Lines 116-122
Link Here
|
116 |
# else |
116 |
# else |
117 |
# mount -r -t auto ${x} ${mntdir} &>/dev/null |
117 |
# mount -r -t auto ${x} ${mntdir} &>/dev/null |
118 |
# fi |
118 |
# fi |
119 |
mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1 |
119 |
mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1 || mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1 |
120 |
if [ "$?" = '0' ] |
120 |
if [ "$?" = '0' ] |
121 |
then |
121 |
then |
122 |
# Check for the media |
122 |
# Check for the media |
Lines 662-667
Link Here
|
662 |
fi |
662 |
fi |
663 |
} |
663 |
} |
664 |
|
664 |
|
|
|
665 |
|
666 |
# Overwrite and delete file |
667 |
wipeFile() { |
668 |
if [ -f "$1" ] ; then |
669 |
#size=`stat -c %s "$1"` |
670 |
size=4096 |
671 |
dd if=/dev/urandom of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1 |
672 |
dd if=/dev/zero of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1 |
673 |
rm "$1" |
674 |
fi |
675 |
} |
676 |
|
665 |
# Open a LUKS device |
677 |
# Open a LUKS device |
666 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
678 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
667 |
# $1 - root/swap |
679 |
# $1 - root/swap |
Lines 681-688
Link Here
|
681 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' |
693 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' |
682 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
694 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
683 |
local mntkey="/mnt/key/" cryptsetup_options='' |
695 |
local mntkey="/mnt/key/" cryptsetup_options='' |
|
|
696 |
local LUKS_KEY_PLAIN=${LUKS_KEY%.gpg} |
697 |
local LUKS_KEY_TMP="/temp/key-${LUKS_KEY_PLAIN}" |
684 |
|
698 |
|
685 |
[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1 |
699 |
[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1 |
|
|
700 |
[ "$LUKS_KEY_PLAIN" != "$LUKS_KEY" ] && [ ! -e /sbin/gpg ] && bad_msg "The initrd does not suport GPG" && exit 1 |
686 |
while [ 1 ] |
701 |
while [ 1 ] |
687 |
do |
702 |
do |
688 |
# if crypt_silent=1 and some error occurs, enter shell quietly |
703 |
# if crypt_silent=1 and some error occurs, enter shell quietly |
Lines 762-775
Link Here
|
762 |
umount -n ${mntkey} 2>/dev/null >/dev/null |
777 |
umount -n ${mntkey} 2>/dev/null >/dev/null |
763 |
KEY_ERROR=1 |
778 |
KEY_ERROR=1 |
764 |
KEYDEV_ERROR=1 |
779 |
KEYDEV_ERROR=1 |
765 |
bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} |
780 |
bad_msg "Key ${LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} |
766 |
continue |
781 |
continue |
767 |
fi |
782 |
fi |
768 |
fi |
783 |
fi |
769 |
fi |
784 |
fi |
770 |
# At this point a candidate key exists (either mounted before or not) |
785 |
# At this point a candidate key exists (either mounted before or not) |
771 |
good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT} |
786 |
good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT} |
772 |
cryptsetup_options="-d ${mntkey}${LUKS_KEY}" |
787 |
# Is gpg encrypted? |
|
|
788 |
if [ "${LUKS_KEY_PLAIN}" != "${LUKS_KEY}" ] ; then |
789 |
if [ ! -e "${LUKS_KEY_TMP}" ] ; then |
790 |
gpg --homedir /.gpg -o "${LUKS_KEY_TMP}" "${mntkey}${LUKS_KEY}" |
791 |
if [ ! -e "${LUKS_KEY_TMP}" ] ; then |
792 |
KEY_ERROR=1 |
793 |
bad_msg "Unable to decrypt ${LUKS_KEY}" ${CRYPT_SILENT} |
794 |
continue |
795 |
fi |
796 |
fi |
797 |
cryptsetup_options="-d ${LUKS_KEY_TMP}" |
798 |
else |
799 |
cryptsetup_options="-d ${mntkey}${LUKS_KEY}" |
800 |
fi |
773 |
fi |
801 |
fi |
774 |
# At this point, keyfile or not, we're ready! |
802 |
# At this point, keyfile or not, we're ready! |
775 |
crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" |
803 |
crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" |
Lines 788-793
Link Here
|
788 |
done |
816 |
done |
789 |
umount ${mntkey} 2>/dev/null >/dev/null |
817 |
umount ${mntkey} 2>/dev/null >/dev/null |
790 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
818 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
|
|
819 |
if [ ${DEV_ERROR} != 0 ] || [ ${KEY_ERROR} != 0 ] || [ ${KEYDEV_ERROR} != 0 ] ; then |
820 |
for i in /temp/key-* ; do |
821 |
wipeFile "${i}" |
822 |
done |
823 |
fi |
791 |
} |
824 |
} |
792 |
|
825 |
|
793 |
startLUKS() { |
826 |
startLUKS() { |
Lines 820-825
Link Here
|
820 |
REAL_RESUME="/dev/mapper/swap" |
853 |
REAL_RESUME="/dev/mapper/swap" |
821 |
fi |
854 |
fi |
822 |
fi |
855 |
fi |
|
|
856 |
|
857 |
# wipe decrypted key files |
858 |
for i in /temp/key-* ; do |
859 |
wipeFile "${i}" |
860 |
done |
823 |
} |
861 |
} |
824 |
|
862 |
|
825 |
sdelay() { |
863 |
sdelay() { |