Lines 9-14
Link Here
|
9 |
dm_crypt_execute_dmcrypt |
9 |
dm_crypt_execute_dmcrypt |
10 |
} |
10 |
} |
11 |
|
11 |
|
|
|
12 |
|
12 |
# Setup mappings for an individual target/swap |
13 |
# Setup mappings for an individual target/swap |
13 |
# Note: This relies on variables localized in the main body below. |
14 |
# Note: This relies on variables localized in the main body below. |
14 |
dm_crypt_execute_dmcrypt() { |
15 |
dm_crypt_execute_dmcrypt() { |
Lines 74-128
Link Here
|
74 |
fi |
75 |
fi |
75 |
case $ans in |
76 |
case $ans in |
76 |
[yY]|[yY][eE][sS]) return 0;; |
77 |
[yY]|[yY][eE][sS]) return 0;; |
77 |
*) return 1;; |
78 |
*) return 1;; |
78 |
esac |
79 |
esac |
79 |
} |
80 |
} |
80 |
|
|
|
81 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
81 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
82 |
mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg |
82 |
mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg |
83 |
key=${key/:*/} |
83 |
key=${key/:*/} |
84 |
case "$mode" in |
84 |
case "$mode" in |
85 |
gpg|reg) |
85 |
gpg|reg) |
86 |
# handle key on removable device |
86 |
# handle key on removable device |
87 |
if [ -n "$remdev" ]; then |
87 |
local mntrem=/mnt/remdev.$$ c=0 ans i devices |
88 |
# temp directory to mount removable device |
88 |
if [ ! -d "${mntrem}" ] ; then |
89 |
local mntrem=/mnt/remdev.$$ |
|
|
90 |
if [ ! -d "${mntrem}" ] ; then |
91 |
if ! mkdir -p "${mntrem}" ; then |
89 |
if ! mkdir -p "${mntrem}" ; then |
92 |
ewarn "${source} will not be decrypted ..." |
90 |
ewarn "${source} will not be decrypted ..." |
93 |
einfo "Reason: Unable to create temporary mount point '${mntrem}'" |
91 |
einfo "Reason: Unable to create temporary mount point '${mntrem}'" |
94 |
return |
92 |
return |
95 |
fi |
93 |
fi |
96 |
fi |
94 |
fi |
97 |
i=0 |
95 |
|
98 |
einfo "Please insert removable device for ${target}" |
96 |
|
99 |
while :; do |
97 |
|
100 |
foo="" |
98 |
for (( i = 0 ; i < 10 ; i++ )); do |
101 |
if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then |
99 |
if [ -f "${key}" ]; then |
|
|
100 |
break; |
101 |
elif [ -z "$remdev" ]; then |
102 |
ebegin " Guessing the key device" |
103 |
# usb keychain/storage |
104 |
devices="/dev/sd*" |
105 |
# ide |
106 |
devices="${devices} /dev/hd*" |
107 |
# usb using the 'usb block driver' |
108 |
devices="${devices} /dev/ubd* /dev/ubd/*" |
109 |
# cdrom's |
110 |
devices="${devices} /dev/cdroms/* /dev/ide/cd/* /dev/sr*" |
111 |
for x in ${devices}; do |
112 |
if [ -b "${x}" ]; then |
113 |
mount -r -t auto ${x} ${mntrem} >/dev/null 2>&1 |
114 |
if [ "$?" = '0' ]; then |
115 |
if [ -f "${mntrem}/${key}" ]; then |
116 |
key="${mntrem}/${key}" |
117 |
remdev=${x} |
118 |
break 2; |
119 |
fi |
120 |
else |
121 |
umount ${mntrem} >/dev/null 2>&1 |
122 |
fi |
123 |
fi |
124 |
done |
125 |
einfo "Removable device for ${target} not present." |
