ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 21:17:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

path substitution still not working. This is PoC to be tested. Had to go

Browse Source
This commit is contained in:
Thierry Laurion 2023-09-01 18:19:29 -04:00
parent a2a30020c0
commit 0ba10e5174
No known key found for this signature in database
GPG Key ID: E7B4A71658E36A93
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
initrd/bin/kexec-save-default
View File

@ -313,14 +313,22 @@ if [ "$save_key" = "y" ]; then
echo "$crypttab_files" | while read filepath; do echo "$crypttab_files" | while read filepath; do
# Keep only non-commented lines # Keep only non-commented lines
current_filepath_entries=$(cat "$filepath" | grep -v "^#") current_filepath_entries=$(cat "$filepath" | grep -v "^#")
DEBUG "Found crypttab entries in $filepath: $current_filepath_entries"
# Modify each retained crypttab line to contain to be injected /secret.key at next default boots # Modify each retained crypttab line to contain to be injected /secret.key at next default boots
modified_filepath_entries=$(echo "$current_filepath_entries" | sed 's/none/\/secret.key/g') modified_filepath_entries=$(echo "$current_filepath_entries" | sed 's/none/\/secret.key/g')
DEBUG "Modified crypttab entries in $filepath: $modified_filepath_entries"
# Mofify paths to remove path of where files were extracted to be those files need to be put in initramfs
modified_filepath_entries=$(echo "$modified_filepath_entries" | awk -v var="$initrd_decompressed" '{gsub(var,"")}1')
DEBUG "Modified crypttab filepath entries in $filepath: $modified_filepath_entries"
# Get the relative path of the filepath
modified_filepath=$(echo "$filepath" | cut -d'/' -f2-)
echo "$modified_filepath_entries" | while read single_modified_filepath_entry; do echo "$modified_filepath_entries" | while read single_modified_filepath_entry; do
# Append each found filepath:entry into additional kexec_ file that will be part of detached signed digest # Append each found filepath:entry into additional kexec_ file that will be part of detached signed digest
echo "$filepath:$single_modified_filepath_entry" >>$bootdir/kexec_initrd_crypttab_overrides.txt echo "$modified_filepath:$single_modified_filepath_entry" >>$bootdir/kexec_initrd_crypttab_overrides.txt
done done
done done
#insert current default boot's initrd crypttab locations into tracking file to be overwritten into initramfs at kexec-inject-key #insert current default boot's initrd crypttab locations into tracking file to be overwritten into initramfs at kexec-inject-key
echo "+++ The following OS crypttab file:entry were modified from default boot's initrd:" echo "+++ The following OS crypttab file:entry were modified from default boot's initrd:"
cat $bootdir/kexec_initrd_crypttab_overrides.txt cat $bootdir/kexec_initrd_crypttab_overrides.txt