Attachment #127069 for bug #162962

View | Details | Raw Unified | Return to bug 162962 | Differences between
Collapse All | Expand All




This specifies the device encrypted by Luks, which contains the root 
filesystem to mount.
.TP
\fBroot_key=\fR<...>
In case your root and/or swap are encrypted with a binary key, you can use a device like a usb pen to store the key. 
This value should be the key path relative to the mount point.
.TP
\fBroot_keydev=\fR<...>
If necessary provide the name of the device that carries the root_key.
If unset while using root_key, it will automatically look for the device in every boot.
.TP
\fBcrypt_silent\fR
Set this to silent all the output related to the cryptographic software, and in case your encrypted device isn't open with the key, it opens a shell in the initrd quietly.
.TP
\fBdodmraid=\fR<...>
Passes arguments to dmraid on bootup.
.TP





modules_scan() {
	local MODS
	[ -d "/etc/modules/${1}" ] || touch /etc/modules/${1}

	[ -f "/etc/modules/${1}" ] && MODS=`cat /etc/modules/${1}`
	for x in ${MODS}
	do
		MLOAD=`echo ${MLIST} | sed -e "s/.*${x}.*/${x}/"`

	done
}

findmediamount() {
	# $1 = mount dir name / media name
	# $2 = recognition file
	# $3 = variable to have the device path
	# args remaining are possible devices 

	local media=$1
	local recon=$2
	local vrbl=$3
	shift;shift;shift

	good_msg "Looking for the ${media}" ${CRYPT_SILENT}

	if [ "$#" -gt "0" ]
	then
		for x in $*

			# Check for a block device to mount
			if [ -b "${x}" ]
			then
				good_msg "Attempting to mount media:- ${x}" ${CRYPT_SILENT}
	
				mount -r -t auto ${x} ${NEW_ROOT}/mnt/${media} \
					mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom \
						> /dev/null 2>&1
				
					mount -r -t iso9660 ${x} ${NEW_ROOT}/mnt/cdrom \
						> /dev/null 2>&1
				fi
				if [ "$?" = '0' ]
				then
					# Check for the media
					if [ -f "${NEW_ROOT}/mnt/${media}/${recon}" ]
					then
						#set REAL_ROOT, CRYPT_ROOT_KEYDEV or whatever ${vrbl} is
						eval ${vrbl}'='"${x}"
						good_msg "Media found on ${x}" ${CRYPT_SILENT}
						break
					else
						umount ${NEW_ROOT}/mnt/${media}
					fi
				fi
			fi
		done
		if [ "${REAL_ROOT}" != '' ]
		then
			good_msg "Media found on ${x}"
		fi
	fi

	eval local result='$'${vrbl}

	[ -n "${result}" ] || bad_msg "Media not found" ${CRYPT_SILENT}
}

devicelist(){
	# Locate the cdrom device with our media on it.
	# CDROM DEVICES
	local DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
	# USB Keychain/Storage
	DEVICES="$DEVICES /dev/sd*"
	# IDE devices
	DEVICES="$DEVICES /dev/hd*"
	# USB using the USB Block Driver
	DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
	# iSeries devices
	DEVICES="$DEVICES /dev/iseries/vcd*"
	echo ${DEVICES}
}

bootstrapCD() {
	
	local DEVICES=`devicelist`
	# The device was specified on the command line.  Shold we even be doing a
	# scan at this point?  I think not.
	[ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"

	findmediamount "cdrom" "${SUBDIR}/livecd" "REAL_ROOT" ${DEVICES}
						umount ${NEW_ROOT}/mnt/keydev
                                                break
                                        else
                                                umount ${NEW_ROOT}/mnt/keydev
                                        fi
                                fi
                        fi
                done
                if [ "${LUKS_ROOT_KEYDEV}" != '' ]
                then
			if [ ${crypt_silent} = '' ]
			then
	                        good_msg "Key media found on ${x}"
			fi
                fi
        fi
}

bootstrapKey() {
	local KEYDEVS=`devicelist`

	findmediamount "key" "${CRYPT_ROOT_KEY}" "CRYPT_ROOT_KEYDEV" ${KEYDEVS}
}

cache_cd_contents() {
	# Check loop file exists and cache to ramdisk if DO_cache is enabled
	if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ]

	fi
}


# msg functions arguments
# $1 string
# $2 hide flag

good_msg() {	
	msg_string=$1
	msg_string="${msg_string:-...}"
	[ "$2" != 1 ] && echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
}

bad_msg() {
	msg_string=$1
	msg_string="${msg_string:-...}"
	if [ "$2" != 1 ]
	then
		splash 'verbose' > /dev/null &
		echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
	fi
} 

warn_msg() {
	msg_string=$1
	msg_string="${msg_string:-...}"
	[ "$2" != 1 ] && echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
}

crypt_filter() {
	if [ ${CRYPT_SILENT} -eq 1 ]
	then
		eval $1 >/dev/null 2>/dev/null
	else
		eval $1
	fi
}

whereis(){
	# $1 = variable whose value is the path (examples: "REAL_ROOT", "LUKS_KEYDEV")
	# $2 = label
	# $3 = optional explanations for failure

	eval local oldvalue='$'${1}

	[ \( $# != 2 \) -a \( $# != 3 \) ] && \
		bad_msg "Bad invocation of function whereis, please file a bug \
		report with this message" && exit 1
	[ -n "${3}" ] && local explnt=" or : ${3}" || local explnt="."
	
	bad_msg "Could not find the ${2} in ${oldvalue}${explnt}"
	echo '   Please specify another value or: press Enter for the same, type "shell" for a shell, or "q" to skip...'
	echo -n "${2}(${oldvalue}) :: "
	read ${1}
	case `eval echo '$'${1}` in
		'q')
			eval ${1}'='${oldvalue}
			warn_msg "Skipping step, this will likely cause a boot failure."
			break
			;;
		'shell')
			eval ${1}'='${oldvalue}
			echo "To leave and try again just press <Ctrl>+D"
			run_shell
			;;
		'')
			eval ${1}'='${oldvalue}
			;;
	esac
}

bind_mount_dev() {
	# bind-mount /dev/ so that loop devices can be found
	mount -o bind ${NEW_ROOT}/dev /dev


start_dev_mgr() {
	# Check udev is available...
	if [ "${KV_2_6_OR_GREATER}" -a "${USE_UDEV_NORMAL}" != '0' ]
	then
		USE_UDEV_NORMAL=1
	else
		USE_UDEV_NORMAL=0
	fi

	if [ "${USE_UDEV_NORMAL}" = '1' ]
	then
		cd /sys
		[ "${DO_slowusb}" ] && sleep 10

	fi
}

bootstrapCD() {
	# Locate the cdrom device with our media on it.
	# CDROM DEVICES
	DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
	# USB Keychain/Storage
	DEVICES="$DEVICES /dev/sd*"
	# IDE devices
	DEVICES="$DEVICES /dev/hd*"
	# USB using the USB Block Driver
	DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
	# iSeries devices
	DEVICES="$DEVICES /dev/iseries/vcd*"
	# The device was specified on the command line.  Shold we even be doing a
	# scan at this point?  I think not.
	[ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"

