From 233c31601957509a6a4777c7390381a943569684 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 19:05:53 +0200 Subject: [PATCH] Remove custom encrypt initcpio hook --- config-root.yaml | 4 - root/usr/lib/initcpio/hooks/encrypt | 149 ---------------------------- 2 files changed, 153 deletions(-) delete mode 100644 root/usr/lib/initcpio/hooks/encrypt diff --git a/config-root.yaml b/config-root.yaml index 05d3c267..0b292e37 100644 --- a/config-root.yaml +++ b/config-root.yaml @@ -101,9 +101,6 @@ dotfiles: f_pacserve.service.conf: src: etc/pacserve/pacserve.service.conf dst: /etc/pacserve/pacserve.service.conf - f_encrypt: - src: usr/lib/initcpio/hooks/encrypt - dst: /usr/lib/initcpio/hooks/encrypt profiles: Network: dotfiles: @@ -137,7 +134,6 @@ profiles: - f_20-quiet-printk.conf - f_system.conf - f_cpupower - - f_encrypt include: - Locale - Pacman diff --git a/root/usr/lib/initcpio/hooks/encrypt b/root/usr/lib/initcpio/hooks/encrypt deleted file mode 100644 index a25c1f60..00000000 --- a/root/usr/lib/initcpio/hooks/encrypt +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/ash - -run_hook() { - modprobe -a -q dm-crypt >/dev/null 2>&1 - [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" - - # Get keyfile if specified - ckeyfile="/crypto_keyfile.bin" - if [ -n "$cryptkey" ]; then - IFS=: read ckdev ckarg1 ckarg2 </dev/null 2>&1 - umount /ckey - ;; - *) - # Read raw data from the block device - # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 - ;; - esac - fi - [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." - fi - - if [ -n "${cryptdevice}" ]; then - DEPRECATED_CRYPT=0 - IFS=: read cryptdev cryptname cryptoptions <&2 - ;; - esac - done - set +f - IFS="$OLDIFS" - unset OLDIFS - - if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then - if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - dopassphrase=1 - # If keyfile exists, try to use that - if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then - dopassphrase=0 - else - echo "Invalid keyfile. Reverting to passphrase." - fi - fi - # Ask for a passphrase - if [ ${dopassphrase} -gt 0 ]; then - echo "" - echo "Enter password to decrypt disk:" - - #loop until we get a real password - while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do - sleep 2; - done - fi - if [ -e "/dev/mapper/${cryptname}" ]; then - if [ ${DEPRECATED_CRYPT} -eq 1 ]; then - export root="/dev/mapper/root" - fi - else - err "Password succeeded, but ${cryptname} creation failed, aborting..." - return 1 - fi - elif [ -n "${crypto}" ]; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - msg "Non-LUKS encrypted device found..." - if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then - err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" - err "Non-LUKS decryption not attempted..." - return 1 - fi - exe="cryptsetup open --type plain $resolved $cryptname $cryptargs" - IFS=: read c_hash c_cipher c_keysize c_offset c_skip <