Guido Gunther · 1f5598f4 · 3a4df80c · 5acf76d9 · 6f021891 · 1f5598f4
--- a/build-image

+ 16

− 1
+++ b/build-image

+ 16

− 1
 @@ -16,6 +16,7 @@ usage() {
  # TODO: add stable and drop ci
  echo "    -T kernel/uboot build type (legacy/current/next/plain)"
  echo "    -B build rootfs tarball as well"
+  echo "    -l <passphrase>: luks enrypt root volume with passphrase"
 }


 @@ -161,6 +162,8 @@ kernel_deb=
 # The URL to download the kernel deb from
 kernel_url=${KERNEL_URL:-}
 custom_package_opt=
+use_luks=
+luks_opts=
 # Extra board specific packages to install
 board_packages=
 meta_yml=files/meta.yml
 @@ -168,8 +171,9 @@ fk_machine=
 JENKINS_AUTH=()
 # in Megabytes
 image_size=4100
+passphrase=""

-while getopts ":hb:d:T:B" opt; do
+while getopts ":hb:d:T:Bl:" opt; do
  case ${opt} in
    b)
      pureos_board=$OPTARG
 @@ -183,6 +187,9 @@ while getopts ":hb:d:T:B" opt; do
    B)
      build_tarball=1
      ;;
+    l)
+      passphrase=$OPTARG
+      ;;
    \?)
      echo "Invalid Option: -$OPTARG" 1>&2
      usage "$0"
 @@ -248,6 +255,12 @@ fi

 [ -z "${kernel_deb}" ] || echo "Using kernel ${kernel_deb}"

+if [ -n "${passphrase}" ]; then
+    echo "Enabling encryption"
+    luks_opts=(--no-update-initramfs --use-luks "--luks-passphrase=${passphrase}")
+    use_luks=1
+fi
+
 # Preserve newlines as '|'
 # shellcheck disable=SC2001
 escaped_apt_sources=$(echo "${apt_sources}" | sed 's/$/|/g')
 @@ -268,6 +281,7 @@ sudo pureos_board="${pureos_board}" \
     ci_pkgs="${ci_pkgs}" \
     kernel_deb="${kernel_deb}" \
     FK_MACHINE="${fk_machine}" \
+     use_luks="${use_luks}" \
    vmdebootstrap \
    --enable-dhcp \
    --verbose --image "${mainimg}" --log "tmp/${mainimg}.log" --size "${image_size}M"  \
 @@ -282,6 +296,7 @@ sudo pureos_board="${pureos_board}" \
    --no-extlinux \
    "${custom_package_opt[@]}" \
    "${vmdebootstrap_opts[@]}" \
+    "${luks_opts[@]}" \
    ${NULL}
 set +x