Using persistent option with this hook installed was not possible,just if
you used it with lukshome. Corrected.
-----------------
#!/bin/sh
# This hook will add an entry to crypttab and to fstab so the default
# boot system of debian will mount an encrypted partition as /home.
#
# 1 - Create a partition for the live image in the USB key. One where the
live
# image will fit.
#
# 2 - Create the luks partition with an ext2 filesystem in it
# and copy /home/* into it. An existing ext2 encrypted /home partition
# on harddisk can be used instead - change the update to fstab to use
# another filesystem.
#
# 3 - Find what is the uuid of the encrypted partition:
#
# ls -l /dev/disks/by-uuid
#
# 4 - Now paste the uuid into this hook and (re)build your live cd.
#
# 5 - Use unetbootin or copy the live image manually to the first partition.
#
# 6 - Boot with "lukshome" boot option to enable the hook.
#
# NOTE: You can't use "persistent" and "lukshome" at the same time! If you
do,
# lukshome hook will be *skipped*, but any persistent partition or file
# will be mounted.
#
# TODO/FIXME: add a boot option to select partition from boot options,
# like "lukshome_uuid="500a7752-385b-45e1-8119-dd35ce3544fb" and/or
# lukshome_part=/dev/sdb4 (this last one not hardware independent).
# scripts/live-bottom/13usb_luks_home, right after 12fstab
echo "I: creating
/usr/share/initramfs-tools/scripts/live-bottom/13usb_luks_home"
cat > /usr/share/initramfs-tools/scripts/live-bottom/13usb_luks_home <<
'EOF'
#!/bin/sh
#set -e
# initramfs-tools header
PREREQ=""
prereqs()
{
echo "${PREREQ}"
}
case "${1}" in
prereqs)
prereqs
exit 0
;;
esac
. /scripts/live-functions
# live-initramfs hook to add the luks home partition to crypttab and fstab
log_begin_msg "Executing usb-luks-home"
# get boot option lukshome without persistent- adapted from live-helpers
for ARGUMENT in $(cat /proc/cmdline)
do
case "${ARGUMENT}" in
lukshome)
LUKSHOME=1
;;
esac
done
# don't use persistent* and lukshome
if [ -n "${PERSISTENT}" ] && [ -n "${LUKSHOME}" ]
then
# FIXME: should we panic instead?
echo "You should not use persistent and lukshome at the same time."
echo "Skipping lukshome. Persistent medium will be used instead."
log_end_msg
exit 0
fi
# if no lukshome boot option, exit
if [ -z "${LUKSHOME}" ]
then
echo "Nothing to do."
log_end_msg
exit 0
fi
# Encrypted partition uuid to be used as /home. Use (sudo) blkid to find it.
LUKSHOME_UUID="500a7752-385b-45e1-8119-dd35ce3544fb"
echo "Adding ${LUKSHOME_UUID} to /etc/crypttab and setting it as /home in
/etc/fstab."
# update crypttab
echo "home /dev/disk/by-uuid/${LUKSHOME_UUID} none luks,check,timeout" >>
/root/etc/crypttab
# update fstab
echo "/dev/mapper/home /home ext2 defaults,noatime 0 0" >> /root/etc/fstab
log_end_msg
EOF
chmod 0755 /usr/share/initramfs-tools/scripts/live-bottom/13usb_luks_home
# if you already have the update-initramfs.sh hook, you can remove this.
echo "I: update-initramfs to include 13usb_luks_home."
for KERNEL in /boot/vmlinuz-*
do
VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
update-initramfs -k ${VERSION} -t -u
done
----------------------
Rui M. P. Bernardo