	findcdmount $DEVICES
}

bootstrapKey() {
        # Locate the device with our key on it.
        # USB Keychain/Storage
        KEYDEVS="/dev/sd*"
        # CDROM DEVICES
        KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
        # IDE devices
        KEYDEVS="${KEYDEVS} /dev/hd*"
        # USB using the USB Block Driver
        KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*"
        # iSeries devices
        KEYDEVS="${KEYDEVs} /dev/iseries/vcd*"

        findkeymount ${KEYDEVS}
}


cmdline_hwopts() {
	# Scan CMDLINE for any "doscsi" or "noscsi"-type arguments
	


		chooseKeymap

		[ "${DEVBIND}" = '1' ] && umount /dev
		
		if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ]
		then

		ln -sf /dev/device-mapper /dev/mapper/control
	fi
	
	if [ "${USE_DMRAID_NORMAL}" = '1' ]
	then
		if [ -e '/sbin/dmraid' ]
		then

		fi
	fi

	if [ "${USE_LVM2_NORMAL}" = '1' ]
	then
		if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ]
		then

			/bin/vgchange -ay --ignorelockingfailure 2>/dev/null

			# Disable EVMS since lvm2 is activated and they dont work together.
			if [ "${USE_EVMS2_NORMAL}" = '1' ]
			then
				bad_msg "Disabling EVMS Support because LVM2 started"
				bad_msg "Do not add dolvm2 to the cmdline if this is not what you want"

		fi
	fi

	if [ "${USE_EVMS2_NORMAL}" = '1' ]
	then
		if [ -e '/sbin/evms_activate' ]
		then

# Open a LUKS device
# $1 LUKS device
# $2 LUKS name
# $3 LUKS key (relative path on device)
# $4 LUKS keydevice (containing the key)
openLUKS() {
	LUKS_DEVICE="$1"
	LUKS_NAME="$2"
	LUKS_KEY="$3"
	LUKS_KEYDEV="$4"
	local DEV_ERROR=0; local KEY_ERROR=0; local KEYDEV_ERROR=0
	local mntkey=/mnt/key/; local cryptsetup_options=''

	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
	while [ 1 ]
	do
		# if crypt_silent=1 and some error occurs, enter shell quietly
		if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]
		then
			run_shell
		elif [ ${DEV_ERROR} -eq 1 ]
		then
			whereis "LUKS_DEVICE" "${LUKS_NAME}"
			DEV_ERROR=0
		elif [ ${KEY_ERROR} -eq 1 ]
		then
			whereis "LUKS_KEY" "${LUKS_NAME} key"
			KEY_ERROR=0
		elif [ ${KEYDEV_ERROR} -eq 1 ]
		then
			whereis "LUKS_KEYDEV" "${LUKS_NAME} key device"
			KEYDEV_ERROR=0
		else
			setup_md_device ${LUKS_DEVICE}
			cryptsetup isLuks ${LUKS_DEVICE}
			if [ ! "$?" -eq '0' ]
			then
				bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT}
				DEV_ERROR=1
				echo "   Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."
				echo -n "LUKS ${LUKS_NAME}() :: "
				read LUKS_DEVICE
				continue
			elif [ "${LUKS_DEVICE}" = 'shell' ]
			then
				run_shell
				
				LUKS_DEVICE=''
				continue
			elif [ "${LUKS_DEVICE}" = 'q' ]
			then
				break
			else
				# Handle keys
				if [ -n "${LUKS_KEY}" ] 
				then
					if [ ! -e "${mntkey}${LUKS_KEY}" ] 
					
					cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}
					if [ ! "$?" -eq '0' ]
					then
						if [ -b "${LUKS_KEYDEV}" ]
						then good_msg "Using key device ${LUKS_KEYDEV}." ${CRYPT_SILENT}
						else
							good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT}
							# abort after 10 secs
							local count=10
							while [ ${count} -gt 0 ]
							do 
								count=$((count-1))
								sleep 1
								if [ -b "${LUKS_KEYDEV}" ]
								then
									good_msg "Removable device ${LUKS_KEYDEV} detected." ${CRYPT_SILENT}
									break
								fi
							done
							if [ ! -b "${LUKS_KEYDEV}" ]
							then
								CRYPT_ROOT_KEY=${LUKS_KEY}
								bootstrapKey
								LUKS_KEYDEV=${CRYPT_ROOT_KEYDEV}
								if [ ! -b "${LUKS_KEYDEV}" ]; then
									KEYDEV_ERROR=1
									bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
									continue
								fi
							fi
						fi
						# At this point a device was recognized, now let's see if the key is there
						[ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null

						mount -n -o ro ${LUKS_KEYDEV} ${mntkey} >/dev/null 2>/dev/null
						if [ "$?" != '0' ]
						then
							KEYDEV_ERROR=1
							bad_msg "Mounting of device ${LUKS_KEYDEV} failed." ${CRYPT_SILENT}
							continue
						else
							good_msg "Removable device ${LUKS_KEYDEV} mounted." ${CRYPT_SILENT}
							sleep 2
							# keyfile exists?
							if [ ! -e "${mntkey}${LUKS_KEY}" ]; then
								umount -n ${mntkey} 2>/dev/null >/dev/null
								KEY_ERROR=1
								KEYDEV_ERROR=1
								bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
								continue
							fi
						fi
					fi
					# At this point a candidate key exists (either mounted before or not)
					good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
					cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
				fi
				# At this point, keyfile or not, we're ready!
				crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
				if [ $? -eq 0 ]
				then
					good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}
					break
				else
					bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT}
					DEV_ERROR=1
				fi
			fi
		fi
	done
	umount ${mntkey} 2>/dev/null >/dev/null
	rmdir ${mntkey} 2>/dev/null >/dev/null
	fi
}

startLUKS() {

	# if key is set but key device isn't, find it
	
	[ -n "${CRYPT_ROOT}" ] && [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
		&& bootstrapKey

	if [ -n "${CRYPT_ROOT}" ]
	then
		openLUKS "${CRYPT_ROOT}" "root" "${CRYPT_ROOT_KEY}" "${CRYPT_ROOT_KEYDEV}"
		if [ -n "${REAL_ROOT}" ]
		then
			# Rescan volumes

			REAL_ROOT="/dev/mapper/root"
		fi
	fi
	if [ -n "${CRYPT_SWAP}" ]
	then
		openLUKS "${CRYPT_SWAP}" "swap" "${CRYPT_ROOT_KEY}" "${CRYPT_ROOT_KEYDEV}"
		if [ -z "${REAL_RESUME}" ]
		then
			# Resume from swap as default
			REAL_RESUME="/dev/mapper/swap"
		fi
	fi
}




cdupdate() {
	if [ "${CDROOT}" = '1' ]
	then
		if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ]
		then

