Module Name: src
Committed By: khorben
Date: Mon Jul 15 00:25:38 UTC 2013
Added Files:
src/distrib/common: cgdroot.rc list.cgdroot mtree.cgdroot
Log Message:
Common definitions for full-disk encryption support, including the rc script
responsible for asking the passphrase and chrooting. wsconsctl is also built
and used in case a splash screen is enabled.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/distrib/common/cgdroot.rc \
src/distrib/common/list.cgdroot src/distrib/common/mtree.cgdroot
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/distrib/common/cgdroot.rc
diff -u /dev/null src/distrib/common/cgdroot.rc:1.1
--- /dev/null Mon Jul 15 00:25:38 2013
+++ src/distrib/common/cgdroot.rc Mon Jul 15 00:25:38 2013
@@ -0,0 +1,60 @@
+# $NetBSD: cgdroot.rc,v 1.1 2013/07/15 00:25:38 khorben Exp $
+#
+# Copyright (c) 2013 Pierre Pronchery <[email protected]>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+TERM=wsvt25
+export TERM
+HOME=/
+export HOME
+BLOCKSIZE=1k
+export BLOCKSIZE
+EDITOR=ed
+export EDITOR
+
+umask 022
+
+mount -o ro /dev/wd0a /etc/cgd
+if [ $? -ne 0 ]; then
+ echo "Could not mount the boot partition" 1>&2
+ exit 2
+fi
+/sbin/wsconsctl -d -w splash.enable=0 > /dev/null 2>&1
+cgdconfig -C
+if [ $? -ne 0 ]; then
+ echo "Could not decrypt the encrypted volume" 1>&2
+ umount /etc/cgd
+ exit 2
+fi
+mount -o ro /dev/cgd0a /altroot
+if [ $? -ne 0 ]; then
+ echo "Could not mount the root partition" 1>&2
+ cgdconfig -U
+ umount /etc/cgd
+ exit 2
+fi
+umount /etc/cgd
+/sbin/wsconsctl -d -w splash.enable=1 > /dev/null 2>&1
+sysctl -w init.root=/altroot
Index: src/distrib/common/list.cgdroot
diff -u /dev/null src/distrib/common/list.cgdroot:1.1
--- /dev/null Mon Jul 15 00:25:38 2013
+++ src/distrib/common/list.cgdroot Mon Jul 15 00:25:38 2013
@@ -0,0 +1,10 @@
+# $NetBSD: list.cgdroot,v 1.1 2013/07/15 00:25:38 khorben Exp $
+#
+# list file (c.f. parselist.awk) for cgd full-disk encryption.
+#
+
+PROG sbin/cgdconfig
+PROG sbin/wsconsctl
+LIBS -lcrypto
+
+COPY ${NETBSDSRCDIR}/distrib/common/cgdroot.rc etc/rc
Index: src/distrib/common/mtree.cgdroot
diff -u /dev/null src/distrib/common/mtree.cgdroot:1.1
--- /dev/null Mon Jul 15 00:25:38 2013
+++ src/distrib/common/mtree.cgdroot Mon Jul 15 00:25:38 2013
@@ -0,0 +1,8 @@
+# $NetBSD: mtree.cgdroot,v 1.1 2013/07/15 00:25:38 khorben Exp $
+
+/set type=dir uname=root gname=wheel mode=0755
+
+.
+./altroot
+./etc
+./etc/cgd mode=0700
