Attachment #767170 for bug #493690




	# cryptsetup:
	# open   <device> <name>      # <device> is $source
	# create <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}" arg_header=""
	if cryptsetup isLuks ${source} 2>/dev/null ; then
		arg1="open"
		arg2="${source}"
		arg3="${target}"
		if [ -n "${luks_header}" ] ; then
			if [ ! -e "${luks_header}" ] ; then
				ewarn "${source} will not be decrypted ..."
				einfo "Reason: header file ${luks_header} does not exist."
				return
			else
				arg_header="--header ${luks_header}"
			fi
		fi
	fi

	# Older versions reported:

	else
		mode=none
	fi
	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}"
	if [ "${mode}" = "gpg" ] ; then
		: ${gpg_options:='-q -d'}
		# gpg available ?

				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
				# save stdin stdout stderr "values"
				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
				ret=$?
				# The timeout command exits 124 when it times out.
				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break

		fi
	else
		if [ "${mode}" = "reg" ] ; then
			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header}
			ret=$?
			eend ${ret} "failure running cryptsetup"
		else
			cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
			ret=$?
			eend ${ret} "failure running cryptsetup"
		fi

			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
			;;

		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|luks_header=*)
			if [ -z "${target}${swap}" ] ; then
				ewarn "Ignoring setting outside target/swap section: ${targetline}"
				continue

Return to bug 493690

Lines 81-91 Link Here

(-)files/2.4.0-dmcrypt.rc (-6 / +15 lines)
81	# cryptsetup:	81	# cryptsetup:
82	# open <device> <name> # <device> is $source	82	# open <device> <name> # <device> is $source
83	# create <name> <device> # <name> is $target	83	# create <name> <device> # <name> is $target
84	local arg1="create" arg2="${target}" arg3="${source}"	84	local arg1="create" arg2="${target}" arg3="${source}" arg_header=""
85	if cryptsetup isLuks ${source} 2>/dev/null ; then	85	if cryptsetup isLuks ${source} 2>/dev/null ; then
86	arg1="open"	86	arg1="open"
87	arg2="${source}"	87	arg2="${source}"
88	arg3="${target}"	88	arg3="${target}"
		89	if [ -n "${luks_header}" ] ; then
		90	if [ ! -e "${luks_header}" ] ; then
		91	ewarn "${source} will not be decrypted ..."
		92	einfo "Reason: header file ${luks_header} does not exist."
		93	return
		94	else
		95	arg_header="--header ${luks_header}"
		96	fi
		97	fi
89	fi	98	fi
90		99
91	# Older versions reported:	100	# Older versions reported:
Lines 182-188 Link Here
182	else	191	else
183	mode=none	192	mode=none
184	fi	193	fi
185	ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"	194	ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}"
186	if [ "${mode}" = "gpg" ] ; then	195	if [ "${mode}" = "gpg" ] ; then
187	: ${gpg_options:='-q -d'}	196	: ${gpg_options:='-q -d'}
188	# gpg available ?	197	# gpg available ?
Lines 192-198 Link Here
192	# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.	201	# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
193	# save stdin stdout stderr "values"	202	# save stdin stdout stderr "values"
194	timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null \| \	203	timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null \| \
195	cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}	204	cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
196	ret=$?	205	ret=$?
197	# The timeout command exits 124 when it times out.	206	# The timeout command exits 124 when it times out.
198	[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break	207	[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
Lines 207-217 Link Here
207	fi	216	fi
208	else	217	else
209	if [ "${mode}" = "reg" ] ; then	218	if [ "${mode}" = "reg" ] ; then
210	cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}	219	cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header}
211	ret=$?	220	ret=$?
212	eend ${ret} "failure running cryptsetup"	221	eend ${ret} "failure running cryptsetup"
213	else	222	else
214	cryptsetup ${options} ${arg1} ${arg2} ${arg3}	223	cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
215	ret=$?	224	ret=$?
216	eend ${ret} "failure running cryptsetup"	225	eend ${ret} "failure running cryptsetup"
217	fi	226	fi
Lines 280-286 Link Here
280	unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait	289	unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
281	;;	290	;;
282		291
283	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|wait=\|source=*)	292	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|wait=\|source=\|luks_header=)
284	if [ -z "${target}${swap}" ] ; then	293	if [ -z "${target}${swap}" ] ; then
285	ewarn "Ignoring setting outside target/swap section: ${targetline}"	294	ewarn "Ignoring setting outside target/swap section: ${targetline}"
286	continue	295	continue