grub/grub.cfg" + echo "The root device of a veracrypt encrypted device will be /dev/mapper/veracrypt<slotnum>" + echo "where as you may have guessed <slotnum> is the number given in vcdevice=<device>:<slotnum>" + echo "this works similar to how cryptluks works" +} + +post_remove() +{ + echo "remember to remove veracrypt from your mkinitcpio hooks array if you added it" +} + +# vim:set ts=2 sw=2 et: diff --git a/veracrypt_hook b/veracrypt_hook new file mode 100644 index 000000000000..34a85e463bf8 --- /dev/null +++ b/veracrypt_hook @@ -0,0 +1,29 @@ +#!/usr/bin/ash + +run_hook () { + modprobe -a -q dm-crypt >/dev/null 2>&1 + [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" + + modprobe -a -q fuse >/dev/null 2>&1 + + # get the veracrypt volume and slot + if [ -n "${vcdevice}" ]; then + # get total number of ':' in vcdevice (for devices in /dev/disk/by-id/ + count="$(echo "${vcdevice}" | grep -o ':' | wc -l )" + cryptdev="$(echo "${vcdevice}" | cut -d: -f1-$count)" + cryptslot="$(echo "${vcdevice}" | cut -d: -f$(( $count + 1 )) )" + cryptname="veracrypt${cryptslot}" + else + err "No veracrypt device defined on the command line..." + exit 1 + fi + + veracrypt -t --slot="${cryptslot}" --filesystem=none --keyfiles="" --protect-hidden=no "${cryptdev}" + + if [ ! -e "/dev/mapper/${cryptname}" ]; then + err "No such device ${cryptname}" + fi + +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/veracrypt_install b/veracrypt_install new file mode 100644 index 000000000000..3e8dcd0d835d --- /dev/null +++ b/veracrypt_install @@ -0,0 +1,40 @@ +#!/bin/bash + +build() { + local mod + + add_module dm-crypt + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done + else + add_all_modules '/crypto/' + fi + + add_binary "cryptsetup" + add_binary "dmsetup" + add_file "/usr/lib/udev/rules.d/10-dm.rules" + add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" + add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" + add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + + add_module fuse + + add_binary "veracrypt" + add_binary "fusermount" + + # veracrypts directory + add_dir "/dev/mapper" + add_dir "/tmp" + + add_runscript +} + +help () { +cat<<HELPEOF + This hook allows for a veracrypt encrypted root (or e.g. home) device. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: |