126 |
echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console |
127 |
read -t 25 ans </dev/console; [ "$?" != '0' ] && continue |
128 |
echo >/dev/console |
129 |
case ${ans} in |
130 |
a) |
131 |
remdev=''; i=$((i-1)); sleep 8; continue |
132 |
;; |
133 |
q) |
134 |
return |
135 |
;; |
136 |
'') |
137 |
i=$((i-1)); sleep 8; continue |
138 |
;; |
139 |
*) |
140 |
remdev=${ans}; i=0; sleep 8 |
141 |
;; |
142 |
esac |
143 |
else |
144 |
if mount -n -o ro ${remdev} ${mntrem} 2>/dev/null >/dev/null ; then |
145 |
sleep 2 |
102 |
# keyfile exists? |
146 |
# keyfile exists? |
103 |
if [ ! -e "${mntrem}${key}" ]; then |
147 |
if [ ! -e "${mntrem}/${key}" ]; then |
104 |
umount -n "${mntrem}" |
148 |
umount -n ${mntrem} 2>/dev/null >/dev/null |
105 |
rmdir "${mntrem}" |
149 |
einfo "Cannot find ${key} on removable media ${remdev}." |
106 |
einfo "Cannot find ${key} on removable media." |
150 |
echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console |
107 |
read_abort "Abort" ${read_timeout} && return |
151 |
read -t 25 ans </dev/console; [ "$?" != '0' ] && continue |
|
|
152 |
echo >/dev/console |
153 |
case "${ans}" in |
154 |
a) |
155 |
unset remdev; i=$((i-2)); c=0; sleep 8; continue |
156 |
;; |
157 |
q) |
158 |
return |
159 |
;; |
160 |
'') |
161 |
i=0; c=0; sleep 8; continue |
162 |
;; |
163 |
*) |
164 |
remdev=${ans}; i=0; c=0; continue |
165 |
;; |
166 |
esac |
108 |
else |
167 |
else |
109 |
key="${mntrem}${key}" |
168 |
key="${mntrem}/${key}" |
110 |
break |
169 |
break |
111 |
fi |
170 |
fi |
112 |
else |
171 |
else |
113 |
[ -e "${remdev}" ] \ |
172 |
[ "$c" -eq 0 ] && einfo "Please insert removable device for ${target}" |
114 |
&& foo="mount failed" \ |
173 |
c=1 |
115 |
|| foo="mount source not found" |
174 |
sleep 2 |
|
|
175 |
# let user abort |
176 |
if [ "$i" -eq 9 ]; then |
177 |
einfo "Removable device ${remdev} for ${target} not present." |
178 |
echo -n -e " ${green}*${off} Auto search (${green}a${off}), quit (${red}q${off}) or input device name:" >/dev/console |
179 |
read -t 25 ans </dev/console; [ "$?" != '0' ] && continue |
180 |
echo >/dev/console |
181 |
case ${ans} in |
182 |
a) |
183 |
unset remdev; i=$((i-2)); c=0; sleep 8; continue |
184 |
;; |
185 |
q) |
186 |
return |
187 |
;; |
188 |
'') |
189 |
i=0; c=0; sleep 8 |
190 |
;; |
191 |
*) |
192 |
remdev=${ans}; i=0; c=0; sleep 8 |
193 |
;; |
194 |
esac |
195 |
fi |
116 |
fi |
196 |
fi |
117 |
((++i)) |
|
|
118 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
119 |
done |
120 |
else # keyfile ! on removable device |
121 |
if [ ! -e "$key" ]; then |
122 |
ewarn "${source} will not be decrypted ..." |
123 |
einfo "Reason: keyfile ${key} does not exist." |
124 |
return |
125 |
fi |
197 |
fi |
|
|
198 |
done |
199 |
# keyfile ! on removable device |
200 |
if [ ! -e "$key" ]; then |
201 |
ewarn "${source} will not be decrypted ..." |
202 |
