Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 128927 Details for
Bug 162962
genkernel: feed LUKS with key from removable device (linuxrc patch)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
genkernel_key_09.patch
genkernel_key_09.patch (text/plain), 23.85 KB, created by
Nelson
on 2007-08-23 07:33:16 UTC
(
hide
)
Description:
genkernel_key_09.patch
Filename:
MIME Type:
Creator:
Nelson
Created:
2007-08-23 07:33:16 UTC
Size:
23.85 KB
patch
obsolete
>Index: genkernel/trunk/genkernel.8 >=================================================================== >--- genkernel/trunk/genkernel.8 (revision 524) >+++ genkernel/trunk/genkernel.8 (working copy) >@@ -266,6 +266,26 @@ > This specifies the device encrypted by Luks, which contains the root > filesystem to mount. > .TP >+\fBcrypt_swap=\fR<...> >+This specifies the swap device encrypted by Luks. >+.TP >+\fBroot_key=\fR<...> >+In case your root is encrypted with a key, you can use a device like a usb pen to store the key. >+This value should be the key path relative to the mount point. >+.TP >+\fBroot_keydev=\fR<...> >+If necessary provide the name of the device that carries the root_key. >+If unset while using root_key, it will automatically look for the device in every boot. >+.TP >+\fBswap_key=\fR<...> >+Same as root_key for swap. >+.TP >+\fBswap_keydev=\fR<...> >+Same as root_keydev for swap. >+.TP >+\fBcrypt_silent\fR >+Set this to silent all the output related to the cryptographic software, and in case your encrypted device isn't open with the key, it opens a shell in the initrd quietly. >+.TP > \fBdodmraid=\fR<...> > Passes arguments to dmraid on bootup. > .TP >Index: genkernel/trunk/generic/initrd.scripts >=================================================================== >--- genkernel/trunk/generic/initrd.scripts (revision 524) >+++ genkernel/trunk/generic/initrd.scripts (working copy) >@@ -37,9 +37,9 @@ > > modules_scan() { > local MODS >- [ -d /etc/modules/${1} ] || touch /etc/modules/${1} >+ [ -d "/etc/modules/${1}" ] || touch /etc/modules/${1} > >- [ -f /etc/modules/${1} ] && MODS=`cat /etc/modules/${1}` >+ [ -f "/etc/modules/${1}" ] && MODS=`cat /etc/modules/${1}` > for x in ${MODS} > do > MLOAD=`echo ${MLIST} | sed -e "s/.*${x}.*/${x}/"` >@@ -63,83 +63,97 @@ > done > } > >-findcdmount() { >+uppercase(){ >+ # needs tr on busybox >+ echo $1 | tr 'a-z' 'A-Z' >+} >+ >+ >+findmediamount() { >+ # $1 = mount dir name / media name >+ # $2 = recognition file >+ # $3 = variable to have the device path >+ # $4 = directory before /mnt, like NEW_ROOT >+ # args remaining are possible devices >+ >+ local media=$1 recon=$2 vrbl=$3 >+ local mntdir="${4}/mnt/${media}" >+ shift 4 >+ >+ good_msg "Looking for the ${media}" ${CRYPT_SILENT} >+ > if [ "$#" -gt "0" ] > then >+ >+ [ ! -d "${mntdir}" ] && mkdir -p ${mntdir} 2>/dev/null >/dev/null >+ > for x in $* > do > # Check for a block device to mount > if [ -b "${x}" ] > then >- good_msg "Attempting to mount media:- ${x}" >- if [ -z "${CDROOT_DEV}" ] >- then >- mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom \ >- > /dev/null 2>&1 >+ good_msg "Attempting to mount media:- ${x}" ${CRYPT_SILENT} >+ >+ if [ -n "${CDROOT_DEV}" -a \( ${media}="cdrom" \) ]; then >+ mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom >/dev/null 2>&1 > else >- mount -r -t iso9660 ${x} ${NEW_ROOT}/mnt/cdrom \ >- > /dev/null 