Module Name: src Committed By: khorben Date: Mon Jul 15 00:25:38 UTC 2013
Added Files: src/distrib/common: cgdroot.rc list.cgdroot mtree.cgdroot Log Message: Common definitions for full-disk encryption support, including the rc script responsible for asking the passphrase and chrooting. wsconsctl is also built and used in case a splash screen is enabled. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/distrib/common/cgdroot.rc \ src/distrib/common/list.cgdroot src/distrib/common/mtree.cgdroot Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Added files: Index: src/distrib/common/cgdroot.rc diff -u /dev/null src/distrib/common/cgdroot.rc:1.1 --- /dev/null Mon Jul 15 00:25:38 2013 +++ src/distrib/common/cgdroot.rc Mon Jul 15 00:25:38 2013 @@ -0,0 +1,60 @@ +# $NetBSD: cgdroot.rc,v 1.1 2013/07/15 00:25:38 khorben Exp $ +# +# Copyright (c) 2013 Pierre Pronchery <khor...@defora.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +export PATH +TERM=wsvt25 +export TERM +HOME=/ +export HOME +BLOCKSIZE=1k +export BLOCKSIZE +EDITOR=ed +export EDITOR + +umask 022 + +mount -o ro /dev/wd0a /etc/cgd +if [ $? -ne 0 ]; then + echo "Could not mount the boot partition" 1>&2 + exit 2 +fi +/sbin/wsconsctl -d -w splash.enable=0 > /dev/null 2>&1 +cgdconfig -C +if [ $? -ne 0 ]; then + echo "Could not decrypt the encrypted volume" 1>&2 + umount /etc/cgd + exit 2 +fi +mount -o ro /dev/cgd0a /altroot +if [ $? -ne 0 ]; then + echo "Could not mount the root partition" 1>&2 + cgdconfig -U + umount /etc/cgd + exit 2 +fi +umount /etc/cgd +/sbin/wsconsctl -d -w splash.enable=1 > /dev/null 2>&1 +sysctl -w init.root=/altroot Index: src/distrib/common/list.cgdroot diff -u /dev/null src/distrib/common/list.cgdroot:1.1 --- /dev/null Mon Jul 15 00:25:38 2013 +++ src/distrib/common/list.cgdroot Mon Jul 15 00:25:38 2013 @@ -0,0 +1,10 @@ +# $NetBSD: list.cgdroot,v 1.1 2013/07/15 00:25:38 khorben Exp $ +# +# list file (c.f. parselist.awk) for cgd full-disk encryption. +# + +PROG sbin/cgdconfig +PROG sbin/wsconsctl +LIBS -lcrypto + +COPY ${NETBSDSRCDIR}/distrib/common/cgdroot.rc etc/rc Index: src/distrib/common/mtree.cgdroot diff -u /dev/null src/distrib/common/mtree.cgdroot:1.1 --- /dev/null Mon Jul 15 00:25:38 2013 +++ src/distrib/common/mtree.cgdroot Mon Jul 15 00:25:38 2013 @@ -0,0 +1,8 @@ +# $NetBSD: mtree.cgdroot,v 1.1 2013/07/15 00:25:38 khorben Exp $ + +/set type=dir uname=root gname=wheel mode=0755 + +. +./altroot +./etc +./etc/cgd mode=0700