2 # Copyright (C) 2019 Ian Kelling
3 # SPDX-License-Identifier: AGPL-3.0-or-later
6 # setup automatic decryption on boot using host-specific key file.
7 # When changing a hostname, that key needs updating.
10 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
12 [[ $EUID == 0 ]] ||
exec sudo
-E "${BASH_SOURCE[0]}" "$@"
13 if [[ $
- != *i
* ]]; then
14 exec &>>/var
/log
/keyscript-on.log
15 echo "$0: starting. $(date)"
18 sed="sed --follow-symlinks"
20 # for running under corn, we need this, else, if we call
21 # /sbin/update-initramfs , it will fail with:
22 # /sbin/update-initramfs: 157: mkinitramfs: not found
25 if [[ $INVOCATION_ID ]]; then
26 if [[ -e /b
/bash_unpublished
/source-state
]]; then
27 # this is the canonical one
28 source /b
/bash_unpublished
/source-state
29 elif [[ -e /dev
/shm
/iank-status
]]; then
30 # This one gets copied by system-status and is useful because it
31 # exists when /a is unmounted.
32 source /dev
/shm
/iank-status
34 if [[ $MAIL_HOST && $MAIL_HOST != "$HOSTNAME" ]]; then
35 echo "$0: exiting early: running under systemd as MAIL_HOST"
40 if [[ ! -e /tmp
/keyscript-off
]]; then
41 if [[ $
($sed -rn 's/^ID=(.*)/\1/p' /etc
/os-release
) == arch
]]; then
42 if ! grep -q '^\s*FILES=' /etc
/mkinitcpio.conf
; then
43 $sed -ri 's/^#(\s*FILES=.*)/\1/' /etc
/mkinitcpio.conf
# uncomment
48 if grep -q "${x}," /etc
/crypttab
; then
49 $sed -i "s#${x},#/root/keyscript,#" /etc
/crypttab
54 # switch to easy or hard login pass which is the same as luks
55 f
=/q
/root
/shadow
/traci-simple
56 [[ $HOSTNAME != tpnew
]] || usermod
-p "$(cat $f)" iank
58 echo "$0: finished. $(date)"
iankelling.org / git / distro-setup / blob