Line
Link Here
|
0 |
-- 1.0.5-dm-crypt-stop.sh |
0 |
++ 1.0.5-dm-crypt-stop.sh |
Lines 22-38
Link Here
|
22 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
22 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
23 |
done |
23 |
done |
24 |
|
24 |
|
25 |
if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" /etc/conf.d/dmcrypt) ]] ; then |
25 |
if [ -n "$(/bin/egrep -e '^(source=)./dev/loop*' /etc/conf.d/dmcrypt)" ] ; then |
26 |
einfo "Taking down any dm-crypt loop devices" |
26 |
einfo "Taking down any dm-crypt loop devices" |
27 |
/bin/egrep -e "^(source)" /etc/conf.d/dmcrypt | while read sourceline |
27 |
/bin/egrep -e "^(source)" /etc/conf.d/dmcrypt | while read sourceline |
28 |
do |
28 |
do |
29 |
source= |
29 |
source= |
30 |
eval ${sourceline} |
30 |
eval ${sourceline} |
31 |
if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then |
31 |
case ${source} in */dev/loop*) |
32 |
ebegin " Taking down ${source}" |
32 |
ebegin " Taking down ${source}" |
33 |
/sbin/losetup -d ${source} |
33 |
/sbin/losetup -d ${source} |
34 |
eend $? " Failed to remove loop" |
34 |
eend $? " Failed to remove loop" |
35 |
fi |
35 |
;; esac |
36 |
done |
36 |
done |
37 |
fi |
37 |
fi |
38 |
fi |
38 |
fi |
39 |
-- 1.0.6-r2-dm-crypt-start.sh |
39 |
++ 1.0.6-r2-dm-crypt-start.sh |
Lines 14-20
Link Here
|
14 |
dm_crypt_execute_dmcrypt() { |
14 |
dm_crypt_execute_dmcrypt() { |
15 |
local dev ret mode foo |
15 |
local dev ret mode foo |
16 |
# some colors |
16 |
# some colors |
17 |
local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m' |
17 |
local red='\033[31;01m' green='\033[32;01m' off='\033[0;0m' |
18 |
|
18 |
|
19 |
if [ -n "$target" ]; then |
19 |
if [ -n "$target" ]; then |
20 |
# let user set options, otherwise leave empty |
20 |
# let user set options, otherwise leave empty |
Lines 40-46
Link Here
|
40 |
return |
40 |
return |
41 |
fi |
41 |
fi |
42 |
|
42 |
|
43 |
if [[ -n ${loop_file} ]] ; then |
43 |
if [ -n "${loop_file}" ] ; then |
44 |
dev="/dev/mapper/${target}" |
44 |
dev="/dev/mapper/${target}" |
45 |
ebegin " Setting up loop device ${source}" |
45 |
ebegin " Setting up loop device ${source}" |
46 |
/sbin/losetup ${source} ${loop_file} |
46 |
/sbin/losetup ${source} ${loop_file} |
Lines 63-74
Link Here
|
63 |
if [ -n "$key" ]; then |
63 |
if [ -n "$key" ]; then |
64 |
read_abort() { |
64 |
read_abort() { |
65 |
local ans |
65 |
local ans |
66 |
local prompt=" ${green}*${off} $1? (${red}yes${off}/${green}No${off}) " |
66 |
local prompt=" ${green}*${off} %s? (${red}yes${off}/${green}No${off}) " |
67 |
shift |
67 |
printf "${prompt}" "$1" |
68 |
echo -n -e "${prompt}" |
68 |
if ! read ans ; then |
69 |
if ! read -n 1 $* ans ; then |
69 |
local prompttext=" * $1? (yes/No) $ans" |
70 |
local back=${prompt//?/\\b} |
70 |
local back="" |
71 |
echo -n -e "${back}" |
71 |
while [ -n "$prompttext" ]; do |
|
|
72 |
back="$back"'\b' |
73 |
prompttext=${prompttext%?} |
74 |
done |
75 |
printf "${back}" |
72 |
else |
76 |
else |
73 |
echo |
77 |
echo |
74 |
fi |
78 |
fi |
Lines 79-86
Link Here
|
79 |
} |
83 |
} |
80 |
|
84 |
|
81 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
85 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
82 |
mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg |
86 |
