/usr/share/initramfs-tools/hooks/cryptgnupg is in cryptsetup 2:1.7.3-4.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | #!/bin/sh
set -e
PREREQ="cryptroot"
prereqs()
{
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
# Hooks for loading gnupg software and symmetrically encrypted key into
# the initramfs
# Check whether cryptroot hook has installed decrypt_gnupg script
if [ ! -x ${DESTDIR}/lib/cryptsetup/scripts/decrypt_gnupg ] ; then
exit 0
fi
# Install cryptroot key files into initramfs
grep -E '(.*,)?keyscript=([^,]*\/)?decrypt_gnupg(,.*)?$' "${DESTDIR}/conf/conf.d/cryptroot" | \
sed -r '/(.*,)?key=([^,]*)(,.*)?$/ s//\2/; t n; s/.*//; :n' | \
while read key; do
if [ -z "$key" ]; then
echo "$0: Missing key file in ${DESTDIR}/conf/conf.d/cryptroot" >&2
cat "${DESTDIR}/conf/conf.d/cryptroot" >&2
exit 1
fi
echo "WARNING: gpg-encrypted key $key is copied to initramfs" >&2
mkdir -p "${DESTDIR}/$(dirname ${key})"
cp -f "$key" "${DESTDIR}/${key}"
done
# Install gnupg software
copy_exec /usr/bin/gpg
exit 0
|