}

setup_unionfs() {
	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
	then
		# Directory used for rw changes in union mount filesystem
		UNION=/union

	fi
}


swsusp_resume() {
### determine swap resume partition
	local device=$(ls -l "${REAL_RESUME}" | sed 's/\ */ /g' | cut -d \  -f 6-7 | sed 's/,\ */:/')
	[ -f /sys/power/resume ] && echo "${device}" > /sys/power/resume
	return 0
}


suspend_resume() {
	[ -x /sbin/resume ] || return 0
	/sbin/resume




#!/bin/sh
# Copyright 2003-2007 Gentoo Foundation 
# Distributed under the terms of the GNU General Public License v2

. /etc/initrd.defaults

REAL_ROOT=''
FAKE_ROOT=''
REAL_ROOTFLAGS=''
CRYPT_SILENT=0
for x in ${CMDLINE}
do
	case "${x}" in

			NFSROOT=`parse_opt "${x}"`
		;;
		crypt_root\=*)
			CRYPT_ROOT=`parse_opt "${x}"`
		;;
		crypt_swap\=*)
			CRYPT_SWAP=`parse_opt "${x}"`
		;;
		root_key\=*)
			CRYPT_ROOT_KEY=`parse_opt "${x}"`
		;;
		root_keydev\=*)
			CRYPT_ROOT_KEYDEV=`parse_opt "${x}"`
		;;
		real_resume\=*)
			REAL_RESUME=`parse_opt "${x}"`
		;;
		noresume)
			NORESUME=1
		;;
		crypt_silent)
			CRYPT_SILENT=1
		;;
		real_rootflags\=*)
			REAL_ROOTFLAGS=`parse_opt "${x}"`
		;;
	esac
done

# What is the code below for? 
# CDROOT on the previous revision can never be zero at this point, so if necessary update this or delete
#if [ -z "${REAL_ROOT}" -a \( "${CDROOT}" -eq 0 \)  -a \( "${FAKE_ROOT}" != "/dev/ram0" \) ]
#then
#	REAL_ROOT="${FAKE_ROOT}"	
#fi

splash 'init'


then
	good_msg 'Loading modules'
	# Load appropriate kernel modules
	if [ "${NODETECT}" != '1' ]
	then
		for modules in $MY_HWOPTS
		do

startVolumes

# Initialize LUKS root device except for livecd's
if [ "${CDROOT}" != 1 ]
then
	startLUKS
fi

mkdir -p ${NEW_ROOT}
setup_unionfs

if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then
	CHROOT=${UNION}
else

# Run debug shell if requested
rundebugshell

if [ "${NORESUME}" != '1' ]
then
	swsusp_resume
	suspend_resume
	suspend2_resume
fi

if [ "${CDROOT}" = '1' ]
then
	if [ "${USE_UNIONFS_NORMAL}" != '1' ]
	then
		good_msg "Making tmpfs for ${NEW_ROOT}"
		mount -t tmpfs tmpfs ${NEW_ROOT}
	fi
	
	for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys
	do
		mkdir -p ${NEW_ROOT}/$i
		chmod 755 ${NEW_ROOT}/$i

					good_msg "Detected real_root=${ROOT_DEV}"
					REAL_ROOT="${ROOT_DEV}"
				else
					whereis "REAL_ROOT" "root block device"
					echo '   Please specify a device to boot, or "shell" for a shell...'
					echo -n 'boot() :: '
					read REAL_ROOT
					got_good_root=0
					continue
				fi
				;;
		esac
				
		if [ "${REAL_ROOT}" = '' ]
		then
			run_shell

			REAL_ROOT=''
			got_good_root=0
			continue
		
		elif [ "${REAL_ROOT}" = '' ]
		then
			# No REAL_ROOT determined/specified. Prompt user for root block device.
			whereis "REAL_ROOT" "root block device"
			echo '   Please specify a device to boot, or "shell" for a shell...'
			echo -n 'boot() :: '
			read REAL_ROOT
			got_good_root=0

		# Check for a block device or /dev/nfs

	done


	if [ "${CDROOT}" = 1 -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ]
	then
		# CD already mounted; no further checks necessary
		break


#verbose_kmsg

# If cd root is set determine the looptype to boot
if [ "${CDROOT}" = '1' ]
then
	good_msg 'Determining looptype ...'

	fi

	cache_cd_contents
	

        # If encrypted, find key and mount, otherwise mount as usual
	if [ -n "${CRYPT_ROOT}" ] 
	then
		good_msg 'You booted an encrypted livecd' ${CRYPT_SILENT}
		then
			good_msg 'You booted an encrypted livecd'
		fi

		CRYPT_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)

		if [ "${LUKS_ROOT_KEY}" ]
		then
			bootstrapKey
		fi
		
		losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
		
		test_success 'Preparing loop filesystem'
		
		CRYPT_ROOT='/dev/loop0'
		
		startLUKS
		

# End cdrom looptype determination and mounting if necessary
#

	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
	then
		union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION}
		

	fi

	
	if [ "${USE_UNIONFS_NORMAL}" != '1' ]
	then
		good_msg "Copying read-write image contents to tmpfs"
		# Copy over stuff that should be writable

		sleep 10
	fi
else
	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
	then
		union_insert_dir ${UNION} ${NEW_ROOT}
		mkdir -p ${UNION}/tmp/.initrd

# init scripts will be able to unmount it properly at next reboot
#
# Eventually, all "unions over /" mounts should go in that /.unions/
if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then
	mkdir -p /${CHROOT}/.unions/memory 2>/dev/null
	mount -o move /memory /${CHROOT}/.unions/memory || echo '*: Failed to move unionfs /memory into the system root!'

	fi
	echo -n '.'

	if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" = '1' -a "${CDROOT}" = 0 ]
	then
		umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!'
		mount -n --move /tmp/.initrd/dev dev || echo '*: Failed to move over the /dev tree!'
		rm -rf /tmp/.initrd/dev || echo '*: Failed to remove the initrd /dev!'
	elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" = '1' ]
	then
		/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd
		/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin

		umount /tmp/.initrd/dev || echo '*: Failed to unmount the initrd /dev!'
		umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!'
		umount /tmp/.initrd/sys || echo '*: Failed to unmount the initrd /sys!'
	elif /tmp/.initrd/bin/[ "${CDROOT}" -eq 1 ]
	then
		umount /tmp/.initrd/proc || echo "*: Failed to unmount the initrd /proc!"
		umount /dev 2>/dev/null

Return to bug 162962

Lines 266-271 Link Here

(-)genkernel/trunk/genkernel.8 (+11 lines)
266	This specifies the device encrypted by Luks, which contains the root	266	This specifies the device encrypted by Luks, which contains the root
267	filesystem to mount.	267	filesystem to mount.
268	.TP	268	.TP
		269	\fBroot_key=\fR<...>
		270	In case your root and/or swap are encrypted with a binary key, you can use a device like a usb pen to store the key.
		271	This value should be the key path relative to the mount point.
		272	.TP
		273	\fBroot_keydev=\fR<...>
		274	If necessary provide the name of the device that carries the root_key.
		275	If unset while using root_key, it will automatically look for the device in every boot.
		276	.TP
		277	\fBcrypt_silent\fR
		278	Set this to silent all the output related to the cryptographic software, and in case your encrypted device isn't open with the key, it opens a shell in the initrd quietly.
		279	.TP
269	\fBdodmraid=\fR<...>	280	\fBdodmraid=\fR<...>
270	Passes arguments to dmraid on bootup.	281	Passes arguments to dmraid on bootup.
271	.TP	282	.TP