mode=${key##*:} && ( [ "$mode" = "$key" ] || [ -z "$mode" ] ) && mode=reg |
83 |
key=${key/:*/} |
87 |
key=${key%%:*} |
84 |
case "$mode" in |
88 |
case "$mode" in |
85 |
gpg|reg) |
89 |
gpg|reg) |
86 |
# handle key on removable device |
90 |
# handle key on removable device |
Lines 114-120
Link Here
|
114 |
&& foo="mount failed" \ |
118 |
&& foo="mount failed" \ |
115 |
|| foo="mount source not found" |
119 |
|| foo="mount source not found" |
116 |
fi |
120 |
fi |
117 |
((++i)) |
121 |
i=$(( $i + 1 )) |
118 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
122 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
119 |
done |
123 |
done |
120 |
else # keyfile ! on removable device |
124 |
else # keyfile ! on removable device |
Lines 136-152
Link Here
|
136 |
fi |
140 |
fi |
137 |
ebegin "dm-crypt map ${target}" |
141 |
ebegin "dm-crypt map ${target}" |
138 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
142 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
139 |
if [ "$mode" == "gpg" ]; then |
143 |
if [ "$mode" = "gpg" ]; then |
140 |
: ${gpg_options:='-q -d'} |
144 |
: ${gpg_options:='-q -d'} |
141 |
# gpg available ? |
145 |
# gpg available ? |
142 |
if type -p gpg >/dev/null ; then |
146 |
if command -v gpg >/dev/null 2>&1; then |
143 |
for (( i = 0 ; i < 3 ; i++ )) |
147 |
i=0; while [ $i -lt 3 ] |
144 |
do |
148 |
do |
145 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
149 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
146 |
# save stdin stdout stderr "values" |
150 |
# save stdin stdout stderr "values" |
147 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
151 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
148 |
ret="$?" |
152 |
ret="$?" |
149 |
[ "$ret" -eq 0 ] && break |
153 |
[ "$ret" -eq 0 ] && break |
|
|
154 |
i=$(( $i + 1 )) |
150 |
done |
155 |
done |
151 |
eend "${ret}" "failure running cryptsetup" |
156 |
eend "${ret}" "failure running cryptsetup" |
152 |
else |
157 |
else |
Lines 156-162
Link Here
|
156 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
161 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
157 |
fi |
162 |
fi |
158 |
else |
163 |
else |
159 |
if [ "$mode" == "reg" ]; then |
164 |
if [ "$mode" = "reg" ]; then |
160 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
165 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
161 |
ret="$?" |
166 |
ret="$?" |
162 |
eend "${ret}" "failure running cryptsetup" |
167 |
eend "${ret}" "failure running cryptsetup" |
Lines 172-181
Link Here
|
172 |
fi |
177 |
fi |
173 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
178 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
174 |
|
179 |
|
175 |
if [[ ${ret} != 0 ]] ; then |
180 |
if [ ${ret} -ne 0 ] ; then |
176 |
cryptfs_status=1 |
181 |
cryptfs_status=1 |
177 |
else |
182 |
else |
178 |
if [[ -n ${pre_mount} ]] ; then |
183 |
if [ -n "${pre_mount}" ] ; then |
179 |
dev="/dev/mapper/${target}" |
184 |
dev="/dev/mapper/${target}" |
180 |
ebegin " Running pre_mount commands for ${target}" |
185 |
ebegin " Running pre_mount commands for ${target}" |
181 |
eval "${pre_mount}" > /dev/null |
186 |
eval "${pre_mount}" > /dev/null |
Lines 199-210
Link Here
|
199 |
fi |
204 |
fi |
200 |
|
205 |
|
201 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
206 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
