blob: 725a0caf1b812e90d641abcb31a37555b2bc15c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#!/bin/bash
make_etc_passwd() {
echo 'root:x:0:0:root:/root:/bin/zfsdecrypt_shell' >> "${BUILDROOT}"/etc/passwd
echo '/bin/zfsdecrypt_shell' > "${BUILDROOT}"/etc/shells
}
make_zfsdecrypt_shell() {
decrypt_shell='#!/bin/sh
if [ -f "/.encryptionroot" ]; then
# source zfs hook functions
. /hooks/zfs
# decrypt bootfs
zfs_decrypt_fs "$(cat /.encryptionroot)"
# kill pending decryption attempt to allow the boot process to continue
killall zfs
else
echo "ZFS is not ready yet. Please wait!"
fi'
printf '%s' "$decrypt_shell" > "${BUILDROOT}"/bin/zfsdecrypt_shell
chmod a+x "${BUILDROOT}"/bin/zfsdecrypt_shell
}
build ()
{
make_etc_passwd
make_zfsdecrypt_shell
}
help ()
{
cat<<HELPEOF
This hook is meant to be used in conjunction with mkinitcpio-dropbear,
mkinitcpio-netconf and/or mkinitcpio-ppp. This will provide a way to unlock
your encrypted ZFS root filesystem remotely.
HELPEOF
}
# vim: set ts=4 sw=4 ft=sh et:
|