Lines 37-45 Link Here

(-)genkernel/trunk/generic/initrd.scripts (-145 / +245 lines)
37		37
38	modules_scan() {	38	modules_scan() {
39	local MODS	39	local MODS
40	[ -d /etc/modules/${1} ] \|\| touch /etc/modules/${1}	40	[ -d "/etc/modules/${1}" ] \|\| touch /etc/modules/${1}
41		41
42	[ -f /etc/modules/${1} ] && MODS=`cat /etc/modules/${1}`	42	[ -f "/etc/modules/${1}" ] && MODS=`cat /etc/modules/${1}`
43	for x in ${MODS}	43	for x in ${MODS}
44	do	44	do
45	MLOAD=`echo ${MLIST} \| sed -e "s/.${x}./${x}/"`	45	MLOAD=`echo ${MLIST} \| sed -e "s/.${x}./${x}/"`
Lines 63-69 Link Here
63	done	63	done
64	}	64	}
65		65
66	findcdmount() {	66	findmediamount() {
		67	# $1 = mount dir name / media name
		68	# $2 = recognition file
		69	# $3 = variable to have the device path
		70	# args remaining are possible devices
		71
		72	local media=$1
		73	local recon=$2
		74	local vrbl=$3
		75	shift;shift;shift
		76
		77	good_msg "Looking for the ${media}" ${CRYPT_SILENT}
		78
67	if [ "$#" -gt "0" ]	79	if [ "$#" -gt "0" ]
68	then	80	then
69	for x in $*	81	for x in $*
Lines 71-145 Link Here
71	# Check for a block device to mount	83	# Check for a block device to mount
72	if [ -b "${x}" ]	84	if [ -b "${x}" ]
73	then	85	then
74	good_msg "Attempting to mount media:- ${x}"	86	good_msg "Attempting to mount media:- ${x}" ${CRYPT_SILENT}
75	if [ -z "${CDROOT_DEV}" ]	87
76	then	88	mount -r -t auto ${x} ${NEW_ROOT}/mnt/${media} \
77	mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom \
78	> /dev/null 2>&1	89	> /dev/null 2>&1
79	else	90
80	mount -r -t iso9660 ${x} ${NEW_ROOT}/mnt/cdrom \
81	> /dev/null 2>&1
82	fi
83	if [ "$?" = '0' ]	91	if [ "$?" = '0' ]
84	then	92	then
85	# Check for a LiveCD	93	# Check for the media
86	if [ -f ${NEW_ROOT}/mnt/cdrom/${SUBDIR}/livecd ]	94	if [ -f "${NEW_ROOT}/mnt/${media}/${recon}" ]
87	then	95	then
88	REAL_ROOT="${x}"	96	#set REAL_ROOT, CRYPT_ROOT_KEYDEV or whatever ${vrbl} is
		97	eval ${vrbl}'='"${x}"
		98	good_msg "Media found on ${x}" ${CRYPT_SILENT}
89	break	99	break
90	else	100	else
91	umount ${NEW_ROOT}/mnt/cdrom	101	umount ${NEW_ROOT}/mnt/${media}
92	fi	102	fi
93	fi	103	fi
94	fi	104	fi
95	done	105	done
96	if [ "${REAL_ROOT}" != '' ]
97	then
98	good_msg "Media found on ${x}"
99	fi
100	fi	106	fi
		107
		108	eval local result='$'${vrbl}
		109
		110	[ -n "${result}" ] \|\| bad_msg "Media not found" ${CRYPT_SILENT}
101	}	111	}
102		112
103	findkeymount() {	113	devicelist(){
104	if [ "$#" -gt "0" ]	114	# Locate the cdrom device with our media on it.
105	then	115	# CDROM DEVICES
106	for x in $*	116	local DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
107	do	117	# USB Keychain/Storage
108	# Check for a block device to mount	118	DEVICES="$DEVICES /dev/sd*"
109	if [ -b "${x}" ]	119	# IDE devices
110	then	120	DEVICES="$DEVICES /dev/hd*"
111	if [ ${crypt_silent} = '' ]	121	# USB using the USB Block Driver
112	then	122	DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
113	good_msg "Attempting to mount key media:- ${x}"	123	# iSeries devices
114	fi	124	DEVICES="$DEVICES /dev/iseries/vcd*"
		125	echo ${DEVICES}
		126	}
115		127
116	mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \	128	bootstrapCD() {
117	> /dev/null 2>&1	129
118	if [ "$?" = '0' ]	130	local DEVICES=`devicelist`
119	then	131	# The device was specified on the command line. Shold we even be doing a
120	# Check for the key	132	# scan at this point? I think not.
121	if [ -e ${NEW_ROOT}/mnt/keydev/${LUKS_ROOT_KEY} ]	133	[ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"
122	then	134
123	LUKS_ROOT_KEYDEV="${x}"	135	findmediamount "cdrom" "${SUBDIR}/livecd" "REAL_ROOT" ${DEVICES}
124	umount ${NEW_ROOT}/mnt/keydev
125	break
126	else
127	umount ${NEW_ROOT}/mnt/keydev
128	fi
129	fi
130	fi
131	done
132	if [ "${LUKS_ROOT_KEYDEV}" != '' ]
133	then
134	if [ ${crypt_silent} = '' ]
135	then
136	good_msg "Key media found on ${x}"
137	fi
138	fi
139	fi
140	}	136	}
141		137
		138	bootstrapKey() {
		139	local KEYDEVS=`devicelist`
142		140
		141	findmediamount "key" "${CRYPT_ROOT_KEY}" "CRYPT_ROOT_KEYDEV" ${KEYDEVS}
		142	}
		143
143	cache_cd_contents() {	144	cache_cd_contents() {
144	# Check loop file exists and cache to ramdisk if DO_cache is enabled	145	# Check loop file exists and cache to ramdisk if DO_cache is enabled
145	if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ]	146	if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ]
Lines 328-352 Link Here
328	fi	329	fi
329	}	330	}
330		331
331	good_msg() {	332
		333	# msg functions arguments
		334	# $1 string
		335	# $2 hide flag
		336
		337	good_msg() {
332	msg_string=$1	338	msg_string=$1
333	msg_string="${msg_string:-...}"	339	msg_string="${msg_string:-...}"
334	echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}"	340	[ "$2" != 1 ] && echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
335	}	341	}
336		342
337	bad_msg() {	343	bad_msg() {
338	msg_string=$1	344	msg_string=$1
339	msg_string="${msg_string:-...}"	345	msg_string="${msg_string:-...}"
340	splash 'verbose' > /dev/null &	346	if [ "$2" != 1 ]
341	echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}"	347	then
		348	splash 'verbose' > /dev/null &
		349	echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
		350	fi
342	}	351	}
343		352
344	warn_msg() {	353	warn_msg() {
345	msg_string=$1	354	msg_string=$1
346	msg_string="${msg_string:-...}"	355	msg_string="${msg_string:-...}"
347	echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}"	356	[ "$2" != 1 ] && echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
348	}	357	}
349		358
		359	crypt_filter() {
		360	if [ ${CRYPT_SILENT} -eq 1 ]
		361	then
		362	eval $1 >/dev/null 2>/dev/null
		363	else
		364	eval $1
		365	fi
		366	}
		367
		368	whereis(){
		369	# $1 = variable whose value is the path (examples: "REAL_ROOT", "LUKS_KEYDEV")
		370	# $2 = label
		371	# $3 = optional explanations for failure