202 |
if [[ -z ${mount_point} ]] ; then |
207 |
if [ -z "${mount_point}" ] ; then |
203 |
ewarn "Failed to find mount point for ${target}, skipping" |
208 |
ewarn "Failed to find mount point for ${target}, skipping" |
204 |
cryptfs_status=1 |
209 |
cryptfs_status=1 |
205 |
fi |
210 |
fi |
206 |
|
211 |
|
207 |
if [[ -n ${post_mount} ]] ; then |
212 |
if [ -n "${post_mount}" ] ; then |
208 |
ebegin "Running post_mount commands for target ${target}" |
213 |
ebegin "Running post_mount commands for target ${target}" |
209 |
eval "${post_mount}" >/dev/null |
214 |
eval "${post_mount}" >/dev/null |
210 |
eend $? || cryptfs_status=1 |
215 |
eend $? || cryptfs_status=1 |
Lines 218-233
Link Here
|
218 |
echo "usage: strlen <variable_name>" |
223 |
echo "usage: strlen <variable_name>" |
219 |
die |
224 |
die |
220 |
fi |
225 |
fi |
221 |
eval echo "\${#${1}}" |
226 |
local s c |
|
|
227 |
eval "s=\$$1" |
228 |
c=0; while [ -n "$s" ]; do c=$(( $c + 1 )); s=${s%?}; done |
229 |
echo $c |
222 |
} |
230 |
} |
223 |
|
231 |
|
224 |
# Lookup optional bootparams |
232 |
# Lookup optional bootparams |
225 |
parse_opt() { |
233 |
parse_opt() { |
226 |
case "$1" in |
234 |
case "$1" in |
227 |
*\=*) |
235 |
*\=*) |
228 |
local key_name="`echo "$1" | cut -f1 -d=`" |
236 |
local key_name=${1%%=*} |
229 |
local key_len=`strlen key_name` |
237 |
local key_len=`strlen key_name` |
230 |
local value_start=$((key_len+2)) |
238 |
local value_start=$(( $key_len + 2 )) |
231 |
echo "$1" | cut -c ${value_start}- |
239 |
echo "$1" | cut -c ${value_start}- |
232 |
;; |
240 |
;; |
233 |
esac |
241 |
esac |
Lines 249-255
Link Here
|
249 |
esac |
257 |
esac |
250 |
done |
258 |
done |
251 |
|
259 |
|
252 |
if [[ -f /etc/conf.d/dmcrypt ]] && [[ -x /sbin/cryptsetup ]] ; then |
260 |
if [ -f /etc/conf.d/dmcrypt ] && [ -x /sbin/cryptsetup ] ; then |
253 |
ebegin "Setting up dm-crypt mappings" |
261 |
ebegin "Setting up dm-crypt mappings" |
254 |
|
262 |
|
255 |
# Fix for baselayout-1.12.10 (bug 174256) |
263 |
# Fix for baselayout-1.12.10 (bug 174256) |
Lines 257-263
Link Here
|
257 |
|
265 |
|
258 |
while read targetline ; do |
266 |
while read targetline ; do |
259 |
# skip comments and blank lines |
267 |
# skip comments and blank lines |
260 |
[[ ${targetline}\# == \#* ]] && continue |
268 |
case ${targetline} in ''|'#'*) continue;; esac |
261 |
|
269 |
|
262 |
# check for the start of a new target/swap |
270 |
# check for the start of a new target/swap |
263 |
case ${targetline} in |
271 |
case ${targetline} in |
Lines 270-276
Link Here
|
270 |
;; |
278 |
;; |
271 |
|
279 |
|
272 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
280 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
273 |
if [[ -z ${target} && -z ${swap} ]] ; then |
281 |
if [ -z "${target}" ] && [ -z "${swap}" ] ; then |
274 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
282 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
275 |
continue |
283 |
continue |
276 |
fi |
284 |
fi |
277 |
-- dm-crypt-start.sh |
285 |
++ dm-crypt-start.sh |
Lines 9-25
Link Here
|
9 |
dm-crypt-execute-checkfs() { |
9 |
dm-crypt-execute-checkfs() { |
10 |
local dev target ret |
10 |
local dev target ret |
11 |
|
11 |
|
12 |
if [[ -n ${loop_file} ]] ; then |
12 |
if [ -n "${loop_file}" ] ; then |
