Attachment #208338 for bug #217959




	[ ! -e /sbin/cryptsetup ] && bad_msg "The ramdisk does not support LUKS" && exit 1
	while [ 1 ]
	do
		local gpg_cmd=""
		# if crypt_silent=1 and some error occurs, enter shell quietly
		if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]
		then

					fi
					# At this point a candidate key exists (either mounted before or not)
					good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
					if [ $(echo ${LUKS_KEY} | grep -o '.gpg$') == ".gpg" ] && [ -e /sbin/gpg ] ; then
						[ -e /dev/tty ] && mv /dev/tty /dev/tty.org
						mknod /dev/tty c 5 1
						cryptsetup_options="-d -"
						gpg_cmd="/sbin/gpg --logger-file /dev/null --quiet --decrypt ${mntkey}${LUKS_KEY} |"
					else
						cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
					fi
				fi
				# At this point, keyfile or not, we're ready!
				crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
				if [ $? -eq 0 ]
				then
					good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}

Lines 93-98 longusage() { Link Here

(-)a/gen_cmdline.sh (+5 lines)
93	echo " ramdisk"	93	echo " ramdisk"
94	echo " --luks Include LUKS support"	94	echo " --luks Include LUKS support"
95	echo " --> 'emerge cryptsetup-luks' with USE=-dynamic"	95	echo " --> 'emerge cryptsetup-luks' with USE=-dynamic"
		96	echo " --gpg Include GPG-armored LUKS key support"
96	echo " --no-busybox Do not include busybox in the initramfs."	97	echo " --no-busybox Do not include busybox in the initramfs."
97	echo " --unionfs Include support for unionfs"	98	echo " --unionfs Include support for unionfs"
98	echo " --netboot Create a self-contained env in the initramfs"	99	echo " --netboot Create a self-contained env in the initramfs"
Lines 515-520 parse_cmdline() { Link Here
515	CMD_LUKS=1	516	CMD_LUKS=1
516	print_info 2 "CMD_LUKS: ${CMD_LUKS}"	517	print_info 2 "CMD_LUKS: ${CMD_LUKS}"
517	;;	518	;;
		519	--gpg)
		520	CMD_GPG=1
		521	print_info 2 "CMD_GPG: ${CMD_GPG}"
		522	;;
518	--firmware)	523	--firmware)
519	CMD_FIRMWARE=1	524	CMD_FIRMWARE=1
520	print_info 2 "CMD_FIRMWARE: ${CMD_FIRMWARE}"	525	print_info 2 "CMD_FIRMWARE: ${CMD_FIRMWARE}"




		rm -rf "${UNIONFS_FUSE_DIR}" > /dev/null
	fi
}

compile_gpg() {
	if [ ! -f "${GPG_BINCACHE}" ]
	then
		[ ! -f "${GPG_SRCTAR}" ] &&
			gen_die "Could not find gnupg source tarball: ${GPG_SRCTAR}. Please place it there, or place another version, changing /etc/genkernel.conf as necessary!"
		cd "${TEMP}"
		rm -rf "${GPG_DIR}"
		tar -jxf "${GPG_SRCTAR}"
		[ ! -d "${GPG_DIR}" ] &&
			gen_die "gnupg directory ${GPG_DIR} invalid"
		cd "${GPG_DIR}"
		print_info 1 'gnupg: >> Configuring...'
		# --enable-minimal works, but it doesn't reduce the command length much.
		# Given its history and the precision this needs, explicit is cleaner.
		LDFLAGS='-static' CFLAGS='-Os' ./configure --prefix=/ \
			--enable-static-rnd=linux --disable-dev-random --disable-asm \
			--disable-selinux-support --disable-gnupg-iconv --disable-card-support \
			--disable-agent-support --disable-bzip2 --disable-exec \
			--disable-photo-viewers --disable-keyserver-helpers --disable-ldap \
			--disable-hkp --disable-finger --disable-generic --disable-mailto \
			--disable-keyserver-path --disable-dns-srv --disable-dns-pka \
			--disable-dns-cert --disable-nls --disable-threads --disable-regex \
			--disable-optimization --with-included-zlib --without-capabilities \
			--without-tar --without-ldap --without-libcurl --without-mailprog \
			--without-libpth-prefix --without-libiconv-prefix --without-libintl-prefix\
			--without-zlib --without-bzip2 --without-libusb --without-readline \
				>> ${LOGFILE} 2>&1 || gen_die 'Configuring gnupg failed!'
		print_info 1 'gnupg: >> Compiling...'
		MAKE=${UTILS_MAKE} compile_generic "" ""
		print_info 1 'gnupg: >> Copying to cache...'
		[ -f "${TEMP}/${GPG_DIR}/g10/gpg" ] ||
			gen_die 'gnupg executable does not exist!'
		strip "${TEMP}/${GPG_DIR}/g10/gpg" ||
			gen_die 'Could not strip gpg binary!'
		bzip2 -z -c "${TEMP}/${GPG_DIR}/g10/gpg" > "${GPG_BINCACHE}" ||
			gen_die 'Could not copy the gpg binary to the package directory, does the directory exist?'