		372
		373	eval local oldvalue='$'${1}
		374
		375	[ \( $# != 2 \) -a \( $# != 3 \) ] && \
		376	bad_msg "Bad invocation of function whereis, please file a bug \
		377	report with this message" && exit 1
		378	[ -n "${3}" ] && local explnt=" or : ${3}" \|\| local explnt="."
		379
		380	bad_msg "Could not find the ${2} in ${oldvalue}${explnt}"
		381	echo ' Please specify another value or: press Enter for the same, type "shell" for a shell, or "q" to skip...'
		382	echo -n "${2}(${oldvalue}) :: "
		383	read ${1}
		384	case `eval echo '$'${1}` in
		385	'q')
		386	eval ${1}'='${oldvalue}
		387	warn_msg "Skipping step, this will likely cause a boot failure."
		388	break
		389	;;
		390	'shell')
		391	eval ${1}'='${oldvalue}
		392	echo "To leave and try again just press <Ctrl>+D"
		393	run_shell
		394	;;
		395	'')
		396	eval ${1}'='${oldvalue}
		397	;;
		398	esac
		399	}
		400
350	bind_mount_dev() {	401	bind_mount_dev() {
351	# bind-mount /dev/ so that loop devices can be found	402	# bind-mount /dev/ so that loop devices can be found
352	mount -o bind ${NEW_ROOT}/dev /dev	403	mount -o bind ${NEW_ROOT}/dev /dev
Lines 354-367 Link Here
354		405
355	start_dev_mgr() {	406	start_dev_mgr() {
356	# Check udev is available...	407	# Check udev is available...
357	if [ "${KV_2_6_OR_GREATER}" -a ! "${USE_UDEV_NORMAL}" -eq '0' ]	408	if [ "${KV_2_6_OR_GREATER}" -a "${USE_UDEV_NORMAL}" != '0' ]
358	then	409	then
359	USE_UDEV_NORMAL=1	410	USE_UDEV_NORMAL=1
360	else	411	else
361	USE_UDEV_NORMAL=0	412	USE_UDEV_NORMAL=0
362	fi	413	fi
363		414
364	if [ "${USE_UDEV_NORMAL}" -eq '1' ]	415	if [ "${USE_UDEV_NORMAL}" = '1' ]
365	then	416	then
366	cd /sys	417	cd /sys
367	[ "${DO_slowusb}" ] && sleep 10	418	[ "${DO_slowusb}" ] && sleep 10
Lines 378-419 Link Here
378	fi	429	fi
379	}	430	}
380		431
381	bootstrapCD() {
382	# Locate the cdrom device with our media on it.
383	# CDROM DEVICES
384	DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
385	# USB Keychain/Storage
386	DEVICES="$DEVICES /dev/sd*"
387	# IDE devices
388	DEVICES="$DEVICES /dev/hd*"
389	# USB using the USB Block Driver
390	DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
391	# iSeries devices
392	DEVICES="$DEVICES /dev/iseries/vcd*"
393	# The device was specified on the command line. Shold we even be doing a
394	# scan at this point? I think not.
395	[ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"
396
397	findcdmount $DEVICES
398	}
399
400	bootstrapKey() {
401	# Locate the device with our key on it.
402	# USB Keychain/Storage
403	KEYDEVS="/dev/sd*"
404	# CDROM DEVICES
405	KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
406	# IDE devices
407	KEYDEVS="${KEYDEVS} /dev/hd*"
408	# USB using the USB Block Driver
409	KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*"
410	# iSeries devices
411	KEYDEVS="${KEYDEVs} /dev/iseries/vcd*"
412
413	findkeymount ${KEYDEVS}
414	}
415
416
417	cmdline_hwopts() {	432	cmdline_hwopts() {
418	# Scan CMDLINE for any "doscsi" or "noscsi"-type arguments	433	# Scan CMDLINE for any "doscsi" or "noscsi"-type arguments
419		434
Lines 510-516 Link Here
510		525
511	chooseKeymap	526	chooseKeymap
512		527
513	[ "${DEVBIND}" -eq '1' ] && umount /dev	528	[ "${DEVBIND}" = '1' ] && umount /dev
514		529
515	if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ]	530	if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ]
516	then	531	then
Lines 602-608 Link Here
602	ln -sf /dev/device-mapper /dev/mapper/control	617	ln -sf /dev/device-mapper /dev/mapper/control
603	fi	618	fi
604		619
605	if [ "${USE_DMRAID_NORMAL}" -eq '1' ]	620	if [ "${USE_DMRAID_NORMAL}" = '1' ]
606	then	621	then
607	if [ -e '/sbin/dmraid' ]	622	if [ -e '/sbin/dmraid' ]
608	then	623	then
Lines 616-622 Link Here
616	fi	631	fi
617	fi	632	fi
618		633
619	if [ "${USE_LVM2_NORMAL}" -eq '1' ]	634	if [ "${USE_LVM2_NORMAL}" = '1' ]
620	then	635	then
621	if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ]	636	if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ]
622	then	637	then
Lines 631-637 Link Here
631	/bin/vgchange -ay --ignorelockingfailure 2>/dev/null	646	/bin/vgchange -ay --ignorelockingfailure 2>/dev/null
632		647
633	# Disable EVMS since lvm2 is activated and they dont work together.	648	# Disable EVMS since lvm2 is activated and they dont work together.
634	if [ "${USE_EVMS2_NORMAL}" -eq '1' ]	649	if [ "${USE_EVMS2_NORMAL}" = '1' ]
635	then	650	then
636	bad_msg "Disabling EVMS Support because LVM2 started"	651	bad_msg "Disabling EVMS Support because LVM2 started"
637	bad_msg "Do not add dolvm2 to the cmdline if this is not what you want"	652	bad_msg "Do not add dolvm2 to the cmdline if this is not what you want"
Lines 643-649 Link Here
643	fi	658	fi
644	fi	659	fi
645		660
646	if [ "${USE_EVMS2_NORMAL}" -eq '1' ]	661	if [ "${USE_EVMS2_NORMAL}" = '1' ]
647	then	662	then
648	if [ -e '/sbin/evms_activate' ]	663	if [ -e '/sbin/evms_activate' ]
649	then	664	then
Lines 656-713 Link Here
656	# Open a LUKS device	671	# Open a LUKS device
657	# $1 LUKS device	672	# $1 LUKS device
658	# $2 LUKS name	673	# $2 LUKS name
		674	# $3 LUKS key (relative path on device)
		675	# $4 LUKS keydevice (containing the key)
659	openLUKS() {	676	openLUKS() {
660	LUKS_DEVICE="$1"	677	LUKS_DEVICE="$1"
661	LUKS_NAME="$2"	678	LUKS_NAME="$2"
662	if [ -e /sbin/cryptsetup ]	679	LUKS_KEY="$3"
663	then	680	LUKS_KEYDEV="$4"
664	while [ 1 ]	681	local DEV_ERROR=0; local KEY_ERROR=0; local KEYDEV_ERROR=0
665	do	682	local mntkey=/mnt/key/; local cryptsetup_options=''
666	if [ "${LUKS_DEVICE}" = '' ]	683
		684	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
		685	while [ 1 ]
		686	do
		687	# if crypt_silent=1 and some error occurs, enter shell quietly
		688	if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]
		689	then
		690	run_shell
		691	elif [ ${DEV_ERROR} -eq 1 ]
		692	then
