blob: c5cebca569a4a210da6b43ea63a6991c02d44655 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/x11-themes/smooth-themes/smooth-themes-0.5.8-r1.ebuild,v 1.8 2007/07/11 02:54:47 leio Exp $
inherit
DESCRIPTION="A script (and some initrd utils) for using a smartcard with cryptsetup-LUKS"
HOMEPAGE="https://systemausfall.org/mail-archive/?0::240"
SRC_URI="${PN}.tar.gz"
KEYWORDS="~x86"
LICENSE="LGPL-2.1"
SLOT="0"
IUSE=""
RESTRICT="fetch"
RDEPEND="sys-apps/initramfs-tools
dev-libs/opensc"
DEPEND="${RDEPEND}"
pkg_nofetch() {
einfo "Please go to $HOMEPAGE and download the cryptsetup-opensc.tar.gz"
einfo "package manually. You may have to rename it, as it is served by a script."
}
S=$WORKDIR
src_unpack() {
unpack "${A}"
}
src_install() {
cd ${S}
for item in *; do
cp -a ${item} ${D}/
done
chmod +x ${D}/lib/cryptsetup/scripts/decrypt_opensc \
${D}/etc/initramfs-tools/hooks/cryptopensc \
${D}/etc/initramfs-tools/scripts/local-top/cryptopensc \
${D}/etc/initramfs-tools/scripts/local-bottom/cryptopensc
}
pkg_postinst() {
einfo "If you wish to use this in a genkernel-made initrd, you will"
einfo "need to modify /usr/share/genkernel/generic/initrd.scripts."
einfo "Specifically, you will need to modify the openLUKS function"
einfo "so that it uses the decrypt_opensc script. The actual change"
einfo "that you need to make is to replace the line that reads"
einfo '"cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" with the lines'
einfo '"/lib/cryptsetup/scripts/decrypt_opensc /boot/YOUR_ENCRYPTED_KEY >/tmp/decrypted_LUKS_key"'
einfo '"cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME} --key-file /tmp/decrypted_LUKS_key"'
einfo 'You will need to run "DESTDIR=/ /etc/initramfs-tools/hooks/cryptopensc"'
einfo "in order to copy the neccessary executables and libraries"
einfo "to locations that will be included in the initrd"
einfo "It is also recommended that you visit ${HOMEPAGE}"
einfo "for instructions on how to generate (and set up) an encrypted key"
einfo "for use with this package. This is EXPERIMENTAL, use the"
einfo "--kernname=smartcard option for genkernel, or otherwise preserve"
einfo "your previous initrd. Also back up the initrd.scripts file"
einfo "and keep a bootloader entry pointing to your old initrd"
einfo "until you have verified that this actually works."
|