2>&1 >- fi >+ mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1 >+ fi > if [ "$?" = '0' ] > then >- # Check for a LiveCD >- if [ -f ${NEW_ROOT}/mnt/cdrom/${SUBDIR}/livecd ] >+ # Check for the media >+ if [ -f "${mntdir}/${recon}" ] > then >- REAL_ROOT="${x}" >+ #set REAL_ROOT, CRYPT_ROOT_KEYDEV or whatever ${vrbl} is >+ eval ${vrbl}'='"${x}" >+ good_msg "Media found on ${x}" ${CRYPT_SILENT} > break > else >- umount ${NEW_ROOT}/mnt/cdrom >+ umount ${mntdir} > fi > fi > fi > done >- if [ "${REAL_ROOT}" != '' ] >- then >- good_msg "Media found on ${x}" >- fi > fi >+ >+ eval local result='$'${vrbl} >+ >+ [ -n "${result}" ] || bad_msg "Media not found" ${CRYPT_SILENT} > } > >-findkeymount() { >- if [ "$#" -gt "0" ] >- then >- for x in $* >- do >- # Check for a block device to mount >- if [ -b "${x}" ] >- then >- if [ ${crypt_silent} = '' ] >- then >- good_msg "Attempting to mount key media:- ${x}" >- fi >+devicelist(){ >+ # Locate the cdrom device with our media on it. >+ # CDROM DEVICES >+ local DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*" >+ # USB Keychain/Storage >+ DEVICES="$DEVICES /dev/sd*" >+ # IDE devices >+ DEVICES="$DEVICES /dev/hd*" >+ # USB using the USB Block Driver >+ DEVICES="$DEVICES /dev/ubd* /dev/ubd/*" >+ # iSeries devices >+ DEVICES="$DEVICES /dev/iseries/vcd*" >+ echo ${DEVICES} >+} > >- mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \ >- > /dev/null 2>&1 >- if [ "$?" = '0' ] >- then >- # Check for the key >- if [ -e ${NEW_ROOT}/mnt/keydev/${LUKS_ROOT_KEY} ] >- then >- LUKS_ROOT_KEYDEV="${x}" >- umount ${NEW_ROOT}/mnt/keydev >- break >- else >- umount ${NEW_ROOT}/mnt/keydev >- fi >- fi >- fi >- done >- if [ "${LUKS_ROOT_KEYDEV}" != '' ] >- then >- if [ ${crypt_silent} = '' ] >- then >- good_msg "Key media found on ${x}" >- fi >- fi >- fi >+bootstrapCD() { >+ >+ local DEVICES=`devicelist` >+ # The device was specified on the command line. Shold we even be doing a >+ # scan at this point? I think not. >+ [ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}" >+ >+ findmediamount "cdrom" "${SUBDIR}/livecd" "REAL_ROOT" "${NEW_ROOT}" ${DEVICES} > } > >+bootstrapKey() { >+ # $1 = ROOT/SWAP >+ local KEYDEVS=`devicelist` >+ eval local keyloc='"${CRYPT_'${1}'_KEY}"' > >+ findmediamount "key" "${keyloc}" "CRYPT_${1}_KEYDEV" "" ${KEYDEVS} >+} >+ > cache_cd_contents() { > # Check loop file exists and cache to ramdisk if DO_cache is enabled > if [ "${LOOPTYPE}" != "noloop" ] && [ "${LOOPTYPE}" != "sgimips" ] >@@ -328,25 +342,75 @@ > fi > } > >-good_msg() { >+ >+# msg functions arguments >+# $1 string >+# $2 hide flag >+ >+good_msg() { > msg_string=$1 > msg_string="${msg_string:-...}" >- echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}" >+ [ "$2" != 1 ] && echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}" > } > > bad_msg() { > msg_string=$1 > msg_string="${msg_string:-...}" >- splash 'verbose' > /dev/null & >- echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}" >+ if [ "$2" != 1 ] >+ then >+ splash 'verbose' > /dev/null & >+ echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}" >+ fi > } > > warn_msg() { > msg_string=$1 > msg_string="${msg_string:-...