Attachment #259555 for bug #255528

View | Details | Raw Unified | Return to bug 255528 | Differences between
Collapse All | Expand All




++ 1.1.3-dm-crypt-start.sh

# /lib/rcscripts/addons/dm-crypt-start.sh

# For backwards compatability with baselayout < 1.13.0 #174256
if [ -z "${SVCNAME}" ] ; then
	case ${myservice} in
		""|checkfs|localmount) SVCNAME=dmcrypt ;;
		*) SVCNAME=${myservice} ;;

dm_crypt_execute_dmcrypt() {
	local dev ret mode foo
	# some colors
	local red='\033[31;01m' green='\033[32;01m' off='\033[0;0m'

	if [ -n "$target" ]; then
		# let user set options, otherwise leave empty

		return
	fi

	if [ -n "${loop_file}" ] ; then
		dev="/dev/mapper/${target}"
		ebegin "  Setting up loop device ${source}"
		/sbin/losetup "${source}" "${loop_file}"
	fi

	# cryptsetup:


	# Handle keys
	if [ -n "$key" ]; then
		reset_stty() {
			stty ${savestty}
			trap - EXIT HUP INT TERM
		}
		read_abort() {
			local ans a b back
			printf " ${green}*${off}  %s? (${red}yes${off}/${green}No${off}) " "$1"
			back=" *  $1? (yes/No) "
			shift
			savestty=`stty -g`
			trap reset_stty EXIT HUP INT TERM
			stty -icanon -echo
			if [ "$1" = '-t' ] && [ "$2" -gt 0 ]; then
				stty min 0 time "$(( $2 * 10 ))"
			fi
			ans=`dd count=1 bs=1 2>/dev/null` || ans=''
			reset_stty
			if [ -z "${ans}" ]; then
				a=''
				b=''
				while [ -n "${back}" ]; do
					a="${a}"'\b'
					b="${b} "
					back=${back%?}
				done
				printf "${a}${b}${a}"
				return 1
			fi
			case "${ans}" in
				y*|Y*) printf "${red}YES${off}\n"; return 0;;
				*) return 1;;
			esac
			printf "${green}No${off}\n"
			return 1
		}

		# Notes: sed not used to avoid case where /usr partition is encrypted.
		mode=${key##*:} && ( [ "$mode" = "$key" ] || [ -z "$mode" ] ) && mode=reg
		key=${key%%:*}
		case "$mode" in
		gpg|reg)
			# handle key on removable device

							&& foo="mount failed" \
							|| foo="mount source not found"
					fi
					i=$(( $i + 1 ))
					read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
				done
			else    # keyfile ! on removable device

	fi
	ebegin "dm-crypt map ${target}"
	einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}"
	if [ "$mode" = "gpg" ]; then
		: ${gpg_options:='-q -d'}
		# gpg available ?
		if command -v gpg >/dev/null 2>&1; then
			local i=0
			while [ $i -lt 3 ]
			do
				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
				# save stdin stdout stderr "values"
				gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3}
				ret="$?"
				[ "$ret" -eq 0 ] && break
				i=$(( $i + 1 ))
			done
			eend "${ret}" "failure running cryptsetup"
		else

			einfo "If you have /usr on its own partition, try copying gpg to /bin ."
		fi
	else
		if [ "$mode" = "reg" ]; then
			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
			ret="$?"
			eend "${ret}" "failure running cryptsetup"

		fi
	fi
	if [ -d "$mntrem" ]; then
		umount -n "${mntrem}" 2>/dev/null >/dev/null
		rmdir "${mntrem}" 2>/dev/null >/dev/null
	fi
	splash svc_input_end ${SVCNAME} >/dev/null 2>&1

	if [ "${ret}" -ne 0 ] ; then
		cryptfs_status=1
	else
		if [ -n "${pre_mount}" ] ; then
			dev="/dev/mapper/${target}"
			ebegin "  Running pre_mount commands for ${target}"
			eval "${pre_mount}" > /dev/null

	fi

	mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2)
	if [ -z "${mount_point}" ] ; then
		ewarn "Failed to find mount point for ${target}, skipping"
		cryptfs_status=1
	fi

	if [ -n "${post_mount}" ] ; then
		ebegin "Running post_mount commands for target ${target}"
		eval "${post_mount}" >/dev/null
		eend $? || cryptfs_status=1

parse_opt() {
	case "$1" in
		*\=*)
			local key_name=${1%%=*}
			local key_len=`strlen key_name`
			local value_start=$(( $key_len + 2 ))
			echo "$1" | cut -c ${value_start}-
		;;
	esac

	esac
done

if [ -f "/etc/conf.d/${SVCNAME}" ] && [ -x /sbin/cryptsetup ] ; then
	ebegin "Setting up dm-crypt mappings"

	while read targetline <&3 ; do
		# skip comments and blank lines
		[[ ${targetline}\# == \#* ]] && continue