		cd "${TEMP}"
		rm -rf "${GPG_DIR}" > /dev/null
	fi
}




	set_config_with_override 2 REAL_ROOT			CMD_REAL_ROOT
	set_config_with_override 1 DISKLABEL            CMD_DISKLABEL
	set_config_with_override 1 LUKS                 CMD_LUKS
	set_config_with_override 1 GPG                  CMD_GPG
	set_config_with_override 1 MDADM                CMD_MDADM
	set_config_with_override 1 MULTIPATH            CMD_MULTIPATH
	set_config_with_override 1 FIRMWARE             CMD_FIRMWARE

	BLKID_BINCACHE=`cache_replace "${BLKID_BINCACHE}"`
	FUSE_BINCACHE=`cache_replace "${FUSE_BINCACHE}"`
	UNIONFS_FUSE_BINCACHE=`cache_replace "${UNIONFS_FUSE_BINCACHE}"`
	GPG_BINCACHE=`cache_replace "${GPG_BINCACHE}"`
  
	DEFAULT_KERNEL_CONFIG=`arch_replace "${DEFAULT_KERNEL_CONFIG}"`
	BUSYBOX_CONFIG=`arch_replace "${BUSYBOX_CONFIG}"`

	BLKID_BINCACHE=`arch_replace "${BLKID_BINCACHE}"`
	FUSE_BINCACHE=`arch_replace "${FUSE_BINCACHE}"`
	UNIONFS_FUSE_BINCACHE=`arch_replace "${UNIONFS_FUSE_BINCACHE}"`
	GPG_BINCACHE=`arch_replace "${GPG_BINCACHE}"`

	if [ -n "${CMD_BOOTLOADER}" ]
	then

Lines 500-506 set_config_with_override() { Link Here

(-)a/gen_funcs.sh (-1 / +1 lines)
500	}	500	}
501		501
502	check_distfiles() {	502	check_distfiles() {
503	for i in $BUSYBOX_SRCTAR $DEVICE_MAPPER_SRCTAR $MULTIPATH_SRCTAR $LVM_SRCTAR $DMRAID_SRCTAR $E2FSPROGS_SRCTAR	503	for i in $BUSYBOX_SRCTAR $DEVICE_MAPPER_SRCTAR $MULTIPATH_SRCTAR $LVM_SRCTAR $DMRAID_SRCTAR $E2FSPROGS_SRCTAR $GPG_SRCTAR
504	do	504	do
505	if [ ! -f "${i}" ]	505	if [ ! -f "${i}" ]
506	then	506	then




	rm -r "${TEMP}/initramfs-firmware-temp/"
}

append_gpg() {
	if [ -d "${TEMP}/initramfs-gpg-temp" ]
	then
		rm -r "${TEMP}/initramfs-gpg-temp"
	fi
	cd ${TEMP}
	mkdir -p "${TEMP}/initramfs-gpg-temp/sbin/"
	if [ ! -e ${GPG_BINCACHE} ] ; then
		print_info 1 '		GPG: Adding support (compiling binaries)...'
		compile_gpg
	fi
	bzip2 -dc "${GPG_BINCACHE}" > "${TEMP}/initramfs-gpg-temp/sbin/gpg" ||
		gen_die 'Could not extract gpg binary cache!'
	chmod a+x "${TEMP}/initramfs-gpg-temp/sbin/gpg"
	cd "${TEMP}/initramfs-gpg-temp/"
	find . -print | cpio ${CPIO_ARGS} --append -F "${CPIO}"
	rm -rf "${TEMP}/initramfs-gpg-temp" > /dev/null
}

