Attachment #163585 for bug #189901

View | Details | Raw Unified | Return to bug 189901 | Differences between
Collapse All | Expand All




	dm_crypt_execute_dmcrypt
}


# Setup mappings for an individual target/swap
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_dmcrypt() {

			fi
			case $ans in
				[yY]|[yY][eE][sS]) return 0;;
				 *) return 1;;
			esac
		}

		# Notes: sed not used to avoid case where /usr partition is encrypted.
		mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg
		key=${key/:*/}
		case "$mode" in
		gpg|reg)
			# handle key on removable device
			local mntrem=/mnt/remdev.$$ c=0 ans i devices
			if [ ! -d "${mntrem}" ] ; then
				local mntrem=/mnt/remdev.$$
				if [ ! -d "${mntrem}" ] ; then
					if ! mkdir -p "${mntrem}" ; then
							ewarn "${source} will not be decrypted ..."
							einfo "Reason: Unable to create temporary mount point '${mntrem}'"
							return
					fi
			fi



			for (( i = 0 ; i < 10 ; i++ )); do
				if [ -f "${key}" ]; then
					break;
				elif [ -z "$remdev" ]; then
					ebegin " Guessing the key device"
					# usb keychain/storage
					devices="/dev/sd*"
					# ide
					devices="${devices} /dev/hd*"
					# usb using the 'usb block driver'
					devices="${devices} /dev/ubd* /dev/ubd/*"
					# cdrom's
					devices="${devices} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"				
					for x in ${devices}; do
						if [ -b "${x}" ]; then
							mount -r -t auto ${x} ${mntrem} >/dev/null 2>&1
							if [ "$?" = '0' ]; then
								if [ -f "${mntrem}/${key}" ]; then
									key="${mntrem}/${key}"
									remdev=${x}
									break 2;
								fi
							else
								umount ${mntrem} >/dev/null 2>&1
							fi						
						fi
					done
					einfo "Removable device for ${target} not present."
					echo -n -e " ${green}*${off}  Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console	
					read -t 25 ans </dev/console; [ "$?" != '0' ] && continue
					echo	>/dev/console
					case ${ans} in
						a)
							remdev=''; i=$((i-1)); sleep 8; continue
							;;
						q)
							return
							;;
						'')
							i=$((i-1)); sleep 8; continue
							;;
						*)
							remdev=${ans}; i=0; sleep 8
							;;
					esac
				else
					if mount -n -o ro ${remdev} ${mntrem} 2>/dev/null >/dev/null ; then
						sleep 2
						# keyfile exists?
						if [ ! -e "${mntrem}/${key}" ]; then
							umount -n ${mntrem} 2>/dev/null >/dev/null
							einfo "Cannot find ${key} on removable media ${remdev}."
							echo -n -e " ${green}*${off}  Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console	
							read -t 25 ans </dev/console; [ "$?" != '0' ] && continue
							echo	>/dev/console
							case "${ans}" in
								a)
									unset remdev; i=$((i-2)); c=0; sleep 8; continue
									;;
								q)
									return
									;;
								'')
									i=0; c=0; sleep 8; continue
									;;
								*)
									remdev=${ans}; i=0; c=0; continue
									;;
							esac
						else
							key="${mntrem}/${key}"
							break
						fi
					else
						[ "$c" -eq 0 ] && einfo "Please insert removable device for ${target}"
						c=1
						sleep 2
						# let user abort
						if [ "$i" -eq 9 ]; then
							einfo "Removable device ${remdev} for ${target} not present."
							echo -n -e " ${green}*${off}  Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console	
							read -t 25 ans </dev/console; [ "$?" != '0' ] && continue
							echo	>/dev/console
							case ${ans} in
								a)
									unset remdev; i=$((i-2)); c=0; sleep 8; continue
									;;
								q)
									return
									;;
								'')
									i=0; c=0; sleep 8
									;;
								*)
									remdev=${ans}; i=0; c=0; sleep 8
									;;
							esac
						fi
					fi
					((++i))
					read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
				done
			else    # keyfile ! on removable device
				if [ ! -e "$key" ]; then
					ewarn "${source} will not be decrypted ..."
					einfo "Reason: keyfile ${key} does not exist."
					return
				fi
			done
			# keyfile ! on removable device
			if [ ! -e "$key" ]; then
				ewarn "${source} will not be decrypted ..."
				einfo "Reason: keyfile ${key} does not exist."
				return
			fi
			;;
		*)

