Attachment #149942 for bug #217959




#				else
#					mount -r -t auto ${x} ${mntdir} &>/dev/null
#				fi
				mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1 || mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1
				if [ "$?" = '0' ]
				then
					# Check for the media

	fi
}


# Overwrite and delete file
wipeFile() {
	if [ -f "$1" ] ; then
		#size=`stat -c %s "$1"`
		size=4096
		dd if=/dev/urandom of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		dd if=/dev/zero of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		rm "$1"
	fi
}

# Open a LUKS device
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks
# $1 - root/swap

	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
	local mntkey="/mnt/key/" cryptsetup_options=''
	local LUKS_KEY_PLAIN=${LUKS_KEY%.gpg}
	local LUKS_KEY_TMP="/temp/key-${LUKS_KEY_PLAIN}"

	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
	[ "$LUKS_KEY_PLAIN" != "$LUKS_KEY" ] && [ ! -e /sbin/gpg ] && bad_msg "The initrd does not suport GPG" && exit 1
	while [ 1 ]
	do
		# if crypt_silent=1 and some error occurs, enter shell quietly

								umount -n ${mntkey} 2>/dev/null >/dev/null
								KEY_ERROR=1
								KEYDEV_ERROR=1
								bad_msg "Key ${LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
								continue
							fi
						fi
					fi
					# At this point a candidate key exists (either mounted before or not)
					good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
					# Is gpg encrypted?
					if [ "${LUKS_KEY_PLAIN}" != "${LUKS_KEY}" ] ; then
						if [ ! -e "${LUKS_KEY_TMP}" ] ; then
							gpg --homedir /.gpg -o "${LUKS_KEY_TMP}" "${mntkey}${LUKS_KEY}"
							if [ ! -e "${LUKS_KEY_TMP}" ] ; then
								KEY_ERROR=1
								bad_msg "Unable to decrypt ${LUKS_KEY}" ${CRYPT_SILENT}
								continue
							fi
						fi
						cryptsetup_options="-d ${LUKS_KEY_TMP}"
					else
						cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
					fi
				fi
				# At this point, keyfile or not, we're ready!
				crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"

	done
	umount ${mntkey} 2>/dev/null >/dev/null
	rmdir -p ${mntkey} 2>/dev/null >/dev/null
	if [ ${DEV_ERROR} != 0 ] || [ ${KEY_ERROR} != 0 ] || [ ${KEYDEV_ERROR} != 0 ] ; then
		for i in /temp/key-* ; do
			wipeFile "${i}"
		done
	fi
}

startLUKS() {

			REAL_RESUME="/dev/mapper/swap"
		fi
	fi

	# wipe decrypted key files
	for i in /temp/key-* ; do
		wipeFile "${i}"
	done
}

sdelay() {

Return to bug 217959

Lines 99-105 Link Here

(-)/usr/share/genkernel/generic/initrd.scripts (-3 / +41 lines)
99	# else	99	# else
100	# mount -r -t auto ${x} ${mntdir} &>/dev/null	100	# mount -r -t auto ${x} ${mntdir} &>/dev/null
101	# fi	101	# fi
102	mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} &>/dev/null	102	mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1 \|\| mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1
103	if [ "$?" = '0' ]	103	if [ "$?" = '0' ]
104	then	104	then
105	# Check for the media	105	# Check for the media
Lines 691-696 Link Here
691	fi	691	fi
692	}	692	}
693		693
		694
		695	# Overwrite and delete file
		696	wipeFile() {
		697	if [ -f "$1" ] ; then
		698	#size=`stat -c %s "$1"`
		699	size=4096
		700	dd if=/dev/urandom of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		701	dd if=/dev/zero of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		702	rm "$1"
		703	fi
		704	}
		705
694	# Open a LUKS device	706	# Open a LUKS device
695	# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks	707	# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks
696	# $1 - root/swap	708	# $1 - root/swap
Lines 710-717 Link Here
710	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'	722	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
711	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0	723	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
712	local mntkey="/mnt/key/" cryptsetup_options=''	724	local mntkey="/mnt/key/" cryptsetup_options=''
		725	local LUKS_KEY_PLAIN=${LUKS_KEY%.gpg}
		726	local LUKS_KEY_TMP="/temp/key-${LUKS_KEY_PLAIN}"
713		727
714	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1	728	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
		729	[ "$LUKS_KEY_PLAIN" != "$LUKS_KEY" ] && [ ! -e /sbin/gpg ] && bad_msg "The initrd does not suport GPG" && exit 1
715	while [ 1 ]	730	while [ 1 ]
716	do	731	do
717	# if crypt_silent=1 and some error occurs, enter shell quietly	732	# if crypt_silent=1 and some error occurs, enter shell quietly
Lines 791-804 Link Here
791	umount -n ${mntkey} 2>/dev/null >/dev/null	806	umount -n ${mntkey} 2>/dev/null >/dev/null
792	KEY_ERROR=1	807	KEY_ERROR=1
793	KEYDEV_ERROR=1	808	KEYDEV_ERROR=1
794	bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}	809	bad_msg "Key ${LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
795	continue	810	continue
796	fi	811	fi
797	fi	812	fi
798	fi	813	fi
799	# At this point a candidate key exists (either mounted before or not)	814	# At this point a candidate key exists (either mounted before or not)
800	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}	815	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
801	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"	816	# Is gpg encrypted?
		817	if [ "${LUKS_KEY_PLAIN}" != "${LUKS_KEY}" ] ; then
		818	if [ ! -e "${LUKS_KEY_TMP}" ] ; then
		819	gpg --homedir /.gpg -o "${LUKS_KEY_TMP}" "${mntkey}${LUKS_KEY}"
		820	if [ ! -e "${LUKS_KEY_TMP}" ] ; then
		821	KEY_ERROR=1
		822	bad_msg "Unable to decrypt ${LUKS_KEY}" ${CRYPT_SILENT}
		823	continue
		824	fi
		825	fi
		826	cryptsetup_options="-d ${LUKS_KEY_TMP}"
		827	else
		828	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
		829	fi
802	fi	830	fi
803	# At this point, keyfile or not, we're ready!	831	# At this point, keyfile or not, we're ready!
804	crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"	832	crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
Lines 817-822 Link Here
817	done	845	done
818	umount ${mntkey} 2>/dev/null >/dev/null	846	umount ${mntkey} 2>/dev/null >/dev/null
819	rmdir -p ${mntkey} 2>/dev/null >/dev/null	847	rmdir -p ${mntkey} 2>/dev/null >/dev/null
		848	if [ ${DEV_ERROR} != 0 ] \|\| [ ${KEY_ERROR} != 0 ] \|\| [ ${KEYDEV_ERROR} != 0 ] ; then
		849	for i in /temp/key-* ; do
		850	wipeFile "${i}"
		851	done
		852	fi
820	}	853	}
821		854
822	startLUKS() {	855	startLUKS() {
Lines 849-854 Link Here
849	REAL_RESUME="/dev/mapper/swap"	882	REAL_RESUME="/dev/mapper/swap"
850	fi	883	fi
851	fi	884	fi
		885
		886	# wipe decrypted key files
		887	for i in /temp/key-* ; do
		888	wipeFile "${i}"
		889	done
852	}	890	}
853		891
854	sdelay() {	892	sdelay() {