print_list()
{
	local x

	append_data 'mdadm' "${MDADM}"
	append_data 'luks' "${LUKS}"
	append_data 'multipath' "${MULTIPATH}"
	append_data 'gpg' "${GPG}"

	if [ "${NORAMDISKMODULES}" -eq '0' ]
	then

Lines 178-180 UNIONFS_FUSE_VER="VERSION_UNIONFS_FUSE" Link Here

(-)a/genkernel.conf (+5 lines)
178	UNIONFS_FUSE_DIR="unionfs-fuse-${UNIONFS_FUSE_VER}"	178	UNIONFS_FUSE_DIR="unionfs-fuse-${UNIONFS_FUSE_VER}"
179	UNIONFS_FUSE_SRCTAR="${DISTDIR}/unionfs-fuse-${UNIONFS_FUSE_VER}.tar.bz2"	179	UNIONFS_FUSE_SRCTAR="${DISTDIR}/unionfs-fuse-${UNIONFS_FUSE_VER}.tar.bz2"
180	UNIONFS_FUSE_BINCACHE="%%CACHE%%/unionfs-fuse-${UNIONFS_FUSE_VER}-%%ARCH%%.bz2"	180	UNIONFS_FUSE_BINCACHE="%%CACHE%%/unionfs-fuse-${UNIONFS_FUSE_VER}-%%ARCH%%.bz2"
		181
		182	GPG_VER="VERSION_GPG"
		183	GPG_DIR="gnupg-${GPG_VER}"
		184	GPG_SRCTAR="${DISTDIR}/gnupg-${GPG_VER}.tar.bz2"
		185	GPG_BINCACHE="%%CACHE%%/gnupg-${GPG_VER}-%%ARCH%%.bz2"

Return to bug 217959

Lines 651-656 openLUKS() { Link Here

(-)a/defaults/initrd.scripts (-2 / +10 lines)
651	[ ! -e /sbin/cryptsetup ] && bad_msg "The ramdisk does not support LUKS" && exit 1	651	[ ! -e /sbin/cryptsetup ] && bad_msg "The ramdisk does not support LUKS" && exit 1
652	while [ 1 ]	652	while [ 1 ]
653	do	653	do
		654	local gpg_cmd=""
654	# if crypt_silent=1 and some error occurs, enter shell quietly	655	# if crypt_silent=1 and some error occurs, enter shell quietly
655	if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]	656	if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]
656	then	657	then
Lines 735-744 openLUKS() { Link Here
735	fi	736	fi
736	# At this point a candidate key exists (either mounted before or not)	737	# At this point a candidate key exists (either mounted before or not)
737	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}	738	good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
738	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"	739	if [ $(echo ${LUKS_KEY} \| grep -o '.gpg$') == ".gpg" ] && [ -e /sbin/gpg ] ; then
		740	[ -e /dev/tty ] && mv /dev/tty /dev/tty.org
		741	mknod /dev/tty c 5 1
		742	cryptsetup_options="-d -"
		743	gpg_cmd="/sbin/gpg --logger-file /dev/null --quiet --decrypt ${mntkey}${LUKS_KEY} \|"
		744	else
		745	cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
		746	fi
739	fi	747	fi
740	# At this point, keyfile or not, we're ready!	748	# At this point, keyfile or not, we're ready!
741	crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"	749	crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
742	if [ $? -eq 0 ]	750	if [ $? -eq 0 ]
743	then	751	then
744	good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}	752	good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}

