Attachment #150228 for bug #217959




#				else
#					mount -r -t auto ${x} ${mntdir} &>/dev/null
#				fi
				mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1 || mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1
				if [ "$?" = '0' ]
				then
					# Check for the media

	fi
}


# Overwrite and delete file
wipeFile() {
	if [ -f "$1" ] ; then
		#size=`stat -c %s "$1"`
		size=4096
		dd if=/dev/urandom of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		dd if=/dev/zero of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		rm "$1"
	fi
}

# Open a LUKS device
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks
# $1 - root/swap

	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
	local mntkey="/mnt/key/" cryptsetup_options=''
	local LUKS_KEY_PLAIN=${LUKS_KEY%.gpg}
	local LUKS_KEY_TMP="/temp/key-${LUKS_KEY_PLAIN}"

	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
	[ "$LUKS_KEY_PLAIN" != "$LUKS_KEY" ] && [ ! -e /sbin/gpg ] && bad_msg "The initrd does not suport GPG" && exit 1
	while [ 1 ]
	do
		# if crypt_silent=1 and some error occurs, enter shell quietly

								umount -n ${mntkey} 2>/dev/null >/dev/null
								KEY_ERROR=1
								KEYDEV_ERROR=1
								bad_msg "Key ${LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
								continue
							fi
						fi
					fi
					# At this point a candidate key exists (either mounted before or not)
					good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
					# Is gpg encrypted?
					if [ "${LUKS_KEY_PLAIN}" != "${LUKS_KEY}" ] ; then
						if [ ! -e "${LUKS_KEY_TMP}" ] ; then
							gpg --homedir /.gpg -o "${LUKS_KEY_TMP}" "${mntkey}${LUKS_KEY}"
							if [ ! -e "${LUKS_KEY_TMP}" ] ; then
								KEY_ERROR=1
								bad_msg "Unable to decrypt ${LUKS_KEY}" ${CRYPT_SILENT}
								continue
							fi
						fi
						cryptsetup_options="-d ${LUKS_KEY_TMP}"
					else
						cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
					fi
				fi
				# At this point, keyfile or not, we're ready!
				crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"

	done
	umount ${mntkey} 2>/dev/null >/dev/null
	rmdir -p ${mntkey} 2>/dev/null >/dev/null
	if [ ${DEV_ERROR} != 0 ] || [ ${KEY_ERROR} != 0 ] || [ ${KEYDEV_ERROR} != 0 ] ; then
		for i in /temp/key-* ; do
			wipeFile "${i}"
		done
	fi
}

startLUKS() {

			REAL_RESUME="/dev/mapper/swap"
		fi
	fi

	# wipe decrypted key files
	for i in /temp/key-* ; do
		wipeFile "${i}"
	done
}

sdelay() {

Return to bug 217959

Lines 116-122 Link Here

(-)generic/initrd.scripts (-3 / +41 lines)
116	# else	116	# else
117	# mount -r -t auto ${x} ${mntdir} &>/dev/null	117	# mount -r -t auto ${x} ${mntdir} &>/dev/null
118	# fi	118	# fi
119	mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1	119	mount -r -t ${CDROOT_TYPE} ${x} ${mntdir} >/dev/null 2>&1 \|\| mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1
120	if [ "$?" = '0' ]	120	if [ "$?" = '0' ]
121	then	121	then
122	# Check for the media	122	# Check for the media
Lines 662-667 Link Here
662	fi	662	fi
663	}	663	}
664		664
		665
		666	# Overwrite and delete file
		667	wipeFile() {
		668	if [ -f "$1" ] ; then
		669	#size=`stat -c %s "$1"`
		670	size=4096
		671	dd if=/dev/urandom of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		672	dd if=/dev/zero of="$1" conv=notrunc bs=1 count=$size >/dev/null 2>&1
		673	rm "$1"
		674	fi
		675	}
		676
665	# Open a LUKS device	677	# Open a LUKS device
666	# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks	678	# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks
667	# $1 - root/swap	679	# $1 - root/swap
Lines 681-688 Link Here
681	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'	693	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
682	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0	694	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
683	local mntkey="/mnt/key/" cryptsetup_options=''	695	local mntkey="/mnt/key/" cryptsetup_options=''
		696	local LUKS_KEY_PLAIN=${LUKS_KEY%.gpg}
		697	local LUKS_KEY_TMP="/temp/key-${LUKS_KEY_PLAIN}"
684		698
685	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1	699	[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
		700	[ "$LUKS_KEY_PLAIN" != "$LUKS_KEY" ] && [ ! -e /sbin/gpg ] && bad_msg "The initrd does not suport GPG" && exit 1
686	while [ 1 ]	701	while [ 1 ]
687	do	702	do
688	# if crypt_silent=1 and some error occurs, enter shell quietly	703	# if crypt_silent=1 and some error occurs, enter shell quietly
Lines 762-775 Link Here
762	umount -n ${mntkey} 2>/dev/null >/dev/null	777	umount -n ${mntkey} 2>/dev/null >/dev/null
763	KEY_ERROR=1	778	KEY_ERROR=1
764	KEYDEV_ERROR=1	779	KEYDEV_ERROR=1
765	bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}	780	bad_msg "Key ${LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
766	continue	781	continue
767	fi	782	fi
768	fi	783	fi
769	fi	784	fi
770	# At this point a candidate key exists (either mounted before or not)	785	# At this point a candidate key exists (either mounted before or not)
771	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}	786	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
772	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"	787	# Is gpg encrypted?
		788	if [ "${LUKS_KEY_PLAIN}" != "${LUKS_KEY}" ] ; then
		789	if [ ! -e "${LUKS_KEY_TMP}" ] ; then
		790	gpg --homedir /.gpg -o "${LUKS_KEY_TMP}" "${mntkey}${LUKS_KEY}"
		791	if [ ! -e "${LUKS_KEY_TMP}" ] ; then
		792	KEY_ERROR=1
		793	bad_msg "Unable to decrypt ${LUKS_KEY}" ${CRYPT_SILENT}
		794	continue
		795	fi
		796	fi
		797	cryptsetup_options="-d ${LUKS_KEY_TMP}"
		798	else
		799	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
		800	fi
773	fi	801	fi
774	# At this point, keyfile or not, we're ready!	802	# At this point, keyfile or not, we're ready!
775	crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"	803	crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
Lines 788-793 Link Here
788	done	816	done
789	umount ${mntkey} 2>/dev/null >/dev/null	817	umount ${mntkey} 2>/dev/null >/dev/null
790	rmdir -p ${mntkey} 2>/dev/null >/dev/null	818	rmdir -p ${mntkey} 2>/dev/null >/dev/null
		819	if [ ${DEV_ERROR} != 0 ] \|\| [ ${KEY_ERROR} != 0 ] \|\| [ ${KEYDEV_ERROR} != 0 ] ; then
		820	for i in /temp/key-* ; do
		821	wipeFile "${i}"
		822	done
		823	fi
791	}	824	}
792		825
793	startLUKS() {	826	startLUKS() {
Lines 820-825 Link Here
820	REAL_RESUME="/dev/mapper/swap"	853	REAL_RESUME="/dev/mapper/swap"
821	fi	854	fi
822	fi	855	fi
		856
		857	# wipe decrypted key files
		858	for i in /temp/key-* ; do
		859	wipeFile "${i}"
		860	done
823	}	861	}
824		862
825	sdelay() {	863	sdelay() {