}" >- echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}" >-} >+ [ "$2" != 1 ] && echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}" >+} > >+crypt_filter() { >+ if [ ${CRYPT_SILENT} -eq 1 ] >+ then >+ eval $1 >/dev/null 2>/dev/null >+ else >+ eval $1 >+ fi >+} >+ >+whereis(){ >+ # $1 = variable whose value is the path (examples: "REAL_ROOT", "LUKS_KEYDEV") >+ # $2 = label >+ # $3 = optional explanations for failure >+ >+ eval local oldvalue='$'${1} >+ >+ [ \( $# != 2 \) -a \( $# != 3 \) ] && \ >+ bad_msg "Bad invocation of function whereis, please file a bug \ >+ report with this message" && exit 1 >+ [ -n "${3}" ] && local explnt=" or : ${3}" || local explnt="." >+ >+ bad_msg "Could not find the ${2} in ${oldvalue}${explnt}" >+ echo ' Please specify another value or: press Enter for the same, type "shell" for a shell, or "q" to skip...' >+ echo -n "${2}(${oldvalue}) :: " >+ read ${1} >+ case `eval echo '$'${1}` in >+ 'q') >+ eval ${1}'='${oldvalue} >+ warn_msg "Skipping step, this will likely cause a boot failure." >+ break >+ ;; >+ 'shell') >+ eval ${1}'='${oldvalue} >+ echo "To leave and try again just press <Ctrl>+D" >+ run_shell >+ ;; >+ '') >+ eval ${1}'='${oldvalue} >+ ;; >+ esac >+} >+ > bind_mount_dev() { > # bind-mount /dev/ so that loop devices can be found > mount -o bind ${NEW_ROOT}/dev /dev >@@ -354,14 +418,14 @@ > > start_dev_mgr() { > # Check udev is available... >- if [ "${KV_2_6_OR_GREATER}" -a ! "${USE_UDEV_NORMAL}" -eq '0' ] >+ if [ "${KV_2_6_OR_GREATER}" -a "${USE_UDEV_NORMAL}" != '0' ] > then > USE_UDEV_NORMAL=1 > else > USE_UDEV_NORMAL=0 > fi > >- if [ "${USE_UDEV_NORMAL}" -eq '1' ] >+ if [ "${USE_UDEV_NORMAL}" = '1' ] > then > cd /sys > [ "${DO_slowusb}" ] && sleep 10 >@@ -378,42 +442,6 @@ > fi > } > >-bootstrapCD() { >- # Locate the cdrom device with our media on it. >- # CDROM DEVICES >- DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*" >- # USB Keychain/Storage >- DEVICES="$DEVICES /dev/sd*" >- # IDE devices >- DEVICES="$DEVICES /dev/hd*" >- # USB using the USB Block Driver >- DEVICES="$DEVICES /dev/ubd* /dev/ubd/*" >- # iSeries devices >- DEVICES="$DEVICES /dev/iseries/vcd*" >- # The device was specified on the command line. Shold we even be doing a >- # scan at this point? I think not. >- [ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}" >- >- findcdmount $DEVICES >-} >- >-bootstrapKey() { >- # Locate the device with our key on it. >- # USB Keychain/Storage >- KEYDEVS="/dev/sd*" >- # CDROM DEVICES >- KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*" >- # IDE devices >- KEYDEVS="${KEYDEVS} /dev/hd*" >- # USB using the USB Block Driver >- KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*" >- # iSeries devices >- KEYDEVS="${KEYDEVs} /dev/iseries/vcd*" >- >- findkeymount ${KEYDEVS} >-} >- >- > cmdline_hwopts() { > # Scan CMDLINE for any "doscsi" or "noscsi"-type arguments > >@@ -510,7 +538,7 @@ > > chooseKeymap > >- [ "${DEVBIND}" -eq '1' ] && umount /dev >+ [ "${DEVBIND}" = '1' ] && umount /dev > > if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ] > then >@@ -602,7 +630,7 @@ > ln -sf /dev/device-mapper /dev/mapper/control > fi > >- if [ "${USE_DMRAID_NORMAL}" -eq '1' ] >+ if [ "${USE_DMRAID_NORMAL}" = '1' ] > then > if [ -e '/sbin/dmraid' ] > then >@@ -616,7 +644,7 @@ > fi > fi > >- if [ "${USE_LVM2_NORMAL}" -eq '1' ] >+ if [ "${USE_LVM2_NORMAL}" = '1' ] > then > if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ] > then >@@ -631,7 +659,7 @@ > /bin/vgchange -ay --ignorelockingfailure 2>/dev/null > > # Disable EVMS since lvm2 is activated