Lines 620-622 compile_unionfs_fuse() { Link Here

(-)a/gen_compile.sh (+42 lines)
620	rm -rf "${UNIONFS_FUSE_DIR}" > /dev/null	620	rm -rf "${UNIONFS_FUSE_DIR}" > /dev/null
621	fi	621	fi
622	}	622	}
		623
		624	compile_gpg() {
		625	if [ ! -f "${GPG_BINCACHE}" ]
		626	then
		627	[ ! -f "${GPG_SRCTAR}" ] &&
		628	gen_die "Could not find gnupg source tarball: ${GPG_SRCTAR}. Please place it there, or place another version, changing /etc/genkernel.conf as necessary!"
		629	cd "${TEMP}"
		630	rm -rf "${GPG_DIR}"
		631	tar -jxf "${GPG_SRCTAR}"
		632	[ ! -d "${GPG_DIR}" ] &&
		633	gen_die "gnupg directory ${GPG_DIR} invalid"
		634	cd "${GPG_DIR}"
		635	print_info 1 'gnupg: >> Configuring...'
		636	# --enable-minimal works, but it doesn't reduce the command length much.
		637	# Given its history and the precision this needs, explicit is cleaner.
		638	LDFLAGS='-static' CFLAGS='-Os' ./configure --prefix=/ \
		639	--enable-static-rnd=linux --disable-dev-random --disable-asm \
		640	--disable-selinux-support --disable-gnupg-iconv --disable-card-support \
		641	--disable-agent-support --disable-bzip2 --disable-exec \
		642	--disable-photo-viewers --disable-keyserver-helpers --disable-ldap \
		643	--disable-hkp --disable-finger --disable-generic --disable-mailto \
		644	--disable-keyserver-path --disable-dns-srv --disable-dns-pka \
		645	--disable-dns-cert --disable-nls --disable-threads --disable-regex \
		646	--disable-optimization --with-included-zlib --without-capabilities \
		647	--without-tar --without-ldap --without-libcurl --without-mailprog \
		648	--without-libpth-prefix --without-libiconv-prefix --without-libintl-prefix\
		649	--without-zlib --without-bzip2 --without-libusb --without-readline \
		650	>> ${LOGFILE} 2>&1 \|\| gen_die 'Configuring gnupg failed!'
		651	print_info 1 'gnupg: >> Compiling...'
		652	MAKE=${UTILS_MAKE} compile_generic "" ""
		653	print_info 1 'gnupg: >> Copying to cache...'
		654	[ -f "${TEMP}/${GPG_DIR}/g10/gpg" ] \|\|
		655	gen_die 'gnupg executable does not exist!'
		656	strip "${TEMP}/${GPG_DIR}/g10/gpg" \|\|
		657	gen_die 'Could not strip gpg binary!'
		658	bzip2 -z -c "${TEMP}/${GPG_DIR}/g10/gpg" > "${GPG_BINCACHE}" \|\|
		659	gen_die 'Could not copy the gpg binary to the package directory, does the directory exist?'
		660
		661	cd "${TEMP}"
		662	rm -rf "${GPG_DIR}" > /dev/null
		663	fi
		664	}

Lines 407-412 append_firmware() { Link Here

(-)a/gen_initramfs.sh (+20 lines)
407	rm -r "${TEMP}/initramfs-firmware-temp/"	407	rm -r "${TEMP}/initramfs-firmware-temp/"
408	}	408	}
409		409
		410	append_gpg() {
		411	if [ -d "${TEMP}/initramfs-gpg-temp" ]
		412	then
		413	rm -r "${TEMP}/initramfs-gpg-temp"
		414	fi
		415	cd ${TEMP}
		416	mkdir -p "${TEMP}/initramfs-gpg-temp/sbin/"
		417	if [ ! -e ${GPG_BINCACHE} ] ; then
		418	print_info 1 ' GPG: Adding support (compiling binaries)...'
		419	compile_gpg
		420	fi
		421	bzip2 -dc "${GPG_BINCACHE}" > "${TEMP}/initramfs-gpg-temp/sbin/gpg" \|\|
		422	gen_die 'Could not extract gpg binary cache!'
		423	chmod a+x "${TEMP}/initramfs-gpg-temp/sbin/gpg"
		424	cd "${TEMP}/initramfs-gpg-temp/"
		425	find . -print \| cpio ${CPIO_ARGS} --append -F "${CPIO}"
		426	rm -rf "${TEMP}/initramfs-gpg-temp" > /dev/null
		427	}
		428
410	print_list()	429	print_list()
411	{	430	{
412	local x	431	local x
Lines 594-599 create_initramfs() { Link Here
594	append_data 'mdadm' "${MDADM}"	613	append_data 'mdadm' "${MDADM}"
595	append_data 'luks' "${LUKS}"	614	append_data 'luks' "${LUKS}"
596	append_data 'multipath' "${MULTIPATH}"	615	append_data 'multipath' "${MULTIPATH}"
		616	append_data 'gpg' "${GPG}"
597		617
598	if [ "${NORAMDISKMODULES}" -eq '0' ]	618	if [ "${NORAMDISKMODULES}" -eq '0' ]
599	then	619	then

