Attachment #123127 for bug #174294




                        if [ -b "${x}" ]
                        then
                                good_msg "Attempting to mount key media:- ${x}"
                                mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \
                                                > /dev/null 2>&1
                                fi
                                if [ "$?" = '0' ]
                                then
                                        # Check for the key
                                        if [ -e ${NEW_ROOT}/mnt/keydev/${SUBDIR}/${KEYNAME} ]
                                        then
                                                LUKS_ROOT_KEYDEV="${x}"
						umount ${NEW_ROOT}/mnt/keydev
                                                break
                                        else
                                                umount ${NEW_ROOT}/mnt/keydev
                                        fi
                                fi
                        fi

		do
			if [ "${LUKS_DEVICE}" = '' ]
			then
				if [ ${LUKS_SILENT} ]
				then
					echo 'System booted'
					run_shell
				fi

			elif [ 1 ]
			then
				# LUKS device could not be opened. Prompt user for device.
				bad_msg "The LUKS ${LUKS_NAME} block device is not detected."
				echo "   Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."

				setup_md_device ${LUKS_DEVICE}
				if cryptsetup isLuks ${LUKS_DEVICE}
				then
					if [ "${LUKS_SILENT}" = '' ]
					then
						good_msg "Opening LUKS device ${LUKS_DEVICE}"
					fi
					
					cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}
					if [ ! "$?" -eq '0' ]
					then
						bad_msg "Failed open LUKS device ${LUKS_DEVICE}"
					elif [ "${LUKS_SILENT}" ]
					then
						run_shell
					else
						break
					fi




			CDROOT=1
			CDROOT_DEV=`parse_opt "${x}"`
		;;
		# Start livecd loop, looptype options
		loop\=*)
			LOOP=`parse_opt "${x}"`
		;;
		looptype\=*)
			LOOPTYPE=`parse_opt "${x}"`
		;;
		loop_crypt\=*)
			LOOP_CRYPT=`parse_opt "${x}"`
		;;
		# Start Device Manager options 
		devfs)
			USE_DEVFS_NORMAL=1

		crypt_swap\=*)
			LUKS_SWAP=`parse_opt "${x}"`
		;;
		crypt_silent\=*)
			LUKS_SILENT=`parse_opt "${x}"`
		;;
		real_rootflags\=*)
			REAL_ROOTFLAGS=`parse_opt "${x}"`
		;;

# Scan volumes
startVolumes

# Initialize LUKS root device except for livecd's
if [ "${CDROOT}" -ne '1' ]
then
	startLUKS
fi

# Set up unionfs
mkdir -p ${NEW_ROOT}

		mount -t tmpfs tmpfs ${NEW_ROOT}
	fi
	
	for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys
	do
		mkdir -p ${NEW_ROOT}/$i
		chmod 755 ${NEW_ROOT}/$i

	

        # If encrypted, find key and mount, otherwise mount as usual
	if [ "${LUKS_ROOT}" != '' ] 
	then
		if [ "${LUKS_SILENT}" = '' ]
		then
			good_msg 'You booted an encrypted livecd'
		fi

		LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
		then 
			good_msg 'It's not locked with a gpg key, attempting to decrypt manually'
			losetup -e ${LOOP_CRYPT} /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
			

		if [ "${LUKS_ROOT_KEY}" ]
		then
			bootstrapKey
			good_msg 'Attempting to decrypt with key'
			losetup -K ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} -e ${LOOP_CRYPT} /dev/loop1 \
				${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
		fi

		test_success 'Unencrypting loop'
		
		losetup /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
		
		test_success 'Preparing loop filesystem'
		
		LUKS_ROOT='/dev/loop1'
		
		startLUKS
		
		case ${LOOPTYPE} in
			squashfs)
				MOUNTTYPE="squashfs"
			normal)
				MOUNTTYPE="ext2"
				;;
			*)
				MOUNTTYPE="${LOOPTYPE}"
				;;
		esac		


		mount -t ${MOUNTTYPE} -o ro /dev/mapper/root ${NEW_ROOT}/mnt/livecd 
		
		test_success 'Mount filesystem'	
		FS_LOCATION='mnt/livecd'



			test_success 'mount /dev/loop0 /'
			FS_LOCATION='mnt/livecd'
		fi
	fi
#
# End cdrom looptype determination and mounting if necessary
#

Return to bug 174294

Lines 109-126 Link Here

(-)genkernel/trunk/generic/initrd.scripts (-6 / +20 lines)
109	if [ -b "${x}" ]	109	if [ -b "${x}" ]
110	then	110	then
111	good_msg "Attempting to mount key media:- ${x}"	111	good_msg "Attempting to mount key media:- ${x}"
112	mount -r -t auto ${x} ${NEW_ROOT}/mnt/key \	112	mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \
113	> /dev/null 2>&1	113	> /dev/null 2>&1
114	fi
115	if [ "$?" = '0' ]	114	if [ "$?" = '0' ]
116	then	115	then
117	# Check for the key	116	# Check for the key
118	if [ -e ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} ]	117	if [ -e ${NEW_ROOT}/mnt/keydev/${SUBDIR}/${KEYNAME} ]
119	then	118	then
120	KEY_ROOT="${x}"	119	LUKS_ROOT_KEYDEV="${x}"
		120	umount ${NEW_ROOT}/mnt/keydev
121	break	121	break
122	else	122	else
123	umount ${NEW_ROOT}/mnt/key	123	umount ${NEW_ROOT}/mnt/keydev
124	fi	124	fi
125	fi	125	fi
126	fi	126	fi
Lines 658-663 Link Here
658	do	658	do
659	if [ "${LUKS_DEVICE}" = '' ]	659	if [ "${LUKS_DEVICE}" = '' ]
660	then	660	then
		661	if [ ${LUKS_SILENT} ]
		662	then
		663	echo 'System booted'
		664	run_shell
		665	fi
		666
		667	elif [ 1 ]
		668	then
661	# LUKS device could not be opened. Prompt user for device.	669	# LUKS device could not be opened. Prompt user for device.
662	bad_msg "The LUKS ${LUKS_NAME} block device is not detected."	670	bad_msg "The LUKS ${LUKS_NAME} block device is not detected."
663	echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."	671	echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."
Lines 677-688 Link Here
677	setup_md_device ${LUKS_DEVICE}	685	setup_md_device ${LUKS_DEVICE}
678	if cryptsetup isLuks ${LUKS_DEVICE}	686	if cryptsetup isLuks ${LUKS_DEVICE}
679	then	687	then
680	good_msg "Opening LUKS device ${LUKS_DEVICE}"	688	if [ "${LUKS_SILENT}" = '' ]
		689	then
		690	good_msg "Opening LUKS device ${LUKS_DEVICE}"
		691	fi
681		692
682	cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}	693	cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}
683	if [ ! "$?" -eq '0' ]	694	if [ ! "$?" -eq '0' ]
684	then	695	then
685	bad_msg "Failed open LUKS device ${LUKS_DEVICE}"	696	bad_msg "Failed open LUKS device ${LUKS_DEVICE}"
		697	elif [ "${LUKS_SILENT}" ]
		698	then
		699	run_shell
686	else	700	else
687	break	701	break
688	fi	702	fi

