[Fedora-livecd-list] tools/livecd-iso-to-disk.sh

Fri, 19 Dec 2008 10:57:52 -0800 

 tools/livecd-iso-to-disk.sh |   20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

New commits:
commit 44f4ec462d011e5dec4c67d7559538c3b8f08a0f
Author: Matt Domsch <[email protected]>
Date:   Fri Dec 19 13:56:09 2008 -0500

    Improvements for encrypted /home setup (#475399)
    
    1) if you're going to use an encrypted volume, it's best to pre-fill the 
volume
    with random data.  Using /dev/urandom, it's fast enough.  Only do this for
    non-sparse-file-backed encrypted home.  Could arguably drop 
sparse-file-backed
    encrypted home and do this everywhere, but that would definitely be slower.
    
    2) if any of the cryptsetup commands fail (bad password typed), keep trying.
    Otherwise, a typo means the whole process dies badly and you have to start 
from
    scratch.

diff --git a/tools/livecd-iso-to-disk.sh b/tools/livecd-iso-to-disk.sh
index 4414c4e..5371db1 100755
--- a/tools/livecd-iso-to-disk.sh
+++ b/tools/livecd-iso-to-disk.sh
@@ -510,19 +510,29 @@ fi
 
 if [ "$homesizemb" -gt 0 ]; then
     echo "Initializing persistent /home"
+    homesource=/dev/zero
+    [ -n "$cryptedhome" ] && homesource=/dev/urandom
     if [ "$USBFS" = "vfat" ]; then
        # vfat can't handle sparse files
-       dd if=/dev/zero of=$USBMNT/LiveOS/$HOMEFILE count=$homesizemb bs=1M
+       dd if=${homesource} of=$USBMNT/LiveOS/$HOMEFILE count=$homesizemb bs=1M
     else
        dd if=/dev/null of=$USBMNT/LiveOS/$HOMEFILE count=1 bs=1M 
seek=$homesizemb
     fi
     if [ -n "$cryptedhome" ]; then
        loop=$(losetup -f)
        losetup $loop $USBMNT/LiveOS/$HOMEFILE
-        echo "Encrypting persistent /home"
-        cryptsetup luksFormat -y -q $loop
-        echo "Please enter the password again to unlock the device"
-        cryptsetup luksOpen $loop EncHomeFoo
+       setupworked=1
+       until [ ${setupworked} == 0 ]; do
+            echo "Encrypting persistent /home"
+            cryptsetup luksFormat -y -q $loop
+           setupworked=$?
+       done
+       setupworked=1
+       until [ ${setupworked} == 0 ]; do
+            echo "Please enter the password again to unlock the device"
+            cryptsetup luksOpen $loop EncHomeFoo
+           setupworked=$?
+       done
         mke2fs -j /dev/mapper/EncHomeFoo
        tune2fs -c0 -i0 -ouser_xattr,acl /dev/mapper/EncHomeFoo
         cryptsetup luksClose EncHomeFoo


--
Fedora-livecd-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-livecd-list

Reply via email to