From 502e1395982ce2002a058eb698509f9cdbee0ecc Mon Sep 17 00:00:00 2001 From: user <> Date: Tue, 5 Nov 2024 10:28:35 +0700 Subject: [PATCH] New option: CRYPTROOT_MAPPER. Make ROOT_MAPPER name for CRYPTROOT changable. --- extensions/fs-cryptroot-support.sh | 4 ++-- lib/functions/configuration/main-config.sh | 2 +- lib/functions/image/partitioning.sh | 6 +++--- lib/functions/image/rootfs-to-image.sh | 2 +- lib/functions/rootfs/trap-rootfs.sh | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/extensions/fs-cryptroot-support.sh b/extensions/fs-cryptroot-support.sh index a7b1613b69c2..6d42e88e00e4 100644 --- a/extensions/fs-cryptroot-support.sh +++ b/extensions/fs-cryptroot-support.sh @@ -26,10 +26,10 @@ function prepare_root_device__encrypt_root_device() { check_loop_device "$rootdevice" display_alert "Extension: ${EXTENSION}: Encrypting root partition with LUKS..." "cryptsetup luksFormat $rootdevice" "" echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksFormat $CRYPTROOT_PARAMETERS $rootdevice - - echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksOpen $rootdevice $ROOT_MAPPER - + echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksOpen $rootdevice $CRYPTROOT_MAPPER - display_alert "Extension: ${EXTENSION}: Root partition encryption complete." "" "ext" # TODO: pass /dev/mapper to Docker - rootdevice=/dev/mapper/$ROOT_MAPPER # used by `mkfs` and `mount` commands + rootdevice=/dev/mapper/$CRYPTROOT_MAPPER # used by `mkfs` and `mount` commands } function pre_install_kernel_debs__adjust_dropbear_configuration() { diff --git a/lib/functions/configuration/main-config.sh b/lib/functions/configuration/main-config.sh index d0df1d4210da..2833ce4f8d18 100644 --- a/lib/functions/configuration/main-config.sh +++ b/lib/functions/configuration/main-config.sh @@ -166,10 +166,10 @@ function do_main_configuration() { # Support for LUKS / cryptroot if [[ $CRYPTROOT_ENABLE == yes ]]; then enable_extension "fs-cryptroot-support" # add the tooling needed, cryptsetup - ROOT_MAPPER="armbian-root" # TODO: fixed name can't be used for parallel image building (rpardini: ?) if [[ -z $CRYPTROOT_PASSPHRASE ]]; then # a passphrase is mandatory if rootfs encryption is enabled exit_with_error "Root encryption is enabled but CRYPTROOT_PASSPHRASE is not set" fi + [[ -z $CRYPTROOT_MAPPER ]] && CRYPTROOT_MAPPER="armbian-root" # TODO: fixed name can't be used for parallel image building (rpardini: ?) [[ -z $CRYPTROOT_SSH_UNLOCK ]] && CRYPTROOT_SSH_UNLOCK=yes [[ -z $CRYPTROOT_SSH_UNLOCK_PORT ]] && CRYPTROOT_SSH_UNLOCK_PORT=2022 # Default to pdkdf2, this used to be the default with cryptroot <= 2.0, however diff --git a/lib/functions/image/partitioning.sh b/lib/functions/image/partitioning.sh index 2abf26c4ff1a..773ed9501579 100644 --- a/lib/functions/image/partitioning.sh +++ b/lib/functions/image/partitioning.sh @@ -310,7 +310,7 @@ function prepare_partitions() { local rootfs if [[ $CRYPTROOT_ENABLE == yes ]]; then # map the LUKS container partition via its UUID to be the 'cryptroot' device - echo "$ROOT_MAPPER UUID=${root_part_uuid} none luks" >> $SDCARD/etc/crypttab + echo "$CRYPTROOT_MAPPER UUID=${root_part_uuid} none luks" >> $SDCARD/etc/crypttab rootfs=$rootdevice # used in fstab else rootfs="UUID=$(blkid -s UUID -o value $rootdevice)" @@ -369,7 +369,7 @@ function prepare_partitions() { if [[ -f $SDCARD/boot/armbianEnv.txt ]]; then display_alert "Found armbianEnv.txt" "${SDCARD}/boot/armbianEnv.txt" "debug" if [[ $CRYPTROOT_ENABLE == yes ]]; then - echo "rootdev=$rootdevice cryptdevice=UUID=${root_part_uuid}:$ROOT_MAPPER" >> "${SDCARD}/boot/armbianEnv.txt" + echo "rootdev=$rootdevice cryptdevice=UUID=${root_part_uuid}:$CRYPTROOT_MAPPER" >> "${SDCARD}/boot/armbianEnv.txt" else echo "rootdev=$rootfs" >> "${SDCARD}/boot/armbianEnv.txt" fi @@ -389,7 +389,7 @@ function prepare_partitions() { sed -i -e "s/rootfstype \"ext4\"/rootfstype \"$ROOTFS_TYPE\"/" $SDCARD/boot/boot.ini if [[ $CRYPTROOT_ENABLE == yes ]]; then rootpart="UUID=${root_part_uuid}" - sed -i 's/^setenv rootdev .*/setenv rootdev "\/dev\/mapper\/'$ROOT_MAPPER' cryptdevice='$rootpart':'$ROOT_MAPPER'"/' $SDCARD/boot/boot.ini + sed -i 's/^setenv rootdev .*/setenv rootdev "\/dev\/mapper\/'$CRYPTROOT_MAPPER' cryptdevice='$rootpart':'$CRYPTROOT_MAPPER'"/' $SDCARD/boot/boot.ini else sed -i 's/^setenv rootdev .*/setenv rootdev "'$rootfs'"/' $SDCARD/boot/boot.ini fi diff --git a/lib/functions/image/rootfs-to-image.sh b/lib/functions/image/rootfs-to-image.sh index 7585374c9dc0..92dcc6625c34 100644 --- a/lib/functions/image/rootfs-to-image.sh +++ b/lib/functions/image/rootfs-to-image.sh @@ -119,7 +119,7 @@ function create_image_from_sdcard_rootfs() { wait_for_disk_sync "before umount MOUNT" umount_chroot_recursive "${MOUNT}" "MOUNT" - [[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "$ROOT_MAPPER" + [[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "$CRYPTROOT_MAPPER" call_extension_method "post_umount_final_image" "config_post_umount_final_image" <<- 'POST_UMOUNT_FINAL_IMAGE' *allow config to hack into the image after the unmount* diff --git a/lib/functions/rootfs/trap-rootfs.sh b/lib/functions/rootfs/trap-rootfs.sh index 15911c3501a6..ce8ba64ce19a 100644 --- a/lib/functions/rootfs/trap-rootfs.sh +++ b/lib/functions/rootfs/trap-rootfs.sh @@ -63,7 +63,7 @@ function trap_handler_cleanup_rootfs_and_image() { # unmount tmpfs mounted on SDCARD if it exists. #@TODO: move to new tmpfs-utils scheme mountpoint -q "${SDCARD}" && umount "${SDCARD}" - [[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "${ROOT_MAPPER}" + [[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose "${CRYPTROOT_MAPPER}" if [[ "${PRESERVE_SDCARD_MOUNT}" == "yes" ]]; then display_alert "Preserving SD card mount" "trap_handler_cleanup_rootfs_and_image" "warn"