		693	whereis "LUKS_DEVICE" "${LUKS_NAME}"
		694	DEV_ERROR=0
		695	elif [ ${KEY_ERROR} -eq 1 ]
		696	then
		697	whereis "LUKS_KEY" "${LUKS_NAME} key"
		698	KEY_ERROR=0
		699	elif [ ${KEYDEV_ERROR} -eq 1 ]
		700	then
		701	whereis "LUKS_KEYDEV" "${LUKS_NAME} key device"
		702	KEYDEV_ERROR=0
		703	else
		704	setup_md_device ${LUKS_DEVICE}
		705	cryptsetup isLuks ${LUKS_DEVICE}
		706	if [ ! "$?" -eq '0' ]
667	then	707	then
668	# LUKS device could not be opened. Prompt user for device.	708	bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT}
669	bad_msg "The LUKS ${LUKS_NAME} block device is not detected."	709	DEV_ERROR=1
670	echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."
671	echo -n "LUKS ${LUKS_NAME}() :: "
672	read LUKS_DEVICE
673	continue	710	continue
674	elif [ "${LUKS_DEVICE}" = 'shell' ]
675	then
676	run_shell
677
678	LUKS_DEVICE=''
679	continue
680	elif [ "${LUKS_DEVICE}" = 'q' ]
681	then
682	break
683	else	711	else
684	setup_md_device ${LUKS_DEVICE}	712	# Handle keys
685	if cryptsetup isLuks ${LUKS_DEVICE}	713	if [ -n "${LUKS_KEY}" ]
686	then	714	then
687	good_msg "Opening LUKS device ${LUKS_DEVICE}"	715	if [ ! -e "${mntkey}${LUKS_KEY}" ]
688
689	cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}
690	if [ ! "$?" -eq '0' ]
691	then	716	then
692	bad_msg "Failed open LUKS device ${LUKS_DEVICE}"	717	if [ -b "${LUKS_KEYDEV}" ]
693	else	718	then good_msg "Using key device ${LUKS_KEYDEV}." ${CRYPT_SILENT}
694	break	719	else
		720	good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT}
		721	# abort after 10 secs
		722	local count=10
		723	while [ ${count} -gt 0 ]
		724	do
		725	count=$((count-1))
		726	sleep 1
		727	if [ -b "${LUKS_KEYDEV}" ]
		728	then
		729	good_msg "Removable device ${LUKS_KEYDEV} detected." ${CRYPT_SILENT}
		730	break
		731	fi
		732	done
		733	if [ ! -b "${LUKS_KEYDEV}" ]
		734	then
		735	CRYPT_ROOT_KEY=${LUKS_KEY}
		736	bootstrapKey
		737	LUKS_KEYDEV=${CRYPT_ROOT_KEYDEV}
		738	if [ ! -b "${LUKS_KEYDEV}" ]; then
		739	KEYDEV_ERROR=1
		740	bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
		741	continue
		742	fi
		743	fi
		744	fi
		745	# At this point a device was recognized, now let's see if the key is there
		746	[ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null
		747
		748	mount -n -o ro ${LUKS_KEYDEV} ${mntkey} >/dev/null 2>/dev/null
		749	if [ "$?" != '0' ]
		750	then
		751	KEYDEV_ERROR=1
		752	bad_msg "Mounting of device ${LUKS_KEYDEV} failed." ${CRYPT_SILENT}
		753	continue
		754	else
		755	good_msg "Removable device ${LUKS_KEYDEV} mounted." ${CRYPT_SILENT}
		756	sleep 2
		757	# keyfile exists?
		758	if [ ! -e "${mntkey}${LUKS_KEY}" ]; then
		759	umount -n ${mntkey} 2>/dev/null >/dev/null
		760	KEY_ERROR=1
		761	KEYDEV_ERROR=1
		762	bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
		763	continue
		764	fi
		765	fi
695	fi	766	fi
		767	# At this point a candidate key exists (either mounted before or not)
		768	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
		769	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
		770	fi
		771	# At this point, keyfile or not, we're ready!
		772	crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
		773	if [ $? -eq 0 ]
		774	then
		775	good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}
		776	break
696	else	777	else
697	bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header"	778	bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT}
		779	DEV_ERROR=1
698	fi	780	fi
699	fi	781	fi
700	LUKS_DEVICE=''	782	fi
701	done	783	done
702	else	784	umount ${mntkey} 2>/dev/null >/dev/null
703	bad_msg "The initrd does not support LUKS"	785	rmdir ${mntkey} 2>/dev/null >/dev/null
704	fi
705	}	786	}
706		787
707	startLUKS() {	788	startLUKS() {
708	if [ -n "${LUKS_ROOT}" ]	789
		790	# if key is set but key device isn't, find it
		791
		792	[ -n "${CRYPT_ROOT}" ] && [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
		793	&& bootstrapKey
		794
		795	if [ -n "${CRYPT_ROOT}" ]
709	then	796	then
710	openLUKS "${LUKS_ROOT}" "root"	797	openLUKS "${CRYPT_ROOT}" "root" "${CRYPT_ROOT_KEY}" "${CRYPT_ROOT_KEYDEV}"
711	if [ -n "${REAL_ROOT}" ]	798	if [ -n "${REAL_ROOT}" ]
712	then	799	then
713	# Rescan volumes	800	# Rescan volumes
Lines 716-725 Link Here
716	REAL_ROOT="/dev/mapper/root"	803	REAL_ROOT="/dev/mapper/root"
717	fi	804	fi
718	fi	805	fi
719	if [ -n "${LUKS_SWAP}" ]	806	if [ -n "${CRYPT_SWAP}" ]
720	then	807	then
721	openLUKS "${LUKS_SWAP}" "swap"	808	openLUKS "${CRYPT_SWAP}" "swap" "${CRYPT_ROOT_KEY}" "${CRYPT_ROOT_KEYDEV}"
722	break	809	if [ -z "${REAL_RESUME}" ]
		810	then
		811	# Resume from swap as default
		812	REAL_RESUME="/dev/mapper/swap"
		813	fi
723	fi	814	fi
724	}	815	}
725		816
Lines 746-752 Link Here
746		837
747		838
748	cdupdate() {	839	cdupdate() {
749	if [ "${CDROOT}" -eq '1' ]	840	if [ "${CDROOT}" = '1' ]
750	then	841	then
751	if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ]	842	if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ]
752	then	843	then
Lines 792-798 Link Here
792	}	883	}
793		884
794	setup_unionfs() {	885	setup_unionfs() {
795	if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]	886	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
796	then	887	then
797	# Directory used for rw changes in union mount filesystem	888	# Directory used for rw changes in union mount filesystem
798	UNION=/union	889	UNION=/union
Lines 847-852 Link Here
847	fi	938	fi
848	}	939	}
849		940
		941
		942	swsusp_resume() {
		943	### determine swap resume partition
		944	local device=$(ls -l "${REAL_RESUME}" \| sed 's/\ / /g' \| cut -d \ -f 6-7 \| sed 's/,\ /:/')
		945	[ -f /sys/power/resume ] && echo "${device}" > /sys/power/resume
		946	return 0
		947	}
		948
		949
850	suspend_resume() {	950	suspend_resume() {
851	[ -x /sbin/resume ] \|\| return 0	951	[ -x /sbin/resume ] \|\| return 0
852	/sbin/resume	952	/sbin/resume

