2 # Copyright (C) 2019 Ian Kelling
3 # SPDX-License-Identifier: AGPL-3.0-or-later
6 # setup automatic decryption on boot using host-specific key file.
7 # When changing a hostname, that key needs updating.
10 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
12 [[ $EUID == 0 ]] ||
exec sudo
-E "${BASH_SOURCE[0]}" "$@"
13 if [[ $
- != *i
* ]]; then
14 exec &>>/var
/log
/keyscript-on.log
15 echo "$0: starting. $(date)"
19 sed="sed --follow-symlinks"
21 # for running under corn, we need this, else, if we call
22 # /sbin/update-initramfs , it will fail with:
23 # /sbin/update-initramfs: 157: mkinitramfs: not found
26 if [[ $INVOCATION_ID ]]; then
27 if [[ -e /b
/bash_unpublished
/source-state
]]; then
28 # this is the canonical one
29 source /b
/bash_unpublished
/source-state
30 elif [[ -e /dev
/shm
/iank-status
]]; then
31 # This one gets copied by system-status and is useful because it
32 # exists when /a is unmounted.
33 source /dev
/shm
/iank-status
35 if [[ $MAIL_HOST && $MAIL_HOST != $HOSTNAME ]]; then
36 echo "$0: exiting early: running under systemd as MAIL_HOST"
41 if [[ ! -e /tmp
/keyscript-off
]]; then
42 if [[ $
($sed -rn 's/^ID=(.*)/\1/p' /etc
/os-release
) == arch
]]; then
43 if ! grep -q '^\s*FILES=' /etc
/mkinitcpio.conf
; then
44 $sed -ri 's/^#(\s*FILES=.*)/\1/' /etc
/mkinitcpio.conf
# uncomment
49 if grep -q "${x}," /etc
/crypttab
; then
50 $sed -i "s#${x},#/root/keyscript,#" /etc
/crypttab
55 # switch to easy or hard login pass which is the same as luks
56 f
=/q
/root
/shadow
/traci-simple
57 [[ $HOSTNAME != tpnew
]] || usermod
-p "$(cat $f)" iank
59 echo "$0: finished. $(date)"