Browse Source

Merge "Use LUKS1 for certfs-ramfs for all distributions" into stable/train

changes/27/705927/1
Zuul Gerrit Code Review 3 weeks ago
parent
commit
4eb2fdacec
1 changed files with 7 additions and 10 deletions
  1. +7
    -10
      elements/certs-ramfs/static/usr/local/bin/certfs-ramfs

+ 7
- 10
elements/certs-ramfs/static/usr/local/bin/certfs-ramfs View File

@@ -1,19 +1,16 @@
#!/bin/bash

modprobe brd
cryptsetup_args="--type=luks1"

# Only 1 block ram device is needed
modprobe brd rd_nr=1

passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
mkdir -p "${certs_path}"

echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -
# Some distrobutions have an old cryptsetup, try without --pbkdf-memory
if [ $? -eq 0 ]
then
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -
else
echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 -
echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -
fi
echo -n "${passphrase}" | cryptsetup $cryptsetup_args luksFormat /dev/ram0 -
echo -n "${passphrase}" | cryptsetup $cryptsetup_args luksOpen /dev/ram0 certfs-ramfs -

mkfs.ext2 /dev/mapper/certfs-ramfs
mount /dev/mapper/certfs-ramfs "${certs_path}"

Loading…
Cancel
Save