summarylogtreecommitdiffstats
path: root/zfs-utils.initcpio.zfsencryptssh.install
blob: e0ef04beabfeb611cd56df3b78428fee02348e45 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash

make_etc_passwd() {
    echo 'root:x:0:0:root:/root:/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/passwd
    echo '/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/shells
}

make_zfsdecrypt_shell() {
    decrypt_shell='#!/bin/sh
if [ -f "/.encryptionroot" ]; then
    # source zfs hook functions
    . /hooks/zfs
    # decrypt bootfs
    zfs_decrypt_fs "$(cat /.encryptionroot)"
    # kill pending decryption attempt to allow the boot process to continue
    killall zfs
else
    echo "ZFS is not ready yet. Please wait!"
fi'
    printf '%s' "$decrypt_shell" > "${BUILDROOT}"/bin/zfsdecrypt_shell
    chmod a+x "${BUILDROOT}"/bin/zfsdecrypt_shell
}

build ()
{
    make_etc_passwd
    make_zfsdecrypt_shell
}

help ()
{
    cat<<HELPEOF
This hook is meant to be used in conjunction with mkinitcpio-dropbear, 
mkinitcpio-netconf and/ormkinitcpio-ppp. This will provide a way to unlock 
your encrypted ZFS root filesystem remotely.
HELPEOF
}

# vim: set ts=4 sw=4 ft=sh et: