Attachment 767898 Details for Bug 493690 – updated patch for 2.4.0-dmcrypt.rc

[patch] updated patch for 2.4.0-dmcrypt.rc

2.4.0-dmcrypt.rc.patch (text/plain), 5.36 KB, created by Stephen Kirkby on 2022-03-26 16:59:50 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stephen Kirkby

Created: 2022-03-26 16:59:50 UTC

Size: 5.36 KB

patch

obsolete

>--- 2.4.0-dmcrypt.rc	2021-08-19 10:09:50.000000000 +0100
>+++ /etc/init.d/dmcrypt	2022-03-26 16:16:18.725133733 +0000
>@@ -78,14 +78,84 @@
> 		losetup ${source} ${loop_file}
> 	fi
> 
>+	read_abort() {
>+		# some colors
>+		local ans savetty resettty
>+		[ -z "${NORMAL}" ] && eval $(eval_ecolors)
>+		einfon "  $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
>+		shift
>+		# This is ugly as s**t.  But POSIX doesn't provide `read -t`, so
>+		# we end up having to implement our own crap with stty/etc...
>+		savetty=$(stty -g)
>+		resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
>+		trap 'eval "${resettty}"' EXIT HUP INT TERM
>+		stty -icanon
>+		stty min 0 time "$(( $2 * 10 ))"
>+		ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
>+		eval "${resettty}"
>+		if [ -z "${ans}" ] ; then
>+			printf '\r'
>+		else
>+			echo
>+		fi
>+		case ${ans} in
>+			[yY]) return 0;;
>+			*) return 1;;
>+		esac
>+	}
>+
> 	# cryptsetup:
> 	# open   <device> <name>      # <device> is $source
> 	# create <name>   <device>    # <name>   is $target
>-	local arg1="create" arg2="${target}" arg3="${source}"
>-	if cryptsetup isLuks ${source} 2>/dev/null ; then
>+	local arg1="create" arg2="${target}" arg3="${source}" arg_header=""
>+	if [ cryptsetup isLuks ${source} 2>/dev/null ] || [ -n "${luks_header}" ] ; then
> 		arg1="open"
> 		arg2="${source}"
> 		arg3="${target}"
>+		if [ -n "${luks_header}" ] ; then
>+			# handle header on removable device
>+			if [ -n "${remdev}" ] ; then
>+				# temp directory to mount removable device
>+				local mntrem="${RC_SVCDIR}/dm-crypt-remdev-header.$$"
>+				if [ ! -d "${mntrem}" ] ; then
>+					if ! mkdir -p "${mntrem}" ; then
>+						ewarn "${source} will not be decrypted ..."
>+						einfo "Reason: Unable to create temporary mount point '${mntrem}'"
>+						return
>+					fi
>+				fi
>+				i=0
>+				einfo "Please insert removable device for ${target}"
>+				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
>+					foo=""
>+					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
>+						# header exists?
>+						if [ ! -e "${mntrem}${luks_header}" ] ; then
>+							umount -n "${mntrem}"
>+							rmdir "${mntrem}"
>+							einfo "Cannot find ${luks_header} on removable media."
>+							read_abort "Abort" ${dmcrypt_key_timeout} && return
>+						else
>+							luks_header="${mntrem}${luks_header}"
>+							break
>+						fi
>+					else
>+						[ -e "${remdev}" ] \
>+							&& foo="mount failed" \
>+							|| foo="mount source not found"
>+					fi
>+					: $((i += 1))
>+					read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
>+				done
>+			else    # header ! on removable device
>+				if [ ! -e "${luks_header}" ] ; then
>+					ewarn "${source} will not be decrypted ..."
>+					einfo "Reason: header file ${luks_header} does not exist."
>+					return
>+				fi
>+			fi
>+			arg_header="--header ${luks_header}"
>+		fi
> 	fi
> 
> 	# Older versions reported:
>@@ -100,32 +170,6 @@
> 
> 	# Handle keys
> 	if [ -n "${key}" ] ; then
>-		read_abort() {
>-			# some colors
>-			local ans savetty resettty
>-			[ -z "${NORMAL}" ] && eval $(eval_ecolors)
>-			einfon "  $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
>-			shift
>-			# This is ugly as s**t.  But POSIX doesn't provide `read -t`, so
>-			# we end up having to implement our own crap with stty/etc...
>-			savetty=$(stty -g)
>-			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
>-			trap 'eval "${resettty}"' EXIT HUP INT TERM
>-			stty -icanon
>-			stty min 0 time "$(( $2 * 10 ))"
>-			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
>-			eval "${resettty}"
>-			if [ -z "${ans}" ] ; then
>-				printf '\r'
>-			else
>-				echo
>-			fi
>-			case ${ans} in
>-				[yY]) return 0;;
>-				*) return 1;;
>-			esac
>-		}
>-
> 		# Notes: sed not used to avoid case where /usr partition is encrypted.
> 		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
> 		key=${key%:*}
>@@ -182,7 +226,7 @@
> 	else
> 		mode=none
> 	fi
>-	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
>+	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}"
> 	if [ "${mode}" = "gpg" ] ; then
> 		: ${gpg_options:='-q -d'}
> 		# gpg available ?
>@@ -192,7 +236,7 @@
> 				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
> 				# save stdin stdout stderr "values"
> 				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
>-					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
>+					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
> 				ret=$?
> 				# The timeout command exits 124 when it times out.
> 				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
>@@ -207,11 +251,11 @@
> 		fi
> 	else
> 		if [ "${mode}" = "reg" ] ; then
>-			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
>+			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header}
> 			ret=$?
> 			eend ${ret} "failure running cryptsetup"
> 		else
>-			cryptsetup ${options} ${arg1} ${arg2} ${arg3}
>+			cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
> 			ret=$?
> 			eend ${ret} "failure running cryptsetup"
> 		fi
>@@ -280,7 +324,7 @@
> 			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
> 			;;
> 
>-		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*)
>+		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|luks_header=*)
> 			if [ -z "${target}${swap}" ] ; then
> 				ewarn "Ignoring setting outside target/swap section: ${targetline}"
> 				continue

Actions: View | Diff

Attachments on bug 493690: 364964 | 365052 | 767170 | 767171 | 767898 | 775014 | 778130 | 832213 | 832215 | 861072 | 861073 | 876383