Lines 109-114 determine_real_args() { Link Here

(-)a/gen_determineargs.sh (+3 lines)
109	set_config_with_override 2 REAL_ROOT CMD_REAL_ROOT	109	set_config_with_override 2 REAL_ROOT CMD_REAL_ROOT
110	set_config_with_override 1 DISKLABEL CMD_DISKLABEL	110	set_config_with_override 1 DISKLABEL CMD_DISKLABEL
111	set_config_with_override 1 LUKS CMD_LUKS	111	set_config_with_override 1 LUKS CMD_LUKS
		112	set_config_with_override 1 GPG CMD_GPG
112	set_config_with_override 1 MDADM CMD_MDADM	113	set_config_with_override 1 MDADM CMD_MDADM
113	set_config_with_override 1 MULTIPATH CMD_MULTIPATH	114	set_config_with_override 1 MULTIPATH CMD_MULTIPATH
114	set_config_with_override 1 FIRMWARE CMD_FIRMWARE	115	set_config_with_override 1 FIRMWARE CMD_FIRMWARE
Lines 131-136 determine_real_args() { Link Here
131	BLKID_BINCACHE=`cache_replace "${BLKID_BINCACHE}"`	132	BLKID_BINCACHE=`cache_replace "${BLKID_BINCACHE}"`
132	FUSE_BINCACHE=`cache_replace "${FUSE_BINCACHE}"`	133	FUSE_BINCACHE=`cache_replace "${FUSE_BINCACHE}"`
133	UNIONFS_FUSE_BINCACHE=`cache_replace "${UNIONFS_FUSE_BINCACHE}"`	134	UNIONFS_FUSE_BINCACHE=`cache_replace "${UNIONFS_FUSE_BINCACHE}"`
		135	GPG_BINCACHE=`cache_replace "${GPG_BINCACHE}"`
134		136
135	DEFAULT_KERNEL_CONFIG=`arch_replace "${DEFAULT_KERNEL_CONFIG}"`	137	DEFAULT_KERNEL_CONFIG=`arch_replace "${DEFAULT_KERNEL_CONFIG}"`
136	BUSYBOX_CONFIG=`arch_replace "${BUSYBOX_CONFIG}"`	138	BUSYBOX_CONFIG=`arch_replace "${BUSYBOX_CONFIG}"`
Lines 141-146 determine_real_args() { Link Here
141	BLKID_BINCACHE=`arch_replace "${BLKID_BINCACHE}"`	143	BLKID_BINCACHE=`arch_replace "${BLKID_BINCACHE}"`
142	FUSE_BINCACHE=`arch_replace "${FUSE_BINCACHE}"`	144	FUSE_BINCACHE=`arch_replace "${FUSE_BINCACHE}"`
143	UNIONFS_FUSE_BINCACHE=`arch_replace "${UNIONFS_FUSE_BINCACHE}"`	145	UNIONFS_FUSE_BINCACHE=`arch_replace "${UNIONFS_FUSE_BINCACHE}"`
		146	GPG_BINCACHE=`arch_replace "${GPG_BINCACHE}"`
144		147
145	if [ -n "${CMD_BOOTLOADER}" ]	148	if [ -n "${CMD_BOOTLOADER}" ]
146	then	149	then