testnet/dtrfs
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

encryption and decryption works

Browse Source
This commit is contained in:
ghe0 2024-11-09 22:41:45 +02:00
parent f86c6fb9fa
commit 7e3d33093a
Signed by: ghe0
GPG Key ID: 451028EE56A0FBB4
4 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
create.sh
View File

@ -20,6 +20,7 @@ install_binary $(which mkfs.ext4)
install_binary $(which fsarchiver) install_binary $(which fsarchiver)
install_kmod install_kmod
install_busybox install_busybox
install_guest_api
echo_cyan "Installing scripts..." echo_cyan "Installing scripts..."
install_init_script install_init_script

14
creator_functions.sh
View File

@ -148,6 +148,20 @@ scan_modules() {
done <<< "$( echo "$drivers" )" done <<< "$( echo "$drivers" )"
} }
install_guest_api() {
my_location="$(pwd)"
echo_blue "Building guest_api with cargo and saving log to ${my_location}/guest_api.log"
git clone git@gitea.detee.cloud:SNP/remote_decryption.git
cd remote_decryption/guest_api
# TODO: stick to master branch after code stabilizes
git checkout dtrfs
cargo build --release > "${my_location}/guest_api.log" 2>&1 ||
echo_red "Failed to build guest_api"
strip --discard-all target/release/guest_api
install_binary "$(pwd)/target/release/guest_api"
cd $my_location
}
create_archive() { create_archive() {
local archive="detee-$(hostnamectl hostname)-${KERNEL}.cpio.gz" local archive="detee-$(hostnamectl hostname)-${KERNEL}.cpio.gz"
echo_cyan "Creating archive $archive" echo_cyan "Creating archive $archive"

12
init.sh
View File

@ -1,18 +1,24 @@
#!/bin/bash #!/bin/bash
source /init_functions.sh source /init_functions.sh
export INSTALL_URL="/tmp/detee_install_url"
export INSTALL_SHA="/tmp/detee_install_sha"
export ROOT_KEYFILE="/tmp/detee_root_keyfile"
create_mounts create_mounts
load_modules load_modules
create_certs create_certs
setup_network setup_network
# TODO: replace hardcoded URL with guest_api guest_api || echo DeTEE API got killed by the user.
echo "http://192.168.122.226/arch_base_dir.fsa" > /tmp/install_url
if [[ -f "/tmp/install_url" ]]; then if [[ -f "$INSTALL_URL" ]]; then
install_os install_os
else else
mount_root mount_root
fi fi
# TODO: move ssh key to the guest API
github_ssh_key github_ssh_key
exec switch_root /mnt /sbin/init "$@" exec switch_root /mnt /sbin/init "$@"

16
init_functions.sh
View File

@ -66,11 +66,13 @@ setup_network() {
} }
install_os() { install_os() {
local url="$(cat /tmp/install_url)" hostname='' local url="$(cat $INSTALL_URL)" hostname=''
blkid | grep vda1 | grep ext4 && { # mount root if it exists
blkid | grep vda1 | grep LUKS && {
mount_root mount_root
return 0 return 0
} }
# install OS if disk is empty
( (
echo n echo n
echo p echo p
@ -79,9 +81,12 @@ install_os() {
echo echo
echo w echo w
) | fdisk /dev/vda ) | fdisk /dev/vda
mkfs.ext4 /dev/vda1 cryptsetup luksFormat --batch-mode -d $ROOT_KEYFILE /dev/vda1
mount_root cryptsetup open -d $ROOT_KEYFILE /dev/vda1 root
mkfs.ext4 /dev/mapper/root
mount /dev/mapper/root /mnt
wget -O /mnt/template.fsa "$url" wget -O /mnt/template.fsa "$url"
sha256sum /mnt/template.fsa | grep $(cat ${INSTALL_SHA}) || exit 1
fsarchiver restdir /mnt/template.fsa / fsarchiver restdir /mnt/template.fsa /
rm /mnt/template.fsa rm /mnt/template.fsa
# TODO: decide for UX if maybe we should allow user to inject fstab # TODO: decide for UX if maybe we should allow user to inject fstab
@ -106,5 +111,6 @@ github_ssh_key() {
} }
mount_root() { mount_root() {
mount /dev/vda1 /mnt cryptsetup open -d $ROOT_KEYFILE /dev/vda1 root
mount /dev/mapper/root /mnt
} }