		# check for the start of a new target/swap
		case ${targetline} in
			''|'#'*)
				# skip comments and blank lines
				continue
				;;
			target=*|swap=*)
				# If we have a target queued up, then execute it
				dm_crypt_execute_${SVCNAME%.*}

				;;

			gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)
				if [ -z "${target}" ] && [ -z "${swap}" ] ; then
					ewarn "Ignoring setting outside target/swap section: ${targetline}"
					continue
				fi


		# Queue this setting for the next call to dm_crypt_execute_${SVCNAME%.*}
		eval "${targetline}"
	done 3< "/etc/conf.d/${SVCNAME}"

	# If we have a target queued up, then execute it
	dm_crypt_execute_${SVCNAME%.*}
++ 1.1.3-dm-crypt-stop.sh

# /lib/rcscripts/addons/dm-crypt-stop.sh

# Fix for baselayout-1.12.10 (bug 174256)
: ${SVCNAME:="${myservice}"}

# Try to remove any dm-crypt mappings
csetup=/sbin/cryptsetup
if [ -f "/etc/conf.d/${SVCNAME}" ] && [ -x "$csetup" ]
then
	einfo "Removing dm-crypt mappings"

	/bin/egrep "^(target|swap)" "/etc/conf.d/${SVCNAME}" | \
	while read targetline
	do
		target=

		eend $? "Failed to remove dm-crypt mapping for: ${target}"
	done

	if /bin/egrep -q -e "^(source=)./dev/loop*" "/etc/conf.d/${SVCNAME}"; then
		einfo "Taking down any dm-crypt loop devices"
		/bin/egrep -e "^(source)" "/etc/conf.d/${SVCNAME}" | while read sourceline
		do
			source=
			eval "${sourceline}"
			case "${source}" in
			*/dev/loop*)
				ebegin "   Taking down ${source}"
				/sbin/losetup -d ${source}
				eend $? "  Failed to remove loop"
			;;
			esac
		done
	fi
fi