and they dont work together. >- if [ "${USE_EVMS2_NORMAL}" -eq '1' ] >+ if [ "${USE_EVMS2_NORMAL}" = '1' ] > then > bad_msg "Disabling EVMS Support because LVM2 started" > bad_msg "Do not add dolvm2 to the cmdline if this is not what you want" >@@ -643,7 +671,7 @@ > fi > fi > >- if [ "${USE_EVMS2_NORMAL}" -eq '1' ] >+ if [ "${USE_EVMS2_NORMAL}" = '1' ] > then > if [ -e '/sbin/evms_activate' ] > then >@@ -654,60 +682,142 @@ > } > > # Open a LUKS device >-# $1 LUKS device >-# $2 LUKS name >+# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks >+# $1 - root/swap > openLUKS() { >- LUKS_DEVICE="$1" >- LUKS_NAME="$2" >- if [ -e /sbin/cryptsetup ] >- then >- while [ 1 ] >- do >- if [ "${LUKS_DEVICE}" = '' ] >+ # please use 'tr' and this line, or remove it >+ # eval local TYPE=`uppercase $1` >+ >+ case $1 in >+ root) >+ local TYPE=ROOT >+ ;; >+ swap) >+ local TYPE=SWAP >+ ;; >+ esac >+ >+ eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' >+ local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 >+ local mntkey="/mnt/key/" cryptsetup_options='' >+ >+ [ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1 >+ while [ 1 ] >+ do >+ # if crypt_silent=1 and some error occurs, enter shell quietly >+ if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ] >+ then >+ run_shell >+ elif [ ${DEV_ERROR} -eq 1 ] >+ then >+ whereis "LUKS_DEVICE" "${LUKS_NAME}" >+ DEV_ERROR=0 >+ elif [ ${KEY_ERROR} -eq 1 ] >+ then >+ whereis "LUKS_KEY" "${LUKS_NAME} key" >+ KEY_ERROR=0 >+ elif [ ${KEYDEV_ERROR} -eq 1 ] >+ then >+ whereis "LUKS_KEYDEV" "${LUKS_NAME} key device" >+ KEYDEV_ERROR=0 >+ else >+ setup_md_device ${LUKS_DEVICE} >+ cryptsetup isLuks ${LUKS_DEVICE} >+ if [ ! "$?" -eq '0' ] > then >- # LUKS device could not be opened. Prompt user for device. >- bad_msg "The LUKS ${LUKS_NAME} block device is not detected." >- echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..." >- echo -n "LUKS ${LUKS_NAME}() :: " >- read LUKS_DEVICE >+ bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT} >+ DEV_ERROR=1 > continue >- elif [ "${LUKS_DEVICE}" = 'shell' ] >- then >- run_shell >- >- LUKS_DEVICE='' >- continue >- elif [ "${LUKS_DEVICE}" = 'q' ] >- then >- break > else >- setup_md_device ${LUKS_DEVICE} >- if cryptsetup isLuks ${LUKS_DEVICE} >+ # Handle keys >+ if [ -n "${LUKS_KEY}" ] > then >- good_msg "Opening LUKS device ${LUKS_DEVICE}" >- >- cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME} >- if [ ! "$?" -eq '0' ] >+ if [ ! -e "${mntkey}${LUKS_KEY}" ] > then >- bad_msg "Failed open LUKS device ${LUKS_DEVICE}" >- else >- break >+ if [ -b "${LUKS_KEYDEV}" ] >+ then good_msg "Using key device ${LUKS_KEYDEV}." ${CRYPT_SILENT} >+ else >+ good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT} >+ # abort after 10 secs >+ local count=10 >+ while [ ${count} -gt 0 ] >+ do >+ count=$((count-1)) >+ sleep 1 >+ if [ -b "${LUKS_KEYDEV}" ] >+ then >+ good_msg "Removable device ${LUKS_KEYDEV} detected." ${CRYPT_SILENT} >+ break >+ fi >+ done >+ if [ ! -b "${LUKS_KEYDEV}" ] >+ then >+ eval CRYPT_${TYPE}_KEY=${LUKS_KEY} >+ bootstrapKey ${TYPE} >+ eval LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' >+ if [ ! -b "${LUKS_KEYDEV}" ]; then >+ KEYDEV_ERROR=1 >+ bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} >+ continue >+ fi >+ # continue otherwise will mount keydev which is mounted by bootstrap >+ continue >+ fi >+ fi >+ # At this point a device was recognized, now let's see if the key is there >+ [ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null >+ >+ mount -n -o ro ${LUKS_KEYDEV} ${mntkey} >/dev/null 2>/dev/null >+ if [ "$?" != '0' ] >+ then >+ KEYDEV_ERROR=1 >+ bad_msg "Mounting of device ${LUKS_KEYDEV} failed." ${CRYPT_SILENT} >+ continue >+ else >+ good_msg "Removable device ${LUKS_KEYDEV} mounted." ${CRYPT_SILENT} >+ sleep 2 >+ # keyfile exists? >+ if [ ! -e "${mntkey}${LUKS_KEY}" ]; then >+ umount -n ${mntkey} 2>/dev/null >/dev/null >+ KEY_ERROR=1 >+ KEYDEV_ERROR=1 >+ bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} >+ continue >+ fi >+ fi > fi >+ # At this point a candidate key exists (either mounted before or not) >+ good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT} >+ cryptsetup_options="-d ${mntkey}${LUKS_KEY}" >+ fi >+ # At this point, keyfile or not, we're ready! >+ crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" >+ if [ $? -eq 0 ] >+ then >+ good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} >+ break > else >- bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" >+ bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} >+ DEV_ERROR=1 >+ KEY_ERROR=1 >+ KEYDEV_ERROR=1 > fi > fi >- LUKS_DEVICE='' >- done >- else >- bad_msg "The initrd does not support LUKS" >- fi >+ fi >+ done >+ umount ${mntkey} 2>/dev/null >/dev/null >+ rmdir -p ${mntkey} 2>/dev/null >/dev/null > } > > startLUKS() { >- if [ -n "${LUKS_ROOT}" ] >- then >- openLUKS "${LUKS_ROOT}" "root" >+ >+ # if key is set but key device isn't, find it >+ >+ [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \ >+ && sleep 6 && bootstrapKey "ROOT" >+ >+ if [ -n "${CRYPT_ROOT}" ]; then >+ openLUKS "root" > if [ -n "${REAL_ROOT}" ] > then > # Rescan volumes >@@ -716,10 +826,18 @@ > REAL_ROOT="/dev/mapper/root" > fi > fi >- if [ -n "${LUKS_SWAP}" ] >- then >- openLUKS "${LUKS_SWAP}" "swap" >- break >+ >+ # same for swap, but no need to sleep if root was unencrypted >+ [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \ >+ && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; } >+ >+ if [ -n "${CRYPT_SWAP}" ]; then >+ openLUKS "swap" >+ if [ -z "${REAL_RESUME}" ] >+ then >+ # Resume from swap as default >+ REAL_RESUME="/dev/mapper/swap" >+ fi > fi > } > >@@ -746,7 +864,7 @@ > > > cdupdate() { >- if [ "${CDROOT}" -eq '1' ] >+ if [ "${CDROOT}" = '1' ] > then > if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ] > then >@@ -792,7 +910,7 @@ > } > > setup_unionfs() { >- if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] >+ if [ "${USE_UNIONFS_NORMAL}" = '1' ] > then > # Directory used for rw changes in union mount filesystem > UNION=/union >@@ -847,6 +965,15 @@ > fi > } > >+ >+swsusp_resume() { >+### determine swap resume partition >+ local device=$(ls -l "${REAL_RESUME}" | sed 's/\ */ /g' | cut -d \ -f 6-7 | sed 's/,\ */:/') >+ [ -f /sys/power/resume ] && echo "${device}" > /sys/power/resume >+ return 0 >+} >+ >+ > suspend_resume() { > [ -x /sbin/resume ] || return 0 > /sbin/resume >Index: genkernel/trunk/generic/linuxrc >=================================================================== >--- genkernel/trunk/generic/linuxrc (revision 524) >+++ genkernel/trunk/generic/linuxrc (working copy) >@@ -1,5 +1,5 @@ > #!