Lines 72-87 Link Here

(-)genkernel/trunk/generic/linuxrc (-29 / +36 lines)
72	CDROOT=1	72	CDROOT=1
73	CDROOT_DEV=`parse_opt "${x}"`	73	CDROOT_DEV=`parse_opt "${x}"`
74	;;	74	;;
75	# Start livecd loop, looptype options and encryption	75	# Start livecd loop, looptype options
76	loop\=*)	76	loop\=*)
77	LOOP=`parse_opt "${x}"`	77	LOOP=`parse_opt "${x}"`
78	;;	78	;;
79	looptype\=*)	79	looptype\=*)
80	LOOPTYPE=`parse_opt "${x}"`	80	LOOPTYPE=`parse_opt "${x}"`
81	;;	81	;;
82	loop_crypt\=*)
83	LOOP_CRYPT=`parse_opt "${x}"`
84	;;
85	# Start Device Manager options	82	# Start Device Manager options
86	devfs)	83	devfs)
87	USE_DEVFS_NORMAL=1	84	USE_DEVFS_NORMAL=1
Lines 182-187 Link Here
182	crypt_swap\=*)	179	crypt_swap\=*)
183	LUKS_SWAP=`parse_opt "${x}"`	180	LUKS_SWAP=`parse_opt "${x}"`
184	;;	181	;;
		182	crypt_silent\=*)
		183	LUKS_SILENT=`parse_opt "${x}"`
		184	;;
185	real_rootflags\=*)	185	real_rootflags\=*)
186	REAL_ROOTFLAGS=`parse_opt "${x}"`	186	REAL_ROOTFLAGS=`parse_opt "${x}"`
187	;;	187	;;
Lines 236-243 Link Here
236	# Scan volumes	236	# Scan volumes
237	startVolumes	237	startVolumes
238		238
239	# Initialize LUKS root device	239	# Initialize LUKS root device except for livecd's
240	startLUKS	240	if [ "${CDROOT}" -ne '1' ]
		241	then
		242	startLUKS
		243	fi
241		244
242	# Set up unionfs	245	# Set up unionfs
243	mkdir -p ${NEW_ROOT}	246	mkdir -p ${NEW_ROOT}
Lines 264-270 Link Here
264	mount -t tmpfs tmpfs ${NEW_ROOT}	267	mount -t tmpfs tmpfs ${NEW_ROOT}
265	fi	268	fi
266		269
267	for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys	270	for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys
268	do	271	do
269	mkdir -p ${NEW_ROOT}/$i	272	mkdir -p ${NEW_ROOT}/$i
270	chmod 755 ${NEW_ROOT}/$i	273	chmod 755 ${NEW_ROOT}/$i
Lines 496-532 Link Here
496		499
497		500
498	# If encrypted, find key and mount, otherwise mount as usual	501	# If encrypted, find key and mount, otherwise mount as usual
499	if [ "${LOOP_CRYPT}" != '' ]	502	if [ "${LUKS_ROOT}" != '' ]
500	then	503	then
501	good_msg 'You booted an encrypted livecd'	504	if [ "${LUKS_SILENT}" = '' ]
502	KEYNAME=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)	505	then
		506	good_msg 'You booted an encrypted livecd'
		507	fi
503		508
504	if [ "${KEYNAME}" = '' ]	509	LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
505	then
506	good_msg 'It's not locked with a gpg key, attempting to decrypt manually'
507	losetup -e ${LOOP_CRYPT} /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
508
509		510
510	else	511	if [ "${LUKS_ROOT_KEY}" ]
511	good_msg 'Livecd locked with gpg key'	512	then
512	bootstrapKey	513	bootstrapKey
513	good_msg 'Attempting to decrypt with key'
514	losetup -K ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} -e ${LOOP_CRYPT} /dev/loop1 \
515	${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
516	fi	514	fi
517
518	test_success 'Unencrypting loop'
519		515
		516	losetup /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
		517
		518	test_success 'Preparing loop filesystem'
		519
		520	LUKS_ROOT='/dev/loop1'
		521
		522	startLUKS
		523
520	case ${LOOPTYPE} in	524	case ${LOOPTYPE} in
521	squashfs)
522	MOUNTTYPE="squashfs"
523	normal)	525	normal)
524	MOUNTTYPE="ext2"	526	MOUNTTYPE="ext2"
525	esac	527	;;
		528	*)
		529	MOUNTTYPE="${LOOPTYPE}"
		530	;;
		531	esac
526		532
527	mount -t ${MOUNTTYPE} -o ro /dev/loop1 ${NEW_ROOT}/mnt/livecd	533
528		534	mount -t ${MOUNTTYPE} -o ro /dev/mapper/root ${NEW_ROOT}/mnt/livecd
529	test_success 'Mount filesystem, checking key'	535
		536	test_success 'Mount filesystem'
530	FS_LOCATION='mnt/livecd'	537	FS_LOCATION='mnt/livecd'
531		538
532		539
Lines 590-596 Link Here
590	test_success 'mount /dev/loop0 /'	597	test_success 'mount /dev/loop0 /'
591	FS_LOCATION='mnt/livecd'	598	FS_LOCATION='mnt/livecd'
592	fi	599	fi
593		600	fi
594	#	601	#
595	# End cdrom looptype determination and mounting if necessary	602	# End cdrom looptype determination and mounting if necessary
596	#	603	#