			eend "${ret}" "failure running cryptsetup"
		else
			ewarn "${source} will not be decrypted ..."
			einfo "Reason: cannot find gpg application."     
			einfo "You have to install app-crypt/gnupg first."
			einfo "If you have /usr on its own partition, try copying gpg to /bin ."
		fi

# Determine string lengths
strlen() {
	if [ -z "$1" ]
			then
					echo "usage: strlen <variable_name>"
					die
	fi
	eval echo "\${#${1}}"
}

# Lookup optional bootparams
parse_opt() {
		case "$1" in
 				*\=*)
						local key_name="`echo "$1" | cut -f1 -d=`"
						local key_len=`strlen key_name`
						local value_start=$((key_len+2))
						echo "$1" | cut -c ${value_start}-
 				;;
 		esac
}

local cryptfs_status=0

CMDLINE="`cat /proc/cmdline`"
for x in ${CMDLINE}
do
		case "${x}" in
				key_timeout\=*)
						KEY_TIMEOUT=`parse_opt "${x}"`
						if [ ${KEY_TIMEOUT} -gt 0 ]; then
							read_timeout="-t ${KEY_TIMEOUT}"
						fi
				;;
		esac
done

if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /sbin/cryptsetup ]] ; then
	ebegin "Setting up dm-crypt mappings"