/bin/sh >-# Copyright 2003-2006 Gentoo Foundation >+# Copyright 2003-2007 Gentoo Foundation > # Distributed under the terms of the GNU General Public License v2 > > . /etc/initrd.defaults >@@ -46,6 +46,7 @@ > REAL_ROOT='' > FAKE_ROOT='' > REAL_ROOTFLAGS='' >+CRYPT_SILENT=0 > for x in ${CMDLINE} > do > case "${x}" in >@@ -174,14 +175,32 @@ > NFSROOT=`parse_opt "${x}"` > ;; > crypt_root\=*) >- LUKS_ROOT=`parse_opt "${x}"` >+ CRYPT_ROOT=`parse_opt "${x}"` > ;; > crypt_swap\=*) >- LUKS_SWAP=`parse_opt "${x}"` >+ CRYPT_SWAP=`parse_opt "${x}"` > ;; >- crypt_silent\=*) >- LUKS_SILENT=`parse_opt "${x}"` >+ root_key\=*) >+ CRYPT_ROOT_KEY=`parse_opt "${x}"` > ;; >+ root_keydev\=*) >+ CRYPT_ROOT_KEYDEV=`parse_opt "${x}"` >+ ;; >+ swap_key\=*) >+ CRYPT_SWAP_KEY=`parse_opt "${x}"` >+ ;; >+ swap_keydev\=*) >+ CRYPT_SWAP_KEYDEV=`parse_opt "${x}"` >+ ;; >+ real_resume\=*) >+ REAL_RESUME=`parse_opt "${x}"` >+ ;; >+ noresume) >+ NORESUME=1 >+ ;; >+ crypt_silent) >+ CRYPT_SILENT=1 >+ ;; > real_rootflags\=*) > REAL_ROOTFLAGS=`parse_opt "${x}"` > ;; >@@ -203,7 +222,7 @@ > then > good_msg 'Loading modules' > # Load appropriate kernel modules >- if [ "${NODETECT}" -ne '1' ] >+ if [ "${NODETECT}" != '1' ] > then > for modules in $MY_HWOPTS > do >@@ -237,7 +256,7 @@ > startVolumes > > # Initialize LUKS root device except for livecd's >-if [ "${CDROOT}" -ne '1' ] >+if [ "${CDROOT}" != 1 ] > then > startLUKS > fi >@@ -246,7 +265,7 @@ > mkdir -p ${NEW_ROOT} > setup_unionfs > >-if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] >+if [ "${USE_UNIONFS_NORMAL}" = '1' ] > then > CHROOT=${UNION} > else >@@ -256,18 +275,22 @@ > # Run debug shell if requested > rundebugshell > >-suspend_resume >-suspend2_resume >+if [ "${NORESUME}" != '1' ] >+then >+ swsusp_resume >+ suspend_resume >+ suspend2_resume >+fi > >-if [ "${CDROOT}" -eq '1' ] >+if [ "${CDROOT}" = '1' ] > then >- if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ] >+ if [ "${USE_UNIONFS_NORMAL}" != '1' ] > then > good_msg "Making tmpfs for ${NEW_ROOT}" > mount -t tmpfs tmpfs ${NEW_ROOT} > fi > >- for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys >+ for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys > do > mkdir -p ${NEW_ROOT}/$i > chmod 755 ${NEW_ROOT}/$i >@@ -358,31 +381,17 @@ > good_msg "Detected real_root=${ROOT_DEV}" > REAL_ROOT="${ROOT_DEV}" > else >- bad_msg "Could not find root block device: ${REAL_ROOT}" >- echo ' Please specify a device to boot, or "shell" for a shell...' >- echo -n 'boot() :: ' >- read REAL_ROOT >+ whereis "REAL_ROOT" "root block device" > got_good_root=0 > continue > fi > ;; > esac > >- if [ "${REAL_ROOT}" = 'shell' ] >+ if [ "${REAL_ROOT}" = '' ] > then >- run_shell >- >- REAL_ROOT='' >- got_good_root=0 >- continue >- >- elif [ "${REAL_ROOT}" = '' ] >- then > # No REAL_ROOT determined/specified. Prompt user for root block device. >- bad_msg "The root block device is unspecified or not detected." >- echo ' Please specify a device to boot, or "shell" for a shell...' >- echo -n 'boot() :: ' >- read REAL_ROOT >+ whereis "REAL_ROOT" "root block device" > got_good_root=0 > > # Check for a block device or /dev/nfs >@@ -398,7 +407,7 @@ > done > > >- if [ "${CDROOT}" -eq '1' -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ] >+ if [ "${CDROOT}" = 1 -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ] > then > # CD already mounted; no further checks necessary > break >@@ -442,7 +451,7 @@ > > #verbose_kmsg > >-# If cdroot is set