einfo "Reason: keyfile ${key} does not exist." |
203 |
return |
126 |
fi |
204 |
fi |
127 |
;; |
205 |
;; |
128 |
*) |
206 |
*) |
Lines 156-162
Link Here
|
156 |
eend "${ret}" "failure running cryptsetup" |
234 |
eend "${ret}" "failure running cryptsetup" |
157 |
else |
235 |
else |
158 |
ewarn "${source} will not be decrypted ..." |
236 |
ewarn "${source} will not be decrypted ..." |
159 |
einfo "Reason: cannot find gpg application." |
237 |
einfo "Reason: cannot find gpg application." |
160 |
einfo "You have to install app-crypt/gnupg first." |
238 |
einfo "You have to install app-crypt/gnupg first." |
161 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
239 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
162 |
fi |
240 |
fi |
Lines 219-241
Link Here
|
219 |
# Determine string lengths |
297 |
# Determine string lengths |
220 |
strlen() { |
298 |
strlen() { |
221 |
if [ -z "$1" ] |
299 |
if [ -z "$1" ] |
222 |
then |
300 |
then |
223 |
echo "usage: strlen <variable_name>" |
301 |
echo "usage: strlen <variable_name>" |
224 |
die |
302 |
die |
225 |
fi |
303 |
fi |
226 |
eval echo "\${#${1}}" |
304 |
eval echo "\${#${1}}" |
227 |
} |
305 |
} |
228 |
|
306 |
|
229 |
# Lookup optional bootparams |
307 |
# Lookup optional bootparams |
230 |
parse_opt() { |
308 |
parse_opt() { |
231 |
case "$1" in |
309 |
case "$1" in |
232 |
*\=*) |
310 |
*\=*) |
233 |
local key_name="`echo "$1" | cut -f1 -d=`" |
311 |
local key_name="`echo "$1" | cut -f1 -d=`" |
234 |
local key_len=`strlen key_name` |
312 |
local key_len=`strlen key_name` |
235 |
local value_start=$((key_len+2)) |
313 |
local value_start=$((key_len+2)) |
236 |
echo "$1" | cut -c ${value_start}- |
314 |
echo "$1" | cut -c ${value_start}- |
237 |
;; |
315 |
;; |
238 |
esac |
316 |
esac |
239 |
} |
317 |
} |
240 |
|
318 |
|
241 |
local cryptfs_status=0 |
319 |
local cryptfs_status=0 |
Lines 244-260
Link Here
|
244 |
CMDLINE="`cat /proc/cmdline`" |
322 |
CMDLINE="`cat /proc/cmdline`" |
245 |
for x in ${CMDLINE} |
323 |
for x in ${CMDLINE} |
246 |
do |
324 |
do |
247 |
case "${x}" in |
325 |
case "${x}" in |
248 |
key_timeout\=*) |
326 |
key_timeout\=*) |
249 |
KEY_TIMEOUT=`parse_opt "${x}"` |
327 |
KEY_TIMEOUT=`parse_opt "${x}"` |
250 |
if [ ${KEY_TIMEOUT} -gt 0 ]; then |
328 |
if [ ${KEY_TIMEOUT} -gt 0 ]; then |
251 |
read_timeout="-t ${KEY_TIMEOUT}" |
329 |
read_timeout="-t ${KEY_TIMEOUT}" |
252 |
fi |
330 |
fi |
253 |
;; |
331 |
;; |
254 |
esac |
332 |
esac |
255 |
done |
333 |
done |
256 |
|
334 |
|
257 |
if [[ -f /etc/conf.d/dmcrypt ]] && [[ -x /sbin/cryptsetup ]] ; then |
335 |
if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /sbin/cryptsetup ]] ; then |
258 |
ebegin "Setting up dm-crypt mappings" |
336 |
ebegin "Setting up dm-crypt mappings" |
259 |
|
337 |
|
260 |
# Fix for baselayout-1.12.10 (bug 174256) |
338 |
# Fix for baselayout-1.12.10 (bug 174256) |