	# Fix for baselayout-1.12.10 (bug 174256)

Return to bug 189901

Lines 9-14 Link Here

(-)1.0.6-dm-crypt-start.sh (-54 / +132 lines)
9	dm_crypt_execute_dmcrypt	9	dm_crypt_execute_dmcrypt
10	}	10	}
11		11
		12
12	# Setup mappings for an individual target/swap	13	# Setup mappings for an individual target/swap
13	# Note: This relies on variables localized in the main body below.	14	# Note: This relies on variables localized in the main body below.
14	dm_crypt_execute_dmcrypt() {	15	dm_crypt_execute_dmcrypt() {
Lines 74-128 Link Here
74	fi	75	fi
75	case $ans in	76	case $ans in
76	[yY]\|[yY][eE][sS]) return 0;;	77	[yY]\|[yY][eE][sS]) return 0;;
77	*) return 1;;	78	*) return 1;;
78	esac	79	esac
79	}	80	}
80
81	# Notes: sed not used to avoid case where /usr partition is encrypted.	81	# Notes: sed not used to avoid case where /usr partition is encrypted.
82	mode=${key/*:/} && ( [ "$mode" == "$key" ] \|\| [ -z "$mode" ] ) && mode=reg	82	mode=${key/*:/} && ( [ "$mode" == "$key" ] \|\| [ -z "$mode" ] ) && mode=reg
83	key=${key/:*/}	83	key=${key/:*/}
84	case "$mode" in	84	case "$mode" in
85	gpg\|reg)	85	gpg\|reg)
86	# handle key on removable device	86	# handle key on removable device
87	if [ -n "$remdev" ]; then	87	local mntrem=/mnt/remdev.$$ c=0 ans i devices
88	# temp directory to mount removable device	88	if [ ! -d "${mntrem}" ] ; then
89	local mntrem=/mnt/remdev.$$
90	if [ ! -d "${mntrem}" ] ; then
91	if ! mkdir -p "${mntrem}" ; then	89	if ! mkdir -p "${mntrem}" ; then
92	ewarn "${source} will not be decrypted ..."	90	ewarn "${source} will not be decrypted ..."
93	einfo "Reason: Unable to create temporary mount point '${mntrem}'"	91	einfo "Reason: Unable to create temporary mount point '${mntrem}'"
94	return	92	return
95	fi	93	fi
96	fi	94	fi
97	i=0	95
98	einfo "Please insert removable device for ${target}"	96
99	while :; do	97
100	foo=""	98	for (( i = 0 ; i < 10 ; i++ )); do
101	if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then	99	if [ -f "${key}" ]; then
		100	break;
		101	elif [ -z "$remdev" ]; then
		102	ebegin " Guessing the key device"
		103	# usb keychain/storage
		104	devices="/dev/sd*"
		105	# ide
		106	devices="${devices} /dev/hd*"
		107	# usb using the 'usb block driver'
		108	devices="${devices} /dev/ubd* /dev/ubd/*"
		109	# cdrom's
		110	devices="${devices} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
		111	for x in ${devices}; do
		112	if [ -b "${x}" ]; then
		113	mount -r -t auto ${x} ${mntrem} >/dev/null 2>&1
		114	if [ "$?" = '0' ]; then
		115	if [ -f "${mntrem}/${key}" ]; then
		116	key="${mntrem}/${key}"
		117	remdev=${x}
		118	break 2;
		119	fi
		120	else
		121	umount ${mntrem} >/dev/null 2>&1
		122	fi
		123	fi
		124	done
		125	einfo "Removable device for ${target} not present."
		126	echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console
		127	read -t 25 ans </dev/console; [ "$?" != '0' ] && continue
		128	echo >/dev/console
		129	case ${ans} in
		130	a)
		131	remdev=''; i=$((i-1)); sleep 8; continue
		132	;;
		133	q)
		134	return
		135	;;
		136	'')
		137	i=$((i-1)); sleep 8; continue
		138	;;
		139	*)
		140	remdev=${ans}; i=0; sleep 8
		141	;;
		142	esac
		143	else
		144	if mount -n -o ro ${remdev} ${mntrem} 2>/dev/null >/dev/null ; then
		145	sleep 2
102	# keyfile exists?	146	# keyfile exists?
103	if [ ! -e "${mntrem}${key}" ]; then	147	if [ ! -e "${mntrem}/${key}" ]; then
104	umount -n "${mntrem}"	148	umount -n ${mntrem} 2>/dev/null >/dev/null
105	rmdir "${mntrem}"	149	einfo "Cannot find ${key} on removable media ${remdev}."
106	einfo "Cannot find ${key} on removable media."	150	echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console
107	read_abort "Abort" ${read_timeout} && return	151	read -t 25 ans </dev/console; [ "$?" != '0' ] && continue
		152	echo >/dev/console
		153	case "${ans}" in
		154	a)
		155	unset remdev; i=$((i-2)); c=0; sleep 8; continue
		156	;;
		157	q)
		158	return