Lines 1-5 Link Here

(-)genkernel/trunk/generic/linuxrc (-56 / +52 lines)
1	#!/bin/sh	1	#!/bin/sh
2	# Copyright 2003-2006 Gentoo Foundation	2	# Copyright 2003-2007 Gentoo Foundation
3	# Distributed under the terms of the GNU General Public License v2	3	# Distributed under the terms of the GNU General Public License v2
4		4
5	. /etc/initrd.defaults	5	. /etc/initrd.defaults
Lines 46-51 Link Here
46	REAL_ROOT=''	46	REAL_ROOT=''
47	FAKE_ROOT=''	47	FAKE_ROOT=''
48	REAL_ROOTFLAGS=''	48	REAL_ROOTFLAGS=''
		49	CRYPT_SILENT=0
49	for x in ${CMDLINE}	50	for x in ${CMDLINE}
50	do	51	do
51	case "${x}" in	52	case "${x}" in
Lines 174-197 Link Here
174	NFSROOT=`parse_opt "${x}"`	175	NFSROOT=`parse_opt "${x}"`
175	;;	176	;;
176	crypt_root\=*)	177	crypt_root\=*)
177	LUKS_ROOT=`parse_opt "${x}"`	178	CRYPT_ROOT=`parse_opt "${x}"`
178	;;	179	;;
179	crypt_swap\=*)	180	crypt_swap\=*)
180	LUKS_SWAP=`parse_opt "${x}"`	181	CRYPT_SWAP=`parse_opt "${x}"`
181	;;	182	;;
182	crypt_silent\=*)	183	root_key\=*)
183	LUKS_SILENT=`parse_opt "${x}"`	184	CRYPT_ROOT_KEY=`parse_opt "${x}"`
184	;;	185	;;
		186	root_keydev\=*)
		187	CRYPT_ROOT_KEYDEV=`parse_opt "${x}"`
		188	;;
		189	real_resume\=*)
		190	REAL_RESUME=`parse_opt "${x}"`
		191	;;
		192	noresume)
		193	NORESUME=1
		194	;;
		195	crypt_silent)
		196	CRYPT_SILENT=1
		197	;;
185	real_rootflags\=*)	198	real_rootflags\=*)
186	REAL_ROOTFLAGS=`parse_opt "${x}"`	199	REAL_ROOTFLAGS=`parse_opt "${x}"`
187	;;	200	;;
188	esac	201	esac
189	done	202	done
190		203
191	if [ -z "${REAL_ROOT}" -a \( "${CDROOT}" -eq 0 \) -a \( "${FAKE_ROOT}" != "/dev/ram0" \) ]	204	# What is the code below for?
192	then	205	# CDROOT on the previous revision can never be zero at this point, so if necessary update this or delete
193	REAL_ROOT="${FAKE_ROOT}"	206	#if [ -z "${REAL_ROOT}" -a \( "${CDROOT}" -eq 0 \) -a \( "${FAKE_ROOT}" != "/dev/ram0" \) ]
194	fi	207	#then
		208	# REAL_ROOT="${FAKE_ROOT}"
		209	#fi
195		210
196	splash 'init'	211	splash 'init'
197		212
Lines 203-209 Link Here
203	then	218	then
204	good_msg 'Loading modules'	219	good_msg 'Loading modules'
205	# Load appropriate kernel modules	220	# Load appropriate kernel modules
206	if [ "${NODETECT}" -ne '1' ]	221	if [ "${NODETECT}" != '1' ]
207	then	222	then
208	for modules in $MY_HWOPTS	223	for modules in $MY_HWOPTS
209	do	224	do
Lines 237-243 Link Here
237	startVolumes	252	startVolumes
238		253
239	# Initialize LUKS root device except for livecd's	254	# Initialize LUKS root device except for livecd's
240	if [ "${CDROOT}" -ne '1' ]	255	if [ "${CDROOT}" != 1 ]
241	then	256	then
242	startLUKS	257	startLUKS
243	fi	258	fi
Lines 246-252 Link Here
246	mkdir -p ${NEW_ROOT}	261	mkdir -p ${NEW_ROOT}
247	setup_unionfs	262	setup_unionfs
248		263
249	if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]	264	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
250	then	265	then
251	CHROOT=${UNION}	266	CHROOT=${UNION}
252	else	267	else
Lines 256-273 Link Here
256	# Run debug shell if requested	271	# Run debug shell if requested
257	rundebugshell	272	rundebugshell
258		273
259	suspend_resume	274	if [ "${NORESUME}" != '1' ]
260	suspend2_resume	275	then
		276	swsusp_resume
		277	suspend_resume
		278	suspend2_resume
		279	fi
261		280
262	if [ "${CDROOT}" -eq '1' ]	281	if [ "${CDROOT}" = '1' ]
263	then	282	then
264	if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ]	283	if [ "${USE_UNIONFS_NORMAL}" != '1' ]
265	then	284	then
266	good_msg "Making tmpfs for ${NEW_ROOT}"	285	good_msg "Making tmpfs for ${NEW_ROOT}"
267	mount -t tmpfs tmpfs ${NEW_ROOT}	286	mount -t tmpfs tmpfs ${NEW_ROOT}
268	fi	287	fi
269		288
270	for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys	289	for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys
271	do	290	do
272	mkdir -p ${NEW_ROOT}/$i	291	mkdir -p ${NEW_ROOT}/$i
273	chmod 755 ${NEW_ROOT}/$i	292	chmod 755 ${NEW_ROOT}/$i
Lines 358-388 Link Here
358	good_msg "Detected real_root=${ROOT_DEV}"	377	good_msg "Detected real_root=${ROOT_DEV}"
359	REAL_ROOT="${ROOT_DEV}"	378	REAL_ROOT="${ROOT_DEV}"
360	else	379	else
361	bad_msg "Could not find root block device: ${REAL_ROOT}"	380	whereis "REAL_ROOT" "root block device"
362	echo ' Please specify a device to boot, or "shell" for a shell...'
363	echo -n 'boot() :: '
364	read REAL_ROOT
365	got_good_root=0	381	got_good_root=0
366	continue	382	continue
367	fi	383	fi
368	;;	384	;;
369	esac	385	esac
370		386
371	if [ "${REAL_ROOT}" = 'shell' ]	387	if [ "${REAL_ROOT}" = '' ]
372	then	388	then
373	run_shell
374
375	REAL_ROOT=''
376	got_good_root=0
377	continue
378
379	elif [ "${REAL_ROOT}" = '' ]
380	then
381	# No REAL_ROOT determined/specified. Prompt user for root block device.	389	# No REAL_ROOT determined/specified. Prompt user for root block device.
382	bad_msg "The root block device is unspecified or not detected."	390	whereis "REAL_ROOT" "root block device"
383	echo ' Please specify a device to boot, or "shell" for a shell...'
384	echo -n 'boot() :: '
385	read REAL_ROOT
386	got_good_root=0	391	got_good_root=0
387		392
388	# Check for a block device or /dev/nfs	393	# Check for a block device or /dev/nfs
Lines 398-404 Link Here
398	done	403	done
399		404
400		405
401	if [ "${CDROOT}" -eq '1' -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ]	406	if [ "${CDROOT}" = 1 -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ]
402	then	407	then
403	# CD already mounted; no further checks necessary	408	# CD already mounted; no further checks necessary