determine the looptype to boot >+# If cd root is set determine the looptype to boot > if [ "${CDROOT}" = '1' ] > then > good_msg 'Determining looptype ...' >@@ -496,28 +505,19 @@ > fi > > cache_cd_contents >- > > # If encrypted, find key and mount, otherwise mount as usual >- if [ "${LUKS_ROOT}" != '' ] >+ if [ -n "${CRYPT_ROOT}" ] > then >- if [ "${LUKS_SILENT}" = '' ] >- then >- good_msg 'You booted an encrypted livecd' >- fi >+ good_msg 'You booted an encrypted livecd' ${CRYPT_SILENT} > >- LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd) >- >- if [ "${LUKS_ROOT_KEY}" ] >- then >- bootstrapKey >- fi >+ CRYPT_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd) > > losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} > > test_success 'Preparing loop filesystem' > >- LUKS_ROOT='/dev/loop0' >+ CRYPT_ROOT='/dev/loop0' > > startLUKS > >@@ -602,7 +602,7 @@ > # End cdrom looptype determination and mounting if necessary > # > >- if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] >+ if [ "${USE_UNIONFS_NORMAL}" = '1' ] > then > union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION} > >@@ -628,7 +628,7 @@ > fi > > >- if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ] >+ if [ "${USE_UNIONFS_NORMAL}" != '1' ] > then > good_msg "Copying read-write image contents to tmpfs" > # Copy over stuff that should be writable >@@ -696,7 +696,7 @@ > sleep 10 > fi > else >- if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] >+ if [ "${USE_UNIONFS_NORMAL}" = '1' ] > then > union_insert_dir ${UNION} ${NEW_ROOT} > mkdir -p ${UNION}/tmp/.initrd >@@ -718,7 +718,7 @@ > # init scripts will be able to unmount it properly at next reboot > # > # Eventually, all "unions over /" mounts should go in that /.unions/ >-if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] >+if [ "${USE_UNIONFS_NORMAL}" = '1' ] > then > mkdir -p /${CHROOT}/.unions/memory 2>/dev/null > mount -o move /memory /${CHROOT}/.unions/memory || echo '*: Failed to move unionfs /memory into the system root!' >@@ -738,12 +738,12 @@ > fi > echo -n '.' > >- if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" -eq '1' -a "${CDROOT}" -eq '0' ] >+ if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" = '1' -a "${CDROOT}" = 0 ] > then > umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!' > mount -n --move /tmp/.initrd/dev dev || echo '*: Failed to move over the /dev tree!' > rm -rf /tmp/.initrd/dev || echo '*: Failed to remove the initrd /dev!' >- elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" -eq '1' ] >+ elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" = '1' ] > then > /tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd > /tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin >@@ -753,7 +753,7 @@ > umount /tmp/.initrd/dev || echo '*: Failed to unmount the initrd /dev!' > umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!' > umount /tmp/.initrd/sys || echo '*: Failed to unmount the initrd /sys!' >- elif /tmp/.initrd/bin/[ "${CDROOT}" -eq '1' ] >+ elif /tmp/.initrd/bin/[ "${CDROOT}" -eq 1 ] > then > umount /tmp/.initrd/proc || echo "*: Failed to unmount the initrd /proc!" > umount /dev 2>/dev/null
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=128927">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 162962
:
107569
|
113106
|
127069
|
127219
|
128509
|
128608
| 128927 |
139541
|
139545
