This file is indexed.

/usr/sbin/ocs-decrypt-img is in clonezilla 3.21.13-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
#!/bin/bash
# License: GPL 
# Author: Steven Shiau <steven _at_ nchc org tw>
# Description: To decrypt the image of Clonezilla
# from existing one.

#
DRBL_SCRIPT_PATH="${DRBL_SCRIPT_PATH:-/usr/share/drbl}"
. $DRBL_SCRIPT_PATH/sbin/drbl-conf-functions
. /etc/drbl/drbl-ocs.conf
. $DRBL_SCRIPT_PATH/sbin/ocs-functions

# Load the config in ocs-live.conf. This is specially for Clonezilla live. It will overwrite some settings of /etc/drbl/drbl-ocs.conf, such as $DIA...
[ -e "/etc/ocs/ocs-live.conf" ] && . /etc/ocs/ocs-live.conf

# Settings
verbose="no"
chk_img_restoreable_def="yes"
ocs_rm_src_img="no"

#
USAGE() {
    echo "$ocs - To decrypt the image of Clonezilla from existing one"
    echo "Usage:"
    echo "To run $ocs:"
    echo "$ocs [OPTION] SRC_IMAGE_NAME DEST_IMAGE_NAME"
    echo "Options:"
    echo "-b, --batch-mode   Run image checking in batch mode"
    echo "-d, --delete-src-img     Force to delete source image after encryption. By default it's kept."
    echo "-or, --ocsroot DIR Specify DIR (absolute path) as directory ocsroot (i.e. overwrite the ocsroot assigned in drbl.conf)"
    echo "-nogui, --nogui          Do not show GUI (TUI) of Partclone when checking, use text only"
    echo "-sc, --skip-check-restorable  Skip checking the image if restorable after it is converted."
    echo "-v, --verbose            Prints verbose information"
    echo "SRC_IMAGE_NAME and DEST_IMAGE_NAME are the image dir name, not absolute path"
    echo "If \"ask_user\" is used as SRC_IMAGE_NAME or DEST_IMAGE_NAME, a dialog menu will be shown to allow selection or inputing."
    echo "If no SRC_IMAGE_NAME or DEST_IMAGE_NAME is specified, a dialog menu will be shown."
    echo "Ex:"
    echo "To decrypt the image \"my-image-enc\", which is located in $ocsroot/ to \"my-image\", run"
    echo "   $ocs my-image-enc my-image"
    echo
} # end of USAGE
#
ask_if_check_converted_img() {
  local TMP=`mktemp /tmp/ocs_chk.XXXXXX`
  local sc_opt
  trap "[ -f "$TMP" ] && rm -f $TMP" HUP INT QUIT TERM EXIT
  # Question about checking the image after conversion
  $DIA --backtitle "$msg_nchc_free_software_labs" --title  \
  "$msg_nchc_clonezilla" --menu "$msg_choose_if_checking_image_restorable" \
  0 0 0 $DIA_ESC \
  " "    "$msg_check_converted_img_restorable" \
  "-sc"  "$msg_skip_check_converted_img_restorable" \
  2> $TMP
  sc_opt="$(cat $TMP)"
  case "$sc_opt" in
   -sc)  chk_img_restoreable="no";;
     *)  chk_img_restoreable="yes";;
  esac
  [ -f "$TMP" ] && rm -f $TMP
} # ask_if_check_converted_img

#
task_decrypt_image(){
  local input_d="$1" # Input the source image name
  local rc_

  mkdir -p $ocsroot/$ocs_dest_img_name/
  # Pass the $target_dir tnd $ocs_sr_type to prepare_ecryptfs_mount_point_if_necessary which is required.
  target_dir="$input_d"
  ocs_sr_type="restore"
  # //NOTE// If encrypt_ocs_img="yes", after this step, ocsroot and target_dir will be changed
  # The original ones will be kept as ocsroot_orig and target_dir_orig.
  prepare_ecryptfs_mount_point_if_necessary 
  rc_="$?"

  if [ "$rc_" -eq 0 ]; then
    # If the existing target image exists, remove it before copying files.
    # We have to clean all the files from the ecryptfs source dir, otherwise
    # if there is same file existing, the ecryptfs won't be able to create it.
    rm_target_image_if_exist "$ocsroot/$ocs_dest_img_name"

    rsync -avP $ocsroot/$target_dir/* $ocsroot_orig/$ocs_dest_img_name/
    rc_=$?
  else
    [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
    echo "$msg_failed_to_encrypt_img: $input_d" | tee --append ${OCS_LOGFILE}
    [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
    umount_ecryptfs_mount_point_if_necessary
    exit 1
  fi
  return $rc_
} # end of task_decrypt_image
#
task_remove_src_img() {
  if [ -n "$ocsroot_orig" -a \
       -n "$ocs_src_img_name" -a \
       -d "$ocsroot_orig/$ocs_src_img_name" ]; then
    # Do not use "rm -rf" here, use 2-step removing to avoid accidents.
    [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
    echo "Removing the source image \"$ocs_src_img_name\"..."
    [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
    rm -fv $ocsroot_orig/$ocs_src_img_name/*
    rmdir -v $ocsroot_orig/$ocs_src_img_name
  fi
} # end of task_remove_src_img

