From a64e8005a6bc0004c77a2baff8b28e3a0f031e8e Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 7 Oct 2013 06:16:09 +0200 Subject: Factorized disk-wiping. --- fripost-install.template | 16 ++++-- pre-partman.sh | 127 +++++++++++++++++++++++++++-------------------- 2 files changed, 84 insertions(+), 59 deletions(-) diff --git a/fripost-install.template b/fripost-install.template index 696d6e0..44b3418 100644 --- a/fripost-install.template +++ b/fripost-install.template @@ -14,8 +14,16 @@ Type: password Default: Description: Password for full-disk encryption. -Template: fripost-install/full-disk-encryption-fillrandom +Template: fripost-install/full-disk-encryption-fill Type: select -Default: badblocks -Choices: none, badblocks, urandom, random -Description: How to fill the disk with random data before encryption. +Default: zero +Choices: none, zero, urandom, random +Description: Which kind of data fill the disk with before encryption. + +Template: fripost-install/full-disk-encryption-fill_progress_title +Type: text +Description: Filling ${DISK} with ${SIZE} ${WHAT} + +Template: fripost-install/full-disk-encryption-fill_progress_info +Type: text +Description: ${COMMAND} diff --git a/pre-partman.sh b/pre-partman.sh index 0aa93bd..79436ee 100755 --- a/pre-partman.sh +++ b/pre-partman.sh @@ -75,68 +75,85 @@ else /usr/sbin/sshd # Tell the user we're ready - ipv4="$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')" - template=$(mktemp) - - cat > "$template" <<- EOF - Template: cryptsetup-ssh-slurpkey/title - Type: note - Description: Waiting for passphrase - - Template: cryptsetup-ssh-slurpkey/text - Type: note - Description: Press 'continue' once you have sent the key - You now need to send the encryption key for LUKS/dm-crypt to - this special-purpose SSH server: - . - ssh -T -p 22 -l root $ipv4 < /path/to/key - . - To defeat MiTM-attacks, please ensure that the server fingerprint matches - . - $(ssh-keygen -lf $sshHostKey) - . - Key(s) that are granted access have the following fingerprint: - . - EOF - while read pk; do - # ssh-keygen can't read from STDIN, and ash doesn't have the '<<<' - # construct, so we save each pubkey in a temporary file - pkf=$(mktemp) - echo "$pk" > "$pkf" - echo " - $(ssh-keygen -lf $pkf)" >> "$template" - rm "$pkf" - done < ~root/.ssh/authorized_keys - cat >> $template <<- EOF - . - Note: This server is ephemeral, and will be replaced with a full-blown - one toward the end of the installation. - EOF - - debconf-loadtemplate cryptsetup-ssh-slurpkey "$template" - # Anything sent to the SSH is stored into ~root/root.key, which is our - # LUKS key. - until test -r ~root/root.key; do - db_settitle cryptsetup-ssh-slurpkey/title - db_input critical cryptsetup-ssh-slurpkey/text + db_subst fripost-install/full-disk-encryption-slurpkey_text IPv4 \ + "$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')" + db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_SERVER \ + "$(ssh-keygen -lf $sshHostKey)" + db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_AUTHORIZED \ + "$($root/preseed/sshfprs.sh ~root/.ssh/authorized_keys ' - ')" + + # Anything sent to the SSH is stored into $keyfile, which is our LUKS key. + until test -r "$keyfile"; do + db_settitle fripost-install/full-disk-encryption-slurpkey_title + db_input critical fripost-install/full-disk-encryption-slurpkey_text db_go done kill `cat /var/run/sshd.pid` || true fi -db_input high fripost-install/full-disk-encryption-fillrandom || true + +############################################################################## +# Fill the disk with random data + +db_input high fripost-install/full-disk-encryption-fill || true db_go -db_get fripost-install/full-disk-encryption-fillrandom +db_get fripost-install/full-disk-encryption-fill +dev="$RET" + +heartbeat () { + local pid sig sleep + pid=$1 + sig=${2:-SIGHUP} + sleep=${3:-1} + + until false; do + sleep $sleep + /bin/kill -$sig $pid 2>/dev/null || break + done +} +if [ x"$RET" != x"none" ]; then + source="/dev/$RET" + bs=4096 + disk=$(list-devices disk | head -1) + size=$(parted_devices "$disk" | cut -f2) + + fill="dd if=$source of=$disk bs=$bs" + db_subst fripost-install/full-disk-encryption-fill_progress_title DISK "$disk" + db_subst fripost-install/full-disk-encryption-fill_progress_title SIZE "$size" + if [ x"$source" = x"/dev/zero" ]; then + db_subst fripost-install/full-disk-encryption-fill_progress_title WHAT "zeroes" + elif [ x"$source" = x"/dev/random" -o x"$source" = x"/dev/urandom" ]; then + db_subst fripost-install/full-disk-encryption-fill_progress_title WHAT "bytes of random data" + else + db_subst fripost-install/full-disk-encryption-fill_progress_title WHAT "bytes" + fi + db_progress START 0 $(( $size / $bs )) fripost-install/full-disk-encryption-fill_progress_title + db_subst fripost-install/full-disk-encryption-fill_progress_info COMMAND "$fill" + db_progress INFO fripost-install/full-disk-encryption-fill_progress_info + + fifo=$(mktemp -u) + mknod "$fifo" p + trap 'echo kill $pid' EXIT + $fill 2> "$fifo" & pid=$! + heartbeat $pid USR1 & + + while read -u 7 n records dir; do + [ x"$records" = x"records" -a x"$dir" = x"out" ] && db_progress SET ${n%+*} + done 7< "$fifo" + + rm "$fifo" + trap '' EXIT + + db_progress STOP + db_unregister fripost-install/full-disk-encryption-fill_progress_title + db_unregister fripost-install/full-disk-encryption-fill_progress_info + + # http://horde.net/~jwm/blog/progress-bars-with-debconf/ + # http://horde.net/~jwm/blog/how-shell-scripts-communicate-with-debconf/ +fi + + -# Encrypt -## fill the disk with random crap (TODO: progress) -## partition the disk -## format /boot to ext2 -## gptsync -## seed sshd and authorized_keys, print the key, forcecommand: dump everything into /lib/cryptsetup/passfifo -# /sbin/cryptsetup --verbose --align-payload 12544 --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sdb3 -# /sbin/cryptsetup luksOpen … -# pvcreate, vgcreate -rm ~root/root.key -- cgit v1.2.3