This file is indexed.

/lib/partman/check.d/07crypto_check_mountpoints is in ubiquity 2.21.63.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
#!/bin/sh
# Check that the crypto setup is sensible

. /lib/partman/lib/base.sh

have_boot=no
crypto_root=no

for dev in $DEVICES/*; do
	[ -d "$dev" ] || continue
	cd $dev
	partitions=
	open_dialog PARTITIONS
	while { read_line num id size type fs path name; [ "$id" ]; }; do
		[ "$fs" != free ] || continue
		partitions="$partitions $id,$path"
	done
	close_dialog

	for part in $partitions; do
		id=${part%,*}
		path=${part#*,}

		[ -f $id/method ] || continue
		# mountpoint could be none i.e. swap
		mnt=
		if [ -f $id/mountpoint ]; then
			mnt=$(cat $id/mountpoint)
			if [ "$mnt" = /boot ]; then
				have_boot=yes
			fi
		fi

		# "is crypto?"
		[ -f crypt_realdev ] || continue

		r=$(cat crypt_realdev)
		set -- $(IFS=: && echo $r)
		realdev=$1
		realdevnum=$2
		realdevdir=$3

		[ -f $realdevdir/method ] || continue
		method=$(cat $realdevdir/method)
		type=$(cat $realdevdir/crypto_type)
		[ $method = crypto ] || [ $method = crypto_keep ] || continue

		# Check 1 - Is cryptoroot possible?
		if [ "$mnt" = / ]; then
			crypto_root=yes
		fi

		# Check 2 - Is /boot encrypted?
		if [ "$mnt" = /boot ]; then
			templ="partman-crypto/crypto_boot_not_possible"
			db_set $templ false
			db_fset $templ seen false
			db_input critical $templ
			db_go || true
			exit 1
		fi

		# Check 3 - Has the partition been encrypted with a random key?
		[ -f $realdevdir/keytype ] || continue
		keytype=$(cat $realdevdir/keytype)
		[ $keytype = random ] || continue

		# Check 4 - If so, does a random key make sense?
		if [ -z "$mnt" ]; then
			# Presumably swap, which is ok
			continue
		elif [ "$mnt" = /tmp ]; then
			# Random /tmp is also ok
			continue
		else
			# Neither swap, nor tmp, which is a problem
			# But if the user insists...
			templ="partman-crypto/use_random_for_nonswap"
			db_set $templ false
			db_fset $templ seen false
			db_subst $templ DEVICE $(humandev $realdev)
			db_input critical $templ
			db_go || abort=1
			db_get $templ || RET=''

			if [ "$RET" != true ]; then
				# User doesn't want to force random keytype
				exit 1
			fi
		fi
	done
done

# Check - Is there a /boot partition for encrypted root?
if [ $crypto_root = yes ] && [ $have_boot = no ]; then
	templ="partman-crypto/crypto_root_needs_boot"
	db_set $templ false
	db_fset $templ seen false
	db_input critical $templ
	db_go || true
	exit 1
fi