Update cryptsetup-multidisk-ssh from aur

This commit is contained in:
Travis Burtrum 2016-12-20 23:20:14 -05:00
parent 3d8aafb333
commit 01667150db
3 changed files with 22 additions and 82 deletions

View File

@ -1,12 +1,15 @@
pkgbase = cryptsetup-multidisk
pkgdesc = Handle multiple encrypted root devices
pkgbase = cryptsetup-multidisk-ssh
pkgdesc = Handle multiple encrypted root devices with ssh shell
pkgver = 1.0
pkgrel = 1
url = https://github.com/moparisthebest/archlinux_encrypthook
url = https://github.com/moparisthebest/cryptsetup-multidisk-ssh
arch = any
license = GPL3
source = https://codeload.github.com/moparisthebest/archlinux_encrypthook/tar.gz/v1.0
sha256sums = e38eed40eadfa7dadd697cbe6d06845edad35fcc37f910e5323d5b89fce5ef67
depends = cryptsetup
optdepends = mkinitcpio-dropbear: Allow the encryptssh hook to unlock a root container remotely using dropbear
optdepends = mkinitcpio-tinyssh: Allow the encryptssh hook to unlock a root container remotely using tinyssh
source = https://codeload.github.com/moparisthebest/cryptsetup-multidisk-ssh/tar.gz/v1.0
sha256sums = a886feb187c398048f49e15b4ead113caa5dfb568ed842e9bbdc556f9bdff079
pkgname = cryptsetup-multidisk
pkgname = cryptsetup-multidisk-ssh

View File

@ -6,13 +6,19 @@ pkgrel=1
pkgdesc='Handle multiple encrypted root devices with ssh shell'
arch=('any')
license=('GPL3')
optional=('mkinitcpio-dropbear' 'mkinitcpio-tinyssh')
url="https://github.com/moparisthebest/archlinux_encrypthook"
source=("https://codeload.github.com/moparisthebest/archlinux_encrypthook/tar.gz/v$pkgver" "encrypt_install")
sha256sums=('e38eed40eadfa7dadd697cbe6d06845edad35fcc37f910e5323d5b89fce5ef67'
'f97843c8ea18229361f89f13159c65bb4a0fc881589cc09a0433c66cf731052a')
depends=('cryptsetup')
optdepends=('mkinitcpio-dropbear: Allow the encryptssh hook to unlock a root container remotely using dropbear'
'mkinitcpio-tinyssh: Allow the encryptssh hook to unlock a root container remotely using tinyssh')
url="https://github.com/moparisthebest/cryptsetup-multidisk-ssh"
source=("https://codeload.github.com/moparisthebest/cryptsetup-multidisk-ssh/tar.gz/v$pkgver")
sha256sums=('a886feb187c398048f49e15b4ead113caa5dfb568ed842e9bbdc556f9bdff079')
package() {
install -D -m644 "archlinux_encrypthook-$pkgver/encrypt_hook" "${pkgdir}"/usr/lib/initcpio/hooks/encrypt-multidisk-ssh
install -D -m644 encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt-multidisk-ssh
cd "${pkgname}-$pkgver"
install -Dm644 encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt-multidisk-ssh
install -Dm644 encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt-multidisk-ssh
install -Dm744 cryptsetup_shell "${pkgdir}/usr/share/$pkgname/bin/cryptsetup_shell"
install -Dm744 query_password "${pkgdir}/usr/share/$pkgname/bin/query_password"
install -Dm644 readme.md "${pkgdir}/usr/share/$pkgname/readme.md"
install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/$pkgname/LICENSE"
}

View File

@ -1,69 +0,0 @@
#!/bin/bash
make_etc_passwd() {
echo 'root:x:0:0:root:/root:/bin/cryptsetup_shell' > "${BUILDROOT}"/etc/passwd
echo '/bin/cryptsetup_shell' > "${BUILDROOT}"/etc/shells
}
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_binary "cryptsetup"
add_binary "dmsetup"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
cp /usr/lib/initcpio/hooks/encrypt-multidisk-ssh /tmp/cryptsetup_shell
cat >> /tmp/cryptsetup_shell <<EOF
sed 's/ /\n/g' /proc/cmdline | grep = > /linux.cmdline
source /linux.cmdline
rm /linux.cmdline
run_hook
EOF
add_binary "/tmp/cryptsetup_shell" "/bin/cryptsetup_shell"
rm /tmp/cryptsetup_shell
make_etc_passwd
add_runscript
}
help() {
cat <<HELPEOF
This hook allows for multiple encrypted root devices. Users should specify the
device to be unlocked using 'cryptdevice=device:dmname' on the kernel command
line, where 'device' is the path to the raw device, and 'dmname' is the name
given to the device after unlocking, and will be available as /dev/mapper/dmname.
Subsequent devices must be specified the same way, but with cryptdevice1=,
cryptdevice2= and so on, in order. Passwords will be cached and attempted to
re-use them on the next device, and if that fails, a new password will be asked
for.
For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
the kernel cmdline, where 'device' represents the raw block device where the key
exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
the absolute path of the keyfile within the device.
Without specifying a keyfile, you will be prompted for the password at runtime.
This means you must have a keyboard available to input it, and you may need
the keymap hook as well to ensure that the keyboard is using the layout you
expect.
HELPEOF
}
# vim: set ft=sh ts=4 sw=4 et: