--- 1.0.6-dm-crypt-start.sh 2008-08-23 01:07:03.000000000 +0000 +++ dm-crypt-start.sh 2008-08-23 01:11:17.000000000 +0000 @@ -9,6 +9,7 @@ dm_crypt_execute_dmcrypt } + # Setup mappings for an individual target/swap # Note: This relies on variables localized in the main body below. dm_crypt_execute_dmcrypt() { @@ -74,55 +75,132 @@ fi case $ans in [yY]|[yY][eE][sS]) return 0;; - *) return 1;; + *) return 1;; esac } - # Notes: sed not used to avoid case where /usr partition is encrypted. mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg key=${key/:*/} case "$mode" in gpg|reg) # handle key on removable device - if [ -n "$remdev" ]; then - # temp directory to mount removable device - local mntrem=/mnt/remdev.$$ - if [ ! -d "${mntrem}" ] ; then + local mntrem=/mnt/remdev.$$ c=0 ans i devices + if [ ! -d "${mntrem}" ] ; then if ! mkdir -p "${mntrem}" ; then - ewarn "${source} will not be decrypted ..." - einfo "Reason: Unable to create temporary mount point '${mntrem}'" - return + ewarn "${source} will not be decrypted ..." + einfo "Reason: Unable to create temporary mount point '${mntrem}'" + return fi - fi - i=0 - einfo "Please insert removable device for ${target}" - while :; do - foo="" - if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then + fi + + + + for (( i = 0 ; i < 10 ; i++ )); do + if [ -f "${key}" ]; then + break; + elif [ -z "$remdev" ]; then + ebegin " Guessing the key device" + # usb keychain/storage + devices="/dev/sd*" + # ide + devices="${devices} /dev/hd*" + # usb using the 'usb block driver' + devices="${devices} /dev/ubd* /dev/ubd/*" + # cdrom's + devices="${devices} /dev/cdroms/* /dev/ide/cd/* /dev/sr*" + for x in ${devices}; do + if [ -b "${x}" ]; then + mount -r -t auto ${x} ${mntrem} >/dev/null 2>&1 + if [ "$?" = '0' ]; then + if [ -f "${mntrem}/${key}" ]; then + key="${mntrem}/${key}" + remdev=${x} + break 2; + fi + else + umount ${mntrem} >/dev/null 2>&1 + fi + fi + done + einfo "Removable device for ${target} not present." + echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console + read -t 25 ans /dev/console + case ${ans} in + a) + remdev=''; i=$((i-1)); sleep 8; continue + ;; + q) + return + ;; + '') + i=$((i-1)); sleep 8; continue + ;; + *) + remdev=${ans}; i=0; sleep 8 + ;; + esac + else + if mount -n -o ro ${remdev} ${mntrem} 2>/dev/null >/dev/null ; then + sleep 2 # keyfile exists? - if [ ! -e "${mntrem}${key}" ]; then - umount -n "${mntrem}" - rmdir "${mntrem}" - einfo "Cannot find ${key} on removable media." - read_abort "Abort" ${read_timeout} && return + if [ ! -e "${mntrem}/${key}" ]; then + umount -n ${mntrem} 2>/dev/null >/dev/null + einfo "Cannot find ${key} on removable media ${remdev}." + echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console + read -t 25 ans /dev/console + case "${ans}" in + a) + unset remdev; i=$((i-2)); c=0; sleep 8; continue + ;; + q) + return + ;; + '') + i=0; c=0; sleep 8; continue + ;; + *) + remdev=${ans}; i=0; c=0; continue + ;; + esac else - key="${mntrem}${key}" + key="${mntrem}/${key}" break fi else - [ -e "${remdev}" ] \ - && foo="mount failed" \ - || foo="mount source not found" + [ "$c" -eq 0 ] && einfo "Please insert removable device for ${target}" + c=1 + sleep 2 + # let user abort + if [ "$i" -eq 9 ]; then + einfo "Removable device ${remdev} for ${target} not present." + echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console + read -t 25 ans /dev/console + case ${ans} in + a) + unset remdev; i=$((i-2)); c=0; sleep 8; continue + ;; + q) + return + ;; + '') + i=0; c=0; sleep 8 + ;; + *) + remdev=${ans}; i=0; c=0; sleep 8 + ;; + esac + fi fi - ((++i)) - read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return - done - else # keyfile ! on removable device - if [ ! -e "$key" ]; then - ewarn "${source} will not be decrypted ..." - einfo "Reason: keyfile ${key} does not exist." - return fi + done + # keyfile ! on removable device + if [ ! -e "$key" ]; then + ewarn "${source} will not be decrypted ..." + einfo "Reason: keyfile ${key} does not exist." + return fi ;; *) @@ -156,7 +234,7 @@ eend "${ret}" "failure running cryptsetup" else ewarn "${source} will not be decrypted ..." - einfo "Reason: cannot find gpg application." + einfo "Reason: cannot find gpg application." einfo "You have to install app-crypt/gnupg first." einfo "If you have /usr on its own partition, try copying gpg to /bin ." fi @@ -219,23 +297,23 @@ # Determine string lengths strlen() { if [ -z "$1" ] - then - echo "usage: strlen " - die - fi + then + echo "usage: strlen " + die + fi eval echo "\${#${1}}" } # Lookup optional bootparams parse_opt() { - case "$1" in - *\=*) - local key_name="`echo "$1" | cut -f1 -d=`" - local key_len=`strlen key_name` - local value_start=$((key_len+2)) - echo "$1" | cut -c ${value_start}- - ;; - esac + case "$1" in + *\=*) + local key_name="`echo "$1" | cut -f1 -d=`" + local key_len=`strlen key_name` + local value_start=$((key_len+2)) + echo "$1" | cut -c ${value_start}- + ;; + esac } local cryptfs_status=0 @@ -244,17 +322,17 @@ CMDLINE="`cat /proc/cmdline`" for x in ${CMDLINE} do - case "${x}" in - key_timeout\=*) - KEY_TIMEOUT=`parse_opt "${x}"` - if [ ${KEY_TIMEOUT} -gt 0 ]; then - read_timeout="-t ${KEY_TIMEOUT}" - fi - ;; - esac + case "${x}" in + key_timeout\=*) + KEY_TIMEOUT=`parse_opt "${x}"` + if [ ${KEY_TIMEOUT} -gt 0 ]; then + read_timeout="-t ${KEY_TIMEOUT}" + fi + ;; + esac done -if [[ -f /etc/conf.d/dmcrypt ]] && [[ -x /sbin/cryptsetup ]] ; then +if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /sbin/cryptsetup ]] ; then ebegin "Setting up dm-crypt mappings" # Fix for baselayout-1.12.10 (bug 174256)