Return to bug 255528

Line Link Here

(-)file_not_specified_in_diff (-46 / +70 lines)
0	-- 1.1.3-dm-crypt-start.sh	0	++ 1.1.3-dm-crypt-start.sh
Lines 1-7 Link Here
1	# /lib/rcscripts/addons/dm-crypt-start.sh	1	# /lib/rcscripts/addons/dm-crypt-start.sh
2		2
3	# For backwards compatability with baselayout < 1.13.0 #174256	3	# For backwards compatability with baselayout < 1.13.0 #174256
4	if [[ -z ${SVCNAME} ]] ; then	4	if [ -z "${SVCNAME}" ] ; then
5	case ${myservice} in	5	case ${myservice} in
6	""\|checkfs\|localmount) SVCNAME=dmcrypt ;;	6	""\|checkfs\|localmount) SVCNAME=dmcrypt ;;
7	*) SVCNAME=${myservice} ;;	7	*) SVCNAME=${myservice} ;;
Lines 21-27 Link Here
21	dm_crypt_execute_dmcrypt() {	21	dm_crypt_execute_dmcrypt() {
22	local dev ret mode foo	22	local dev ret mode foo
23	# some colors	23	# some colors
24	local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m'	24	local red='\033[31;01m' green='\033[32;01m' off='\033[0;0m'
25		25
26	if [ -n "$target" ]; then	26	if [ -n "$target" ]; then
27	# let user set options, otherwise leave empty	27	# let user set options, otherwise leave empty
Lines 47-56 Link Here
47	return	47	return
48	fi	48	fi
49		49
50	if [[ -n ${loop_file} ]] ; then	50	if [ -n "${loop_file}" ] ; then
51	dev="/dev/mapper/${target}"	51	dev="/dev/mapper/${target}"
52	ebegin " Setting up loop device ${source}"	52	ebegin " Setting up loop device ${source}"
53	/sbin/losetup ${source} ${loop_file}	53	/sbin/losetup "${source}" "${loop_file}"
54	fi	54	fi
55		55
56	# cryptsetup:	56	# cryptsetup:
Lines 72-97 Link Here
72		72
73	# Handle keys	73	# Handle keys
74	if [ -n "$key" ]; then	74	if [ -n "$key" ]; then
		75	reset_stty() {
		76	stty ${savestty}
		77	trap - EXIT HUP INT TERM
		78	}
75	read_abort() {	79	read_abort() {
76	local ans	80	local ans a b back
77	local prompt=" ${green}*${off} $1? (${red}yes${off}/${green}No${off}) "	81	printf " ${green}*${off} %s? (${red}yes${off}/${green}No${off}) " "$1"
		82	back=" * $1? (yes/No) "
78	shift	83	shift
79	echo -n -e "${prompt}"	84	savestty=`stty -g`
80	if ! read -n 1 $* ans ; then	85	trap reset_stty EXIT HUP INT TERM
81	local back=${prompt//?/\\b}	86	stty -icanon -echo
82	echo -n -e "${back}"	87	if [ "$1" = '-t' ] && [ "$2" -gt 0 ]; then
83	else	88	stty min 0 time "$(( $2 * 10 ))"
84	echo	89	fi
		90	ans=`dd count=1 bs=1 2>/dev/null` \|\| ans=''
		91	reset_stty
		92	if [ -z "${ans}" ]; then
		93	a=''
		94	b=''
		95	while [ -n "${back}" ]; do
		96	a="${a}"'\b'
		97	b="${b} "
		98	back=${back%?}
		99	done
		100	printf "${a}${b}${a}"
		101	return 1
85	fi	102	fi
86	case $ans in	103	case "${ans}" in
87	[yY]\|[yY][eE][sS]) return 0;;	104	y\|Y) printf "${red}YES${off}\n"; return 0;;
88	*) return 1;;
89	esac	105	esac
		106	printf "${green}No${off}\n"
		107	return 1
90	}	108	}
91		109
92	# Notes: sed not used to avoid case where /usr partition is encrypted.	110	# Notes: sed not used to avoid case where /usr partition is encrypted.
93	mode=${key/*:/} && ( [ "$mode" == "$key" ] \|\| [ -z "$mode" ] ) && mode=reg	111	mode=${key##*:} && ( [ "$mode" = "$key" ] \|\| [ -z "$mode" ] ) && mode=reg
94	key=${key/:*/}	112	key=${key%%:*}
95	case "$mode" in	113	case "$mode" in
96	gpg\|reg)	114	gpg\|reg)
97	# handle key on removable device	115	# handle key on removable device
Lines 125-131 Link Here
125	&& foo="mount failed" \	143	&& foo="mount failed" \
126	\|\| foo="mount source not found"	144	\|\| foo="mount source not found"
127	fi	145	fi
128	((++i))	146	i=$(( $i + 1 ))
129	read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return	147	read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
130	done	148	done
131	else # keyfile ! on removable device	149	else # keyfile ! on removable device
Lines 147-163 Link Here
147	fi	165	fi
