fickit: Use dm-crypt key is not changed during updates
This commit is contained in:
parent
e8c5b540d1
commit
a80dd34d1b
|
|
@ -22,10 +22,10 @@ then
|
|||
FNAME="user-data"
|
||||
fi
|
||||
|
||||
export DM_CRYPT=$(jq -r '."dm-crypt".entries.key.content' USER_DAT.\;1)
|
||||
export DHPARAM=$(jq -r '."tls_config".entries."dhparams-4096.pem".content' USER_DAT.\;1)
|
||||
export SYNCRO_PRIVATE_KEY=$(jq -r '.synchro.entries.id_ed25519.content' USER_DAT.\;1)
|
||||
export SYNCRO_PUBLIC_KEY=$(jq -r '.synchro.entries."id_ed25519.pub".content' USER_DAT.\;1)
|
||||
export DM_CRYPT=$(jq -r '."dm-crypt".entries.key.content' "${FNAME}")
|
||||
export DHPARAM=$(jq -r '."tls_config".entries."dhparams-4096.pem".content' "${FNAME}")
|
||||
export SYNCRO_PRIVATE_KEY=$(jq -r '.synchro.entries.id_ed25519.content' "${FNAME}")
|
||||
export SYNCRO_PUBLIC_KEY=$(jq -r '.synchro.entries."id_ed25519.pub".content' "${FNAME}")
|
||||
fi
|
||||
|
||||
which vault > /dev/null 2> /dev/null || { echo "Please install vault" >&2; exit 1; }
|
||||
|
|
|
|||
|
|
@ -2,7 +2,29 @@
|
|||
|
||||
mkdir -p /boot/imgs
|
||||
|
||||
# Backup the previous metadata
|
||||
mv fickit-metadata.iso fickit-metadata.iso.bak
|
||||
|
||||
for img in fickit-boot-kernel fickit-metadata.iso fickit-boot-initrd.img fickit-prepare-initrd.img fickit-frontend-squashfs.img fickit-backend-squashfs.img fickit-update-initrd.img
|
||||
do
|
||||
wget -O "/boot/imgs/${img}" "$1/${img}"
|
||||
done
|
||||
|
||||
# Check dm-crypt key not changed
|
||||
ISO=$(mktemp -d)
|
||||
mount /boot/imgs/fickit-metadata.iso "${ISO}"
|
||||
|
||||
NEW_KEY=$(sed -rn 's/.*"content": "([^"]+)"$/\1/p' "${ISO}/user-data" | head -n 1)
|
||||
OLD_KEY=$(cat /run/config/dm-crypt/key)
|
||||
|
||||
[ "${NEW_KEY}" != "${OLD_KEY}" ] && {
|
||||
read -p "DM-CRYPT key changed in metadata, are you sure you want to erase it? (y/N) " V
|
||||
echo
|
||||
echo "Metadata drive not erased"
|
||||
echo
|
||||
[ "$V" != "n" ] && [ "$V" != "N" ] && while true; do
|
||||
/bin/ash
|
||||
done
|
||||
}
|
||||
|
||||
dd if=/boot/imgs/fickit-metadata.iso of="$2"
|
||||
|
|
|
|||
|
|
@ -141,8 +141,7 @@ files:
|
|||
do
|
||||
/root/install_grub ${DEFAULT_BOOT} "${DISK}"
|
||||
done
|
||||
/root/update_imgs "$(ip r | grep default | awk '{ print $3 }')"
|
||||
dd if=/boot/imgs/fickit-metadata.iso of=${META_PART}
|
||||
/root/update_imgs "$(ip r | grep default | awk '{ print $3 }')" "${META_PART}"
|
||||
} ||
|
||||
/bin/ash
|
||||
|
||||
|
|
|
|||
|
|
@ -34,8 +34,10 @@ files:
|
|||
mdadm --auto-detect
|
||||
mdadm --assemble /dev/md2 /dev/sd*1
|
||||
BOOT_PART=/dev/md2
|
||||
META_PART=/dev/md3
|
||||
else
|
||||
BOOT_PART=/dev/sda1
|
||||
META_PART=/dev/sda2
|
||||
fi
|
||||
|
||||
ip link set eth0 up
|
||||
|
|
@ -59,7 +61,7 @@ files:
|
|||
done
|
||||
|
||||
mount "${BOOT_PART}" /boot/ &&
|
||||
/root/update_imgs "${GW}" ||
|
||||
/root/update_imgs "${GW}" "${META_PART}" ||
|
||||
/bin/ash
|
||||
|
||||
umount /boot &&
|
||||
|
|
|
|||
Loading…
Reference in New Issue