####################
### Main program ###
####################

ocs_file="$0"
ocs=`basename $ocs_file`
#
while [ $# -gt 0 ]; do
 case "$1" in
   -b|--batch) ocs_batch_mode="on"; shift;;
   -d|--delete-src-img) ocs_rm_src_img="yes"; shift;;
   -or|--ocsroot)
           # overwrite the ocsroot in drbl.conf
           shift; 
           if [ -z "$(echo $1 |grep ^-.)" ]; then
             # skip the -xx option, in case 
             ocsroot="$1"
             shift;
           fi
           [ -z "$ocsroot" ] && USAGE && exit 1
           ;;
   -nogui|--nogui)
           # -nogui is for backward compatable, better to use --nogui
           nogui="on"
	   shift;;
   -sc|--skip-check-restorable)
           # Flag to check if the image is restorable
           chk_img_restoreable="no"
	   shift;;
   -v|--verbose) verbose="yes"; shift;;
   -*)     echo "${0}: ${1}: invalid option" >&2
           USAGE >& 2
           exit 2 ;;
   *)      break ;;
 esac
done

#
if [ -z "$*" ]; then
  mode="interactive"
else
  ocs_src_img_name="$1"
  shift
  ocs_dest_img_name="$1"
fi

# Fedora Core 1 seems to use dumb for rc1, we have to force it use linux.
# otherwise setterm will complain.
[ -z "$TERM" -o "$TERM" = "dumb" ] && TERM="linux"
echo "Setting the TERM as $TERM"
export TERM="$TERM"

#
check_if_root
ask_and_load_lang_set

# check DIA
check_DIA_set_ESC $DIA
#
[ -z "$IMG_CLONE_CMP" ] && IMG_CLONE_CMP="$IMG_CLONE_CMP_def"

# imagedir is a variable which ask_user related function need
imagedir="$ocsroot"
[ -z "$ocs_src_img_name" ] && ocs_src_img_name="ask_user"
[ -z "$ocs_dest_img_name" ] && ocs_dest_img_name="ask_user"

# Prepare the image to be converted
# 1st, check if "$ocs_dest_img_name" exist
if [ "$ocs_src_img_name" = "ask_user" ]; then
  # Since we want to convert encrypted image to unencrypted one,
  # we should only list the encrypted images.
  get_target_dir_name_when_converting_img -o enc
  ocs_src_img_name="$target_dir"
fi

[ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
echo "$msg_the_image_to_be_convert: $ocs_src_img_name"
[ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL

if [ "$ocs_dest_img_name" = "ask_user" ]; then
  get_target_dir_name_when_saving  ${ocs_src_img_name}-${append_name} # get $target_dir
  ocs_dest_img_name="$target_dir"
fi

if [ "$mode" = "interactive" ]; then
  ask_if_check_converted_img
else
  if [ -z "$chk_img_restoreable" ]; then
    chk_img_restoreable="$chk_img_restoreable_def"
  fi
fi

#
check_input_target_image "$ocsroot/$ocs_src_img_name"

# Check if it's already an unencrypted image or not
if ! is_ecryptfs_img $ocsroot/$ocs_src_img_name; then
  [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
  echo "$msg_is_unencrypted_image_already: $ocs_src_img_name"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
  echo "$msg_program_stop!"
  exit 1
fi

############
### Main ###
############
# source image: ocs_src_img_name ($ocsroot_orig/$target_dir_orig after prepare_ecryptfs_mount_point_if_necessary is run) -> ecrypt_mntpnt (new $ocsroot/$target_dir after prepare_ecryptfs_mount_point_if_necessary is run)
# destination image: ocs_dest_img_name

encrypt_ocs_img="yes"
task_decrypt_image "$ocs_src_img_name"
rc="$?"

#
if [ "$rc" -eq 0 ]; then
  if [ "$chk_img_restoreable" = "yes" ]; then
    if [ "$nogui" = "on" ]; then
      nogui_opt="-nogui"
    fi
    echo $msg_delimiter_star_line
    echo "Checking the converted image \"$target_dir\"..."
    ocs-chkimg -or $ocsroot -b $nogui_opt $target_dir
    rc_ocs_chk="$?"
  fi
else
  [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
  echo "$msg_failed_to_cnvt_image_to_encrypted: $ocs_dest_img_name"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
fi

umount_ecryptfs_mount_point_if_necessary
# Deal with the encryption tag file ecryptfs.info
rm -f $ocsroot_orig/$ocs_dest_img_name/ecryptfs.info

#
if [ "$mode" = "interactive" ]; then
  [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
  echo "$msg_remove_original_encrypted_img: $ocs_src_img_name?"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
  echo -n "[y/N] "
  read ocs_remove_answer1
  case "$ocs_remove_answer1" in 
    y|Y|[yY][eE][sS])
    [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
    echo "$msg_remove_original_encrypted_img_ask_again: $ocs_src_img_name ?"
    [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
    echo -n "[y/N] "
    read ocs_remove_answer2
    case "$ocs_remove_answer2" in 
       y|Y|[yY][eE][sS]) ocs_rm_src_img="yes";;
    esac
    ;;
  esac
fi
if [ "$ocs_rm_src_img" = "yes" ]; then
  task_remove_src_img
fi

#
rc_t="$((rc + rc_ocs_chk))"

if [ "$rc_t" -eq 0 ]; then
  [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
  echo "$msg_cnvt_image_to_unencrypted_successfully: $ocs_dest_img_name"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
else
  [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
  echo "$msg_failed_to_cnvt_image_to_unencrypted: $ocs_dest_img_name"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
fi

exit $rc_t