		159	;;
		160	'')
		161	i=0; c=0; sleep 8; continue
		162	;;
		163	*)
		164	remdev=${ans}; i=0; c=0; continue
		165	;;
		166	esac
108	else	167	else
109	key="${mntrem}${key}"	168	key="${mntrem}/${key}"
110	break	169	break
111	fi	170	fi
112	else	171	else
113	[ -e "${remdev}" ] \	172	[ "$c" -eq 0 ] && einfo "Please insert removable device for ${target}"
114	&& foo="mount failed" \	173	c=1
115	\|\| foo="mount source not found"	174	sleep 2
		175	# let user abort
		176	if [ "$i" -eq 9 ]; then
		177	einfo "Removable device ${remdev} for ${target} not present."
		178	echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console
		179	read -t 25 ans </dev/console; [ "$?" != '0' ] && continue
		180	echo >/dev/console
		181	case ${ans} in
		182	a)
		183	unset remdev; i=$((i-2)); c=0; sleep 8; continue
		184	;;
		185	q)
		186	return
		187	;;
		188	'')
		189	i=0; c=0; sleep 8
		190	;;
		191	*)
		192	remdev=${ans}; i=0; c=0; sleep 8
		193	;;
		194	esac
		195	fi
116	fi	196	fi
117	((++i))
118	read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
119	done
120	else # keyfile ! on removable device
121	if [ ! -e "$key" ]; then
122	ewarn "${source} will not be decrypted ..."
123	einfo "Reason: keyfile ${key} does not exist."
124	return
125	fi	197	fi
		198	done
		199	# keyfile ! on removable device
		200	if [ ! -e "$key" ]; then
		201	ewarn "${source} will not be decrypted ..."
		202	einfo "Reason: keyfile ${key} does not exist."
		203	return
126	fi	204	fi
127	;;	205	;;
128	*)	206	*)
Lines 156-162 Link Here
156	eend "${ret}" "failure running cryptsetup"	234	eend "${ret}" "failure running cryptsetup"
157	else	235	else
158	ewarn "${source} will not be decrypted ..."	236	ewarn "${source} will not be decrypted ..."
159	einfo "Reason: cannot find gpg application."	237	einfo "Reason: cannot find gpg application."
160	einfo "You have to install app-crypt/gnupg first."	238	einfo "You have to install app-crypt/gnupg first."
161	einfo "If you have /usr on its own partition, try copying gpg to /bin ."	239	einfo "If you have /usr on its own partition, try copying gpg to /bin ."
162	fi	240	fi
Lines 219-241 Link Here
219	# Determine string lengths	297	# Determine string lengths
220	strlen() {	298	strlen() {
221	if [ -z "$1" ]	299	if [ -z "$1" ]
222	then	300	then
223	echo "usage: strlen <variable_name>"	301	echo "usage: strlen <variable_name>"
224	die	302	die
225	fi	303	fi
226	eval echo "\${#${1}}"	304	eval echo "\${#${1}}"
227	}	305	}
228		306
229	# Lookup optional bootparams	307	# Lookup optional bootparams
230	parse_opt() {	308	parse_opt() {
231	case "$1" in	309	case "$1" in
232	\=)	310	\=)
233	local key_name="`echo "$1" \| cut -f1 -d=`"	311	local key_name="`echo "$1" \| cut -f1 -d=`"
234	local key_len=`strlen key_name`	312	local key_len=`strlen key_name`
235	local value_start=$((key_len+2))	313	local value_start=$((key_len+2))
236	echo "$1" \| cut -c ${value_start}-	314	echo "$1" \| cut -c ${value_start}-
237	;;	315	;;
238	esac	316	esac
239	}	317	}
240		318
241	local cryptfs_status=0	319	local cryptfs_status=0
Lines 244-260 Link Here
244	CMDLINE="`cat /proc/cmdline`"	322	CMDLINE="`cat /proc/cmdline`"
245	for x in ${CMDLINE}	323	for x in ${CMDLINE}
246	do	324	do
247	case "${x}" in	325	case "${x}" in
248	key_timeout\=*)	326	key_timeout\=*)
249	KEY_TIMEOUT=`parse_opt "${x}"`	327	KEY_TIMEOUT=`parse_opt "${x}"`
250	if [ ${KEY_TIMEOUT} -gt 0 ]; then	328	if [ ${KEY_TIMEOUT} -gt 0 ]; then
251	read_timeout="-t ${KEY_TIMEOUT}"	329	read_timeout="-t ${KEY_TIMEOUT}"
252	fi	330	fi
253	;;	331	;;
254	esac	332	esac
255	done	333	done
256		334
257	if [[ -f /etc/conf.d/dmcrypt ]] && [[ -x /sbin/cryptsetup ]] ; then	335	if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /sbin/cryptsetup ]] ; then
258	ebegin "Setting up dm-crypt mappings"	336	ebegin "Setting up dm-crypt mappings"
259		337
260	# Fix for baselayout-1.12.10 (bug 174256)	338	# Fix for baselayout-1.12.10 (bug 174256)