13 |
dev="/dev/mapper/${target}" |
13 |
dev="/dev/mapper/${target}" |
14 |
ebegin " Setting up loop device ${source}" |
14 |
ebegin " Setting up loop device ${source}" |
15 |
/sbin/losetup ${source} ${loop_file} |
15 |
/sbin/losetup ${source} ${loop_file} |
16 |
fi |
16 |
fi |
17 |
|
17 |
|
18 |
if [[ -n ${mount} ]] ; then |
18 |
if [ -n "${mount}" ] ; then |
19 |
target=${mount} |
19 |
target=${mount} |
20 |
: ${options:='-c aes -h sha1'} |
20 |
: ${options:='-c aes -h sha1'} |
21 |
[[ -n ${key} ]] && : ${gpg_options:='-q -d'} |
21 |
[ -n "${key}" ] && : ${gpg_options:='-q -d'} |
22 |
elif [[ -n ${swap} ]] ; then |
22 |
elif [ -n "${swap}" ] ; then |
23 |
target=${swap} |
23 |
target=${swap} |
24 |
: ${options:='-c aes -h sha1 -d /dev/urandom'} |
24 |
: ${options:='-c aes -h sha1 -d /dev/urandom'} |
25 |
: ${pre_mount:='mkswap ${dev}'} |
25 |
: ${pre_mount:='mkswap ${dev}'} |
Lines 34-49
Link Here
|
34 |
|
34 |
|
35 |
splash svc_input_begin checkfs |
35 |
splash svc_input_begin checkfs |
36 |
ebegin "dm-crypt map ${target}" |
36 |
ebegin "dm-crypt map ${target}" |
37 |
if [[ -z ${key} ]] ; then |
37 |
if [ -z "${key}" ] ; then |
38 |
/bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console |
38 |
/bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console |
39 |
ret=$? |
39 |
ret=$? |
40 |
eend ${ret} "failure running cryptsetup" |
40 |
eend ${ret} "failure running cryptsetup" |
41 |
else |
41 |
else |
42 |
if type -p gpg >/dev/null ; then |
42 |
if command -v gpg >/dev/null 2>&1; then |
43 |
ret=1 |
43 |
ret=1 |
44 |
while [[ ${ret} -gt 0 ]] ; do |
44 |
while [ ${ret} -gt 0 ] ; do |
45 |
keystring=$(gpg ${gpg_options} ${key} 2>/dev/null </dev/console) |
45 |
keystring=$(gpg ${gpg_options} ${key} 2>/dev/null </dev/console) |
46 |
if [[ -z ${keystring} ]] ; then |
46 |
if [ -z "${keystring}" ] ; then |
47 |
ret=5 |
47 |
ret=5 |
48 |
else |
48 |
else |
49 |
echo ${keystring} | /bin/cryptsetup ${options} create ${target} ${source} |
49 |
echo ${keystring} | /bin/cryptsetup ${options} create ${target} ${source} |
Lines 57-66
Link Here
|
57 |
fi |
57 |
fi |
58 |
splash svc_input_end checkfs |
58 |
splash svc_input_end checkfs |
59 |
|
59 |
|
60 |
if [[ ${ret} != 0 ]] ; then |
60 |
if [ ${ret} -ne 0 ] ; then |
61 |
cryptfs_status=1 |
61 |
cryptfs_status=1 |
62 |
else |
62 |
else |
63 |
if [[ -n ${pre_mount} ]] ; then |
63 |
if [ -n "${pre_mount}" ] ; then |
64 |
dev="/dev/mapper/${target}" |
64 |
dev="/dev/mapper/${target}" |
65 |
ebegin " Running pre_mount commands for ${target}" |
65 |
ebegin " Running pre_mount commands for ${target}" |
66 |
eval "${pre_mount}" > /dev/null |
66 |
eval "${pre_mount}" > /dev/null |
Lines 75-81
Link Here
|
75 |
dm-crypt-execute-localmount() { |
75 |
dm-crypt-execute-localmount() { |
76 |
local mount_point target |
76 |
local mount_point target |
77 |
|
77 |
|
78 |
if [[ -n ${mount} && -n ${post_mount} ]] ; then |
78 |
if [ -n "${mount}" ] && [ -n "${post_mount}" ] ; then |
79 |
target=${mount} |
79 |
target=${mount} |
80 |
else |
80 |
else |
81 |
return |
81 |
return |
Lines 88-99
Link Here
|
88 |
fi |
88 |
fi |
89 |
|
89 |
|
90 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
90 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
91 |
if [[ -z ${mount_point} ]] ; then |
91 |