404	break	409	break
Lines 442-448 Link Here
442		447
443	#verbose_kmsg	448	#verbose_kmsg
444		449
445	# If cdroot is set determine the looptype to boot	450	# If cd root is set determine the looptype to boot
446	if [ "${CDROOT}" = '1' ]	451	if [ "${CDROOT}" = '1' ]
447	then	452	then
448	good_msg 'Determining looptype ...'	453	good_msg 'Determining looptype ...'
Lines 496-523 Link Here
496	fi	501	fi
497		502
498	cache_cd_contents	503	cache_cd_contents
499
500		504
501	# If encrypted, find key and mount, otherwise mount as usual	505	# If encrypted, find key and mount, otherwise mount as usual
502	if [ "${LUKS_ROOT}" != '' ]	506	if [ -n "${CRYPT_ROOT}" ]
503	then	507	then
504	if [ "${LUKS_SILENT}" = '' ]	508	good_msg 'You booted an encrypted livecd' ${CRYPT_SILENT}
505	then
506	good_msg 'You booted an encrypted livecd'
507	fi
508		509
509	LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)	510	CRYPT_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
510
511	if [ "${LUKS_ROOT_KEY}" ]
512	then
513	bootstrapKey
514	fi
515		511
516	losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}	512	losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
517		513
518	test_success 'Preparing loop filesystem'	514	test_success 'Preparing loop filesystem'
519		515
520	LUKS_ROOT='/dev/loop0'	516	CRYPT_ROOT='/dev/loop0'
521		517
522	startLUKS	518	startLUKS
523		519
Lines 602-608 Link Here
602	# End cdrom looptype determination and mounting if necessary	598	# End cdrom looptype determination and mounting if necessary
603	#	599	#
604		600
605	if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]	601	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
606	then	602	then
607	union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION}	603	union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION}
608		604
Lines 628-634 Link Here
628	fi	624	fi
629		625
630		626
631	if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ]	627	if [ "${USE_UNIONFS_NORMAL}" != '1' ]
632	then	628	then
633	good_msg "Copying read-write image contents to tmpfs"	629	good_msg "Copying read-write image contents to tmpfs"
634	# Copy over stuff that should be writable	630	# Copy over stuff that should be writable
Lines 696-702 Link Here
696	sleep 10	692	sleep 10
697	fi	693	fi
698	else	694	else
699	if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]	695	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
700	then	696	then
701	union_insert_dir ${UNION} ${NEW_ROOT}	697	union_insert_dir ${UNION} ${NEW_ROOT}
702	mkdir -p ${UNION}/tmp/.initrd	698	mkdir -p ${UNION}/tmp/.initrd
Lines 718-724 Link Here
718	# init scripts will be able to unmount it properly at next reboot	714	# init scripts will be able to unmount it properly at next reboot
719	#	715	#
720	# Eventually, all "unions over /" mounts should go in that /.unions/	716	# Eventually, all "unions over /" mounts should go in that /.unions/
721	if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]	717	if [ "${USE_UNIONFS_NORMAL}" = '1' ]
722	then	718	then
723	mkdir -p /${CHROOT}/.unions/memory 2>/dev/null	719	mkdir -p /${CHROOT}/.unions/memory 2>/dev/null
724	mount -o move /memory /${CHROOT}/.unions/memory \|\| echo '*: Failed to move unionfs /memory into the system root!'	720	mount -o move /memory /${CHROOT}/.unions/memory \|\| echo '*: Failed to move unionfs /memory into the system root!'
Lines 738-749 Link Here
738	fi	734	fi
739	echo -n '.'	735	echo -n '.'
740		736
741	if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" -eq '1' -a "${CDROOT}" -eq '0' ]	737	if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" = '1' -a "${CDROOT}" = 0 ]
742	then	738	then
743	umount /tmp/.initrd/proc \|\| echo '*: Failed to unmount the initrd /proc!'	739	umount /tmp/.initrd/proc \|\| echo '*: Failed to unmount the initrd /proc!'
744	mount -n --move /tmp/.initrd/dev dev \|\| echo '*: Failed to move over the /dev tree!'	740	mount -n --move /tmp/.initrd/dev dev \|\| echo '*: Failed to move over the /dev tree!'
745	rm -rf /tmp/.initrd/dev \|\| echo '*: Failed to remove the initrd /dev!'	741	rm -rf /tmp/.initrd/dev \|\| echo '*: Failed to remove the initrd /dev!'
746	elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" -eq '1' ]	742	elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" = '1' ]
747	then	743	then
748	/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd	744	/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd
749	/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin	745	/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin
Lines 753-759 Link Here
753	umount /tmp/.initrd/dev \|\| echo '*: Failed to unmount the initrd /dev!'	749	umount /tmp/.initrd/dev \|\| echo '*: Failed to unmount the initrd /dev!'
754	umount /tmp/.initrd/proc \|\| echo '*: Failed to unmount the initrd /proc!'	750	umount /tmp/.initrd/proc \|\| echo '*: Failed to unmount the initrd /proc!'
755	umount /tmp/.initrd/sys \|\| echo '*: Failed to unmount the initrd /sys!'	751	umount /tmp/.initrd/sys \|\| echo '*: Failed to unmount the initrd /sys!'
756	elif /tmp/.initrd/bin/[ "${CDROOT}" -eq '1' ]	752	elif /tmp/.initrd/bin/[ "${CDROOT}" -eq 1 ]
757	then	753	then
758	umount /tmp/.initrd/proc \|\| echo "*: Failed to unmount the initrd /proc!"	754	umount /tmp/.initrd/proc \|\| echo "*: Failed to unmount the initrd /proc!"
759	umount /dev 2>/dev/null	755	umount /dev 2>/dev/null