diff options
Diffstat (limited to 'pre-partman.sh')
| -rwxr-xr-x | pre-partman.sh | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/pre-partman.sh b/pre-partman.sh index de391dd..61359a4 100755 --- a/pre-partman.sh +++ b/pre-partman.sh @@ -39,15 +39,15 @@ db_get fripost-install/full-disk-encryption-password keyfile=~root/root.key if [ -n "$RET" ]; then - touch "$keyfile" - chmod 0644 "$keyfile" - echo $RET >> "$keyfile" - # TODO: remove passord from debconf + touch "$keyfile" + chmod 0644 "$keyfile" + echo $RET >> "$keyfile" + # TODO: remove passord from debconf else anna-install openssh-server-udeb mkdir -pm0755 /etc/ssh/ - sshHostKey=/etc/ssh/ssh_host_rsa_key + sshHostKey=/etc/ssh/ssh_host_rsa_key ssh-keygen -b 4096 -t rsa -N '' -C $sshHostKey -f $sshHostKey cat > /etc/ssh/sshd_config <<- EOF @@ -82,7 +82,7 @@ else db_subst fripost-install/full-disk-encryption-slurpkey_text IPv4 \ "$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')" db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_SERVER \ - "$(ssh-keygen -lf $sshHostKey)" + "$(ssh-keygen -lf $sshHostKey)" db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_AUTHORIZED \ "$($root/preseed/sshfprs.sh ~root/.ssh/authorized_keys ' - ')" @@ -93,7 +93,7 @@ else db_go done - kill `cat /var/run/sshd.pid` || true + kill `cat /var/run/sshd.pid` || true fi @@ -106,7 +106,7 @@ db_get fripost-install/full-disk-encryption-fill dev="$RET" heartbeat () { - local pid sig sleep + local pid sig sleep pid=$1 sig=${2:-SIGHUP} sleep=${3:-1} @@ -204,10 +204,10 @@ anna-install cryptsetup-udeb crypto-dm-modules arch=$(uname -m) if [ x"$arch" = x"x86_64" ]; then - keysize=256 + keysize=256 hash=sha512 elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then - keysize=128 + keysize=128 hash=sha256 fi # Notes: 1/ XTS requires the key size to be doubled, 2/ We use AES128 @@ -215,9 +215,9 @@ fi # platforms. # TODO: Note: Generating key... (this may take a while) /sbin/cryptsetup -q --align-payload $grain \ - --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ - --iter-time 5000 --use-random --key-file="$keyfile" \ - luksFormat $system + --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ + --iter-time 5000 --use-random --key-file="$keyfile" \ + luksFormat $system /sbin/cryptsetup luksOpen --key-file="$keyfile" $system system_crypt rm "$keyfile" # We are on a ramdisk, so it's good enough to unlink(2) |