个人工具
登录
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:FeistyLUKSTwoFormFactor”的源代码
来自Ubuntu中文
←
UbuntuHelp:FeistyLUKSTwoFormFactor
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
== Modify Cryptsetup Scripts == You should have a bootable, stable server installation and and encrypted USB flash drive completed. The Feisty Fawn 7.04 cryptsetup scripts do not contain enough code to address an interactive two form factor authentication. A set of scripts must be modified. === /usr/share/initramfs-tools/hooks/cryptroot === Copy the diff into a temporary patch file and apply. <pre><nowiki> vi /tmp/patch1 </nowiki></pre> <pre><nowiki> --- cryptroot.orig 2007-04-14 17:52:22.000000000 -0500 +++ cryptroot 2007-07-03 18:32:16.000000000 -0500 @@ -156,6 +156,7 @@ extraopts="$2" KEYSCRIPT="" OPTIONS="" + TWOFORM=0 if [ -z "$target" ]; then echo "cryptsetup: WARNING: get_device_opts - invalid arguments" >&2 @@ -223,6 +224,10 @@ opt=$(basename "$opt") OPTIONS="$OPTIONS,keyscript=/keyscripts/$opt" ;; + twoform=*) + OPTIONS="$OPTIONS,$opt" + TWOFORM=1 + ;; *) # Presumably a non-supported option ;; @@ -234,6 +239,14 @@ echo "cryptsetup: WARNING: target $target uses a key file, skipped" >&2 return 1 fi + + # If twoform set then it depends on "key" and KEYSCRIPT + if [ $TWOFORM -eq 1 ]; then + if [ "$key" = "none" ] || [ -z "$KEYSCRIPT" ]; then + echo "cryptsetup: WARNING: target $target uses twoform and depends on key and keyscript, skipped" >&2 + return 1 + fi + fi } get_device_modules() { </nowiki></pre> <pre><nowiki> patch -b -l /usr/share/initramfs-tools/hooks/cryptroot < /tmp/patch1 </nowiki></pre> === /usr/share/initramfs-tools/scripts/local-top/cryptroot === Copy the diff into a temporary patch file and apply. ''vgchange doesn't exist in the initramfs so but lvm does.'' <pre><nowiki> vi /tmp/patch2 </nowiki></pre> <pre><nowiki> --- cryptroot.orig 2007-04-14 17:52:22.000000000 -0500 +++ cryptroot 2007-07-03 18:33:33.000000000 -0500 @@ -43,6 +43,7 @@ cryptlvm="" cryptkeyscript="" cryptkey="" # This is only used as an argument to an eventual keyscript + crypttwoform="" # TwoForm factor local IFS=" ," for x in $cryptopts; do @@ -68,6 +69,9 @@ keyscript=*) cryptkeyscript=${x#keyscript=} ;; + twoform=*) + crypttwoform=${x#twoform=} + ;; key=*) if [ "${x#key=}" != "none" ]; then cryptkey=${x#key=} @@ -89,7 +93,7 @@ vg="${1#/dev/mapper/}" # Sanity checks - if [ ! -x /sbin/vgchange ] || [ "$vg" = "$1" ]; then + if [ ! -x /sbin/lvm ] || [ "$vg" = "$1" ]; then return 1 fi @@ -104,7 +108,7 @@ # Reduce padded --'s to -'s vg=$(echo ${vg} | sed -e 's#--#-#g') - vgchange -ay ${vg} + lvm vgchange -ay ${vg} return $? } @@ -189,6 +193,7 @@ # Try to get a satisfactory password three times count=0 + ckscon=y while [ $count -lt 3 ]; do count=$(( $count + 1 )) @@ -200,23 +205,38 @@ sleep 2 fi - if [ -n "$cryptkeyscript" ]; then + if [ -n "$cryptkeyscript" ] && [ "$ckscon" = "y" ]; then if [ ! -x "$cryptkeyscript" ]; then echo "cryptsetup: error - $cryptkeyscript missing" return 1 fi - $cryptkeyscript $cryptkey < /dev/console | $cryptcreate --key-file=- + + if [ -z $crypttwoform ]; then + $cryptkeyscript $cryptkey < /dev/console | $cryptcreate --key-file=- + else + $cryptkeyscript $cryptkey < /dev/console + $cryptcreate --key-file=/mnt/cryptkeys$crypttwoform + fi else $cryptcreate < /dev/console fi if [ $? -ne 0 ]; then echo "cryptsetup: cryptsetup failed, bad password or options?" + if [ -n "$cryptkeyscript" ]; then + echo -n "Continue using the cryptkeyscript? [y/n]: " + read ckscon < /dev/console + fi + sleep 3 continue elif [ ! -e "$NEWROOT" ]; then echo "cryptsetup: unknown error setting up device mapping" return 1 + elif [ -n $crypttwoform ] && [ -n $cryptkeyscript ] && [ -e $cryptkey ]; then + # The keyscript was called at least once so call the + # keyscript again to unmount the usb cryptkey device. + $cryptkeyscript $cryptkey fi FSTYPE='' </nowiki></pre> <pre><nowiki> patch -b -l /usr/share/initramfs-tools/scripts/local-top/cryptroot < /tmp/patch2 </nowiki></pre> === /usr/share/initramfs-tools/scripts/init-bottom/udev === There is a quirk whereby the ''lvm-on-luks'' mappings are overwritten with the `/dev` filesystem is remounted for read write. We need `mapper` for the lvm mounts to funtion on boot. <pre><nowiki> vi /tmp/patch3 </nowiki></pre> <pre><nowiki> --- udev.orig 2007-04-10 09:03:36.000000000 -0500 +++ udev 2007-07-03 18:13:46.000000000 -0500 @@ -27,5 +27,5 @@ # Move the real filesystem's /dev to beneath our tmpfs, then move it all # to the real filesystem mkdir -m 0700 -p /dev/.static/dev -mount -n -o bind ${rootmnt}/dev /dev/.static/dev +mount -n -o bind /dev/.static/dev ${rootmnt}/dev mount -n -o move /dev ${rootmnt}/dev </nowiki></pre> <pre><nowiki> patch -b -l /usr/share/initramfs-tools/scripts/init-bottom/udev < /tmp/patch3 </nowiki></pre> After patching, if backups were created, remove them so as not to 'corrupt' the initramfs build. <pre><nowiki> rm /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig rm /usr/share/initramfs-tools/hooks/cryptroot.orig rm /usr/share/initramfs-tools/scripts/init-bottom/udev.orig </nowiki></pre>
返回至
UbuntuHelp:FeistyLUKSTwoFormFactor
。