AlaK4X
Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64



Your IP : 3.142.36.215


Current Path : /usr/share/initramfs-tools/hooks/
Upload File :
Current File : //usr/share/initramfs-tools/hooks/cryptgnupg-sc

#!/bin/sh

set -e

PREREQ="cryptroot"

prereqs()
{
	echo "$PREREQ"
}

case "$1" in
    prereqs)
        prereqs
        exit 0
        ;;
esac

. /usr/share/initramfs-tools/hook-functions
. /lib/cryptsetup/functions

if [ ! -x "$DESTDIR/lib/cryptsetup/scripts/decrypt_gnupg-sc" ] || [ ! -f "$TABFILE" ]; then
    exit 0
fi

# Hooks for loading gnupg software and encrypted key into the initramfs
copy_keys() {
    crypttab_parse_options
    if [ "${CRYPTTAB_OPTION_keyscript-}" = "/lib/cryptsetup/scripts/decrypt_gnupg-sc" ]; then
        if [ -f "$CRYPTTAB_KEY" ]; then
            [ -f "$DESTDIR$CRYPTTAB_KEY" ] || copy_file keyfile "$CRYPTTAB_KEY" || RV=$?
        else
            cryptsetup_message "ERROR: Target $CRYPTTAB_NAME has a non-existing key file $CRYPTTAB_KEY"
            RV=1
        fi
    fi
}

RV=0
crypttab_foreach_entry copy_keys

PUBRING="/etc/cryptsetup-initramfs/pubring.gpg"
if [ ! -f "$PUBRING" ]; then
    cryptsetup_message "WARNING: $PUBRING: No such file"
else
    [ -d "$DESTDIR/cryptroot/gnupghome" ] || mkdir -pm0700 "$DESTDIR/cryptroot/gnupghome"
    # let gpg(1) create the keyring on the fly; we're not relying on its
    # internals since it's the very same binary we're copying to the
    # initramfs
    /usr/bin/gpg --no-options --no-autostart --trust-model=always \
        --quiet --batch --no-tty --logger-file=/dev/null \
        --homedir="$DESTDIR/cryptroot/gnupghome" --import <"$PUBRING"
    # make sure not to clutter the initramfs with backup keyrings
    find "$DESTDIR/cryptroot" -name "*~" -type f -delete
fi

copy_exec /usr/bin/gpg
copy_exec /usr/bin/gpg-agent
copy_exec /usr/lib/gnupg/scdaemon
copy_exec /usr/bin/gpgconf
copy_exec /usr/bin/gpg-connect-agent

if [ ! -x "$DESTDIR/usr/bin/pinentry" ]; then
    if [ -x "/usr/bin/pinentry-curses" ]; then
        pinentry="/usr/bin/pinentry-curses"
    elif [ -x "/usr/bin/pinentry-tty" ]; then
        pinentry="/usr/bin/pinentry-tty"
    else
        cryptsetup_message "ERROR: missing required binary pinentry-curses or pinentry-tty"
        RV=1
    fi
    copy_exec "$pinentry"
    ln -s "$pinentry" "$DESTDIR/usr/bin/pinentry"
fi
[ -f "$DESTDIR/lib/terminfo/l/linux" ] || copy_file terminfo /lib/terminfo/l/linux || RV=$?

exit $RV