[Fedora-livecd-list] tools/livecd-iso-to-disk.sh

Jeremy Katz katzj at fedoraproject.org
Fri Dec 19 18:57:30 UTC 2008 

 tools/livecd-iso-to-disk.sh |   20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

New commits:
commit 44f4ec462d011e5dec4c67d7559538c3b8f08a0f
Author: Matt Domsch <matt_domsch at dell.com>
Date:   Fri Dec 19 13:56:09 2008 -0500

    Improvements for encrypted /home setup (#475399)
    
    1) if you're going to use an encrypted volume, it's best to pre-fill the volume
    with random data.  Using /dev/urandom, it's fast enough.  Only do this for
    non-sparse-file-backed encrypted home.  Could arguably drop sparse-file-backed
    encrypted home and do this everywhere, but that would definitely be slower.
    
    2) if any of the cryptsetup commands fail (bad password typed), keep trying.
    Otherwise, a typo means the whole process dies badly and you have to start from
    scratch.

diff --git a/tools/livecd-iso-to-disk.sh b/tools/livecd-iso-to-disk.sh
index 4414c4e..5371db1 100755
--- a/tools/livecd-iso-to-disk.sh
+++ b/tools/livecd-iso-to-disk.sh
@@ -510,19 +510,29 @@ fi
 
 if [ "$homesizemb" -gt 0 ]; then
     echo "Initializing persistent /home"
+    homesource=/dev/zero
+    [ -n "$cryptedhome" ] && homesource=/dev/urandom
     if [ "$USBFS" = "vfat" ]; then
 	# vfat can't handle sparse files
-	dd if=/dev/zero of=$USBMNT/LiveOS/$HOMEFILE count=$homesizemb bs=1M
+	dd if=${homesource} of=$USBMNT/LiveOS/$HOMEFILE count=$homesizemb bs=1M
     else
 	dd if=/dev/null of=$USBMNT/LiveOS/$HOMEFILE count=1 bs=1M seek=$homesizemb
     fi
     if [ -n "$cryptedhome" ]; then
 	loop=$(losetup -f)
 	losetup $loop $USBMNT/LiveOS/$HOMEFILE
-        echo "Encrypting persistent /home"
-        cryptsetup luksFormat -y -q $loop
-        echo "Please enter the password again to unlock the device"
-        cryptsetup luksOpen $loop EncHomeFoo
+	setupworked=1
+	until [ ${setupworked} == 0 ]; do
+            echo "Encrypting persistent /home"
+            cryptsetup luksFormat -y -q $loop
+	    setupworked=$?
+	done
+	setupworked=1
+	until [ ${setupworked} == 0 ]; do
+            echo "Please enter the password again to unlock the device"
+            cryptsetup luksOpen $loop EncHomeFoo
+	    setupworked=$?
+	done
         mke2fs -j /dev/mapper/EncHomeFoo
 	tune2fs -c0 -i0 -ouser_xattr,acl /dev/mapper/EncHomeFoo
         cryptsetup luksClose EncHomeFoo

More information about the Fedora-livecd-list mailing list