if [ -z "${mount_point}" ] ; then |
92 |
ewarn "Failed to find mount point for ${target}, skipping" |
92 |
ewarn "Failed to find mount point for ${target}, skipping" |
93 |
cryptfs_status=1 |
93 |
cryptfs_status=1 |
94 |
fi |
94 |
fi |
95 |
|
95 |
|
96 |
if [[ -n ${post_mount} ]] ; then |
96 |
if [ -n "${post_mount}" ] ; then |
97 |
ebegin "Running post_mount commands for target ${target}" |
97 |
ebegin "Running post_mount commands for target ${target}" |
98 |
eval "${post_mount}" >/dev/null |
98 |
eval "${post_mount}" >/dev/null |
99 |
eend $? || cryptfs_status=1 |
99 |
eend $? || cryptfs_status=1 |
Lines 103-114
Link Here
|
103 |
local cryptfs_status=0 |
103 |
local cryptfs_status=0 |
104 |
local gpg_options key loop_file mount mountline options pre_mount post_mount source swap |
104 |
local gpg_options key loop_file mount mountline options pre_mount post_mount source swap |
105 |
|
105 |
|
106 |
if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /bin/cryptsetup ]] ; then |
106 |
if [ -f /etc/conf.d/cryptfs ] && [ -x /bin/cryptsetup ] ; then |
107 |
ebegin "Setting up dm-crypt mappings" |
107 |
ebegin "Setting up dm-crypt mappings" |
108 |
|
108 |
|
109 |
while read mountline ; do |
109 |
while read mountline ; do |
110 |
# skip comments and blank lines |
110 |
# skip comments and blank lines |
111 |
[[ ${mountline}\# == \#* ]] && continue |
111 |
case ${mountline} in ''|'#'*) continue;; esac |
112 |
|
112 |
|
113 |
# check for the start of a new mount/swap |
113 |
# check for the start of a new mount/swap |
114 |
case ${mountline} in |
114 |
case ${mountline} in |
Lines 121-127
Link Here
|
121 |
;; |
121 |
;; |
122 |
|
122 |
|
123 |
gpg_options=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
123 |
gpg_options=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
124 |
if [[ -z ${mount} && -z ${swap} ]] ; then |
124 |
if [ -z "${mount}" ] && [ -z "${swap}" ] ; then |
125 |
ewarn "Ignoring setting outside mount/swap section: ${mountline}" |
125 |
ewarn "Ignoring setting outside mount/swap section: ${mountline}" |
126 |
continue |
126 |
continue |
127 |
fi |
127 |
fi |
128 |
-- dm-crypt-stop.sh |
128 |
++ dm-crypt-stop.sh |
Lines 32-48
Link Here
|
32 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
32 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
33 |
done |
33 |
done |
34 |
|
34 |
|
35 |
if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" /etc/conf.d/cryptfs) ]] ; then |
35 |
if [ -n "$(/bin/egrep -e '^(source=)./dev/loop*' /etc/conf.d/cryptfs)" ] ; then |
36 |
einfo "Taking down any dm-crypt loop devices" |
36 |
einfo "Taking down any dm-crypt loop devices" |
37 |
/bin/egrep -e "^(source)" /etc/conf.d/cryptfs | while read sourceline |
37 |
/bin/egrep -e "^(source)" /etc/conf.d/cryptfs | while read sourceline |
38 |
do |
38 |
do |
39 |
source= |
39 |
source= |
40 |
eval ${sourceline} |
40 |
eval ${sourceline} |
41 |
if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then |
41 |
case ${source} in */dev/loop*) |
42 |
ebegin " Taking down ${source}" |
42 |
ebegin " Taking down ${source}" |
43 |
/sbin/losetup -d ${source} |
43 |
/sbin/losetup -d ${source} |
44 |
eend $? " Failed to remove loop" |
44 |
eend $? " Failed to remove loop" |
45 |
fi |
45 |
;; esac |
46 |
done |
46 |
done |
47 |
fi |
47 |
fi |
48 |
fi |
48 |
fi |