148	ebegin "dm-crypt map ${target}"	166	ebegin "dm-crypt map ${target}"
149	einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}"	167	einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}"
150	if [ "$mode" == "gpg" ]; then	168	if [ "$mode" = "gpg" ]; then
151	: ${gpg_options:='-q -d'}	169	: ${gpg_options:='-q -d'}
152	# gpg available ?	170	# gpg available ?
153	if type -p gpg >/dev/null ; then	171	if command -v gpg >/dev/null 2>&1; then
154	for (( i = 0 ; i < 3 ; i++ ))	172	local i=0
		173	while [ $i -lt 3 ]
155	do	174	do
156	# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.	175	# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
157	# save stdin stdout stderr "values"	176	# save stdin stdout stderr "values"
158	gpg ${gpg_options} ${key} 2>/dev/null \| cryptsetup ${options} ${arg1} ${arg2} ${arg3}	177	gpg ${gpg_options} ${key} 2>/dev/null \| cryptsetup ${options} ${arg1} ${arg2} ${arg3}
159	ret="$?"	178	ret="$?"
160	[ "$ret" -eq 0 ] && break	179	[ "$ret" -eq 0 ] && break
		180	i=$(( $i + 1 ))
161	done	181	done
162	eend "${ret}" "failure running cryptsetup"	182	eend "${ret}" "failure running cryptsetup"
163	else	183	else
Lines 167-173 Link Here
167	einfo "If you have /usr on its own partition, try copying gpg to /bin ."	187	einfo "If you have /usr on its own partition, try copying gpg to /bin ."
168	fi	188	fi
169	else	189	else
170	if [ "$mode" == "reg" ]; then	190	if [ "$mode" = "reg" ]; then
171	cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}	191	cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
172	ret="$?"	192	ret="$?"
173	eend "${ret}" "failure running cryptsetup"	193	eend "${ret}" "failure running cryptsetup"
Lines 178-192 Link Here
178	fi	198	fi
179	fi	199	fi
180	if [ -d "$mntrem" ]; then	200	if [ -d "$mntrem" ]; then
181	umount -n ${mntrem} 2>/dev/null >/dev/null	201	umount -n "${mntrem}" 2>/dev/null >/dev/null
182	rmdir ${mntrem} 2>/dev/null >/dev/null	202	rmdir "${mntrem}" 2>/dev/null >/dev/null
183	fi	203	fi
184	splash svc_input_end ${SVCNAME} >/dev/null 2>&1	204	splash svc_input_end ${SVCNAME} >/dev/null 2>&1
185		205
186	if [[ ${ret} != 0 ]] ; then	206	if [ "${ret}" -ne 0 ] ; then
187	cryptfs_status=1	207	cryptfs_status=1
188	else	208	else
189	if [[ -n ${pre_mount} ]] ; then	209	if [ -n "${pre_mount}" ] ; then
190	dev="/dev/mapper/${target}"	210	dev="/dev/mapper/${target}"
191	ebegin " Running pre_mount commands for ${target}"	211	ebegin " Running pre_mount commands for ${target}"
192	eval "${pre_mount}" > /dev/null	212	eval "${pre_mount}" > /dev/null
Lines 210-221 Link Here
210	fi	230	fi
211		231
212	mount_point=$(grep "/dev/mapper/${target}" /proc/mounts \| cut -d' ' -f2)	232	mount_point=$(grep "/dev/mapper/${target}" /proc/mounts \| cut -d' ' -f2)
213	if [[ -z ${mount_point} ]] ; then	233	if [ -z "${mount_point}" ] ; then
214	ewarn "Failed to find mount point for ${target}, skipping"	234	ewarn "Failed to find mount point for ${target}, skipping"
215	cryptfs_status=1	235	cryptfs_status=1
216	fi	236	fi
217		237
218	if [[ -n ${post_mount} ]] ; then	238	if [ -n "${post_mount}" ] ; then
219	ebegin "Running post_mount commands for target ${target}"	239	ebegin "Running post_mount commands for target ${target}"
220	eval "${post_mount}" >/dev/null	240	eval "${post_mount}" >/dev/null
221	eend $? \|\| cryptfs_status=1	241	eend $? \|\| cryptfs_status=1
Lines 236-244 Link Here
236	parse_opt() {	256	parse_opt() {
237	case "$1" in	257	case "$1" in
238	\=)	258	\=)
239	local key_name="`echo "$1" \| cut -f1 -d=`"	259	local key_name=${1%%=*}
240	local key_len=`strlen key_name`	260	local key_len=`strlen key_name`
241	local value_start=$((key_len+2))	261	local value_start=$(( $key_len + 2 ))
242	echo "$1" \| cut -c ${value_start}-	262	echo "$1" \| cut -c ${value_start}-
243	;;	263	;;
244	esac	264	esac
Lines 260-274 Link Here
260	esac	280	esac
261	done	281	done
262		282
263	if [[ -f /etc/conf.d/${SVCNAME} ]] && [[ -x /sbin/cryptsetup ]] ; then	283	if [ -f "/etc/conf.d/${SVCNAME}" ] && [ -x /sbin/cryptsetup ] ; then
264	ebegin "Setting up dm-crypt mappings"	284	ebegin "Setting up dm-crypt mappings"
265		285
266	while read -u 3 targetline ; do	286	while read targetline <&3 ; do
267	# skip comments and blank lines
268	[[ ${targetline}\# == \#* ]] && continue
269		287
270	# check for the start of a new target/swap	288	# check for the start of a new target/swap
271	case ${targetline} in	289	case ${targetline} in
		290	''\|'#'*)
		291	# skip comments and blank lines
		292	continue
		293	;;
272	target=\|swap=)	294	target=\|swap=)
273	# If we have a target queued up, then execute it	295	# If we have a target queued up, then execute it
274	dm_crypt_execute_${SVCNAME%.*}	296	dm_crypt_execute_${SVCNAME%.*}
Lines 278-284 Link Here
278	;;	300	;;
279		301
280	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|source=)	302	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|source=)
281	if [[ -z ${target} && -z ${swap} ]] ; then	303	if [ -z "${target}" ] && [ -z "${swap}" ] ; then
282	ewarn "Ignoring setting outside target/swap section: ${targetline}"	304	ewarn "Ignoring setting outside target/swap section: ${targetline}"
283	continue	305	continue
284	fi	306	fi
Lines 296-302 Link Here
296		318
297	# Queue this setting for the next call to dm_crypt_execute_${SVCNAME%.*}	319	# Queue this setting for the next call to dm_crypt_execute_${SVCNAME%.*}
298	eval "${targetline}"	320	eval "${targetline}"
299	done 3< /etc/conf.d/${SVCNAME}	321	done 3< "/etc/conf.d/${SVCNAME}"
300		322
301	# If we have a target queued up, then execute it	323	# If we have a target queued up, then execute it
302	dm_crypt_execute_${SVCNAME%.*}	324	dm_crypt_execute_${SVCNAME%.*}
303	-- 1.1.3-dm-crypt-stop.sh	325	++ 1.1.3-dm-crypt-stop.sh
Lines 1-15 Link Here
1	# /lib/rcscripts/addons/dm-crypt-stop.sh	1	# /lib/rcscripts/addons/dm-crypt-stop.sh
2		2
3	# Fix for baselayout-1.12.10 (bug 174256)	3	# Fix for baselayout-1.12.10 (bug 174256)
4	: ${SVCNAME:=${myservice}}	4	: ${SVCNAME:="${myservice}"}
5		5
6	# Try to remove any dm-crypt mappings	6	# Try to remove any dm-crypt mappings
7	csetup=/sbin/cryptsetup	7	csetup=/sbin/cryptsetup
8	if [ -f /etc/conf.d/${SVCNAME} ] && [ -x "$csetup" ]	8	if [ -f "/etc/conf.d/${SVCNAME}" ] && [ -x "$csetup" ]
9	then	9	then
10	einfo "Removing dm-crypt mappings"	10	einfo "Removing dm-crypt mappings"
11		11
12	/bin/egrep "^(target\|swap)" /etc/conf.d/${SVCNAME} \| \	12	/bin/egrep "^(target\|swap)" "/etc/conf.d/${SVCNAME}" \| \
13	while read targetline	13	while read targetline
14	do	14	do
15	target=	15	target=
Lines 25-41 Link Here
25	eend $? "Failed to remove dm-crypt mapping for: ${target}"	25	eend $? "Failed to remove dm-crypt mapping for: ${target}"
26	done	26	done
27		27
28	if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" /etc/conf.d/${SVCNAME}) ]] ; then	28	if /bin/egrep -q -e "^(source=)./dev/loop*" "/etc/conf.d/${SVCNAME}"; then
29	einfo "Taking down any dm-crypt loop devices"	29	einfo "Taking down any dm-crypt loop devices"
30	/bin/egrep -e "^(source)" /etc/conf.d/${SVCNAME} \| while read sourceline	30	/bin/egrep -e "^(source)" "/etc/conf.d/${SVCNAME}" \| while read sourceline
31	do	31	do
32	source=	32	source=
33	eval ${sourceline}	33	eval "${sourceline}"
34	if [[ -n $(echo ${source} \| grep /dev/loop) ]] ; then	34	case "${source}" in
		35	/dev/loop)
35	ebegin " Taking down ${source}"	36	ebegin " Taking down ${source}"
36	/sbin/losetup -d ${source}	37	/sbin/losetup -d ${source}
37	eend $? " Failed to remove loop"	38	eend $? " Failed to remove loop"
38	fi	39	;;
		40	esac
39	done	41	done
40	fi	42	fi
41	fi	43	fi