Line
Link Here
|
0 |
-- 1.1.3-dm-crypt-start.sh |
0 |
++ 1.1.3-dm-crypt-start.sh |
Lines 1-7
Link Here
|
1 |
# /lib/rcscripts/addons/dm-crypt-start.sh |
1 |
# /lib/rcscripts/addons/dm-crypt-start.sh |
2 |
|
2 |
|
3 |
# For backwards compatability with baselayout < 1.13.0 #174256 |
3 |
# For backwards compatability with baselayout < 1.13.0 #174256 |
4 |
if [[ -z ${SVCNAME} ]] ; then |
4 |
if [ -z "${SVCNAME}" ] ; then |
5 |
case ${myservice} in |
5 |
case ${myservice} in |
6 |
""|checkfs|localmount) SVCNAME=dmcrypt ;; |
6 |
""|checkfs|localmount) SVCNAME=dmcrypt ;; |
7 |
*) SVCNAME=${myservice} ;; |
7 |
*) SVCNAME=${myservice} ;; |
Lines 21-27
Link Here
|
21 |
dm_crypt_execute_dmcrypt() { |
21 |
dm_crypt_execute_dmcrypt() { |
22 |
local dev ret mode foo |
22 |
local dev ret mode foo |
23 |
# some colors |
23 |
# some colors |
24 |
local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m' |
24 |
local red='\033[31;01m' green='\033[32;01m' off='\033[0;0m' |
25 |
|
25 |
|
26 |
if [ -n "$target" ]; then |
26 |
if [ -n "$target" ]; then |
27 |
# let user set options, otherwise leave empty |
27 |
# let user set options, otherwise leave empty |
Lines 47-56
Link Here
|
47 |
return |
47 |
return |
48 |
fi |
48 |
fi |
49 |
|
49 |
|
50 |
if [[ -n ${loop_file} ]] ; then |
50 |
if [ -n "${loop_file}" ] ; then |
51 |
dev="/dev/mapper/${target}" |
51 |
dev="/dev/mapper/${target}" |
52 |
ebegin " Setting up loop device ${source}" |
52 |
ebegin " Setting up loop device ${source}" |
53 |
/sbin/losetup ${source} ${loop_file} |
53 |
/sbin/losetup "${source}" "${loop_file}" |
54 |
fi |
54 |
fi |
55 |
|
55 |
|
56 |
# cryptsetup: |
56 |
# cryptsetup: |
Lines 72-97
Link Here
|
72 |
|
72 |
|
73 |
# Handle keys |
73 |
# Handle keys |
74 |
if [ -n "$key" ]; then |
74 |
if [ -n "$key" ]; then |
|
|
75 |
reset_stty() { |
76 |
stty ${savestty} |
77 |
trap - EXIT HUP INT TERM |
78 |
} |
75 |
read_abort() { |
79 |
read_abort() { |
76 |
local ans |
80 |
local ans a b back |
77 |
local prompt=" ${green}*${off} $1? (${red}yes${off}/${green}No${off}) " |
81 |
printf " ${green}*${off} %s? (${red}yes${off}/${green}No${off}) " "$1" |
|
|
82 |
back=" * $1? (yes/No) " |
78 |
shift |
83 |
shift |
79 |
echo -n -e "${prompt}" |
84 |
savestty=`stty -g` |
80 |
if ! read -n 1 $* ans ; then |
85 |
trap reset_stty EXIT HUP INT TERM |
81 |
local back=${prompt//?/\\b} |
86 |
stty -icanon -echo |
82 |
echo -n -e "${back}" |
87 |
if [ "$1" = '-t' ] && [ "$2" -gt 0 ]; then |
83 |
else |
88 |
stty min 0 time "$(( $2 * 10 ))" |
84 |
echo |
89 |
fi |
|
|
90 |
ans=`dd count=1 bs=1 2>/dev/null` || ans='' |
91 |
reset_stty |
92 |
if [ -z "${ans}" ]; then |
93 |
a='' |
94 |
b='' |
95 |
while [ -n "${back}" ]; do |
96 |
a="${a}"'\b' |
97 |
b="${b} " |
98 |
back=${back%?} |
99 |
done |
100 |
printf "${a}${b}${a}" |
101 |
return 1 |
85 |
fi |
102 |
fi |
86 |
case $ans in |
103 |
case "${ans}" in |
87 |
[yY]|[yY][eE][sS]) return 0;; |
104 |
y*|Y*) printf "${red}YES${off}\n"; return 0;; |
88 |
*) return 1;; |
|
|
89 |
esac |
105 |
esac |
|
|
106 |
printf "${green}No${off}\n" |
107 |
return 1 |
90 |
} |
108 |
} |
91 |
|
109 |
|
92 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
110 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
93 |
mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg |
111 |
mode=${key##*:} && ( [ "$mode" = "$key" ] || [ -z "$mode" ] ) && mode=reg |
94 |
key=${key/:*/} |
112 |
key=${key%%:*} |
95 |
case "$mode" in |
113 |
case "$mode" in |
96 |
gpg|reg) |
114 |
gpg|reg) |
97 |
# handle key on removable device |
115 |
# handle key on removable device |
Lines 125-131
Link Here
|
125 |
&& foo="mount failed" \ |
143 |
&& foo="mount failed" \ |
126 |
|| foo="mount source not found" |
144 |
|| foo="mount source not found" |
127 |
fi |
145 |
fi |
128 |
((++i)) |
146 |
i=$(( $i + 1 )) |
129 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
147 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
130 |
done |
148 |
done |
131 |
else # keyfile ! on removable device |
149 |
else # keyfile ! on removable device |
Lines 147-163
Link Here
|
147 |
fi |
165 |
fi |
148 |
ebegin "dm-crypt map ${target}" |
166 |
ebegin "dm-crypt map ${target}" |
149 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
167 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
150 |
if [ "$mode" == "gpg" ]; then |
168 |
if [ "$mode" = "gpg" ]; then |
151 |
: ${gpg_options:='-q -d'} |
169 |
: ${gpg_options:='-q -d'} |
152 |
# gpg available ? |
170 |
# gpg available ? |
153 |
if type -p gpg >/dev/null ; then |
171 |
if command -v gpg >/dev/null 2>&1; then |
154 |
for (( i = 0 ; i < 3 ; i++ )) |
172 |
local i=0 |
|
|
173 |
while [ $i -lt 3 ] |
155 |
do |
174 |
do |
156 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
175 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
157 |
# save stdin stdout stderr "values" |
176 |
# save stdin stdout stderr "values" |
158 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
177 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
159 |
ret="$?" |
178 |
ret="$?" |
160 |
[ "$ret" -eq 0 ] && break |
179 |
[ "$ret" -eq 0 ] && break |
|
|
180 |
i=$(( $i + 1 )) |
161 |
done |
181 |
done |
162 |
eend "${ret}" "failure running cryptsetup" |
182 |
eend "${ret}" "failure running cryptsetup" |
163 |
else |
183 |
else |
Lines 167-173
Link Here
|
167 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
187 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
168 |
fi |
188 |
fi |
169 |
else |
189 |
else |
170 |
if [ "$mode" == "reg" ]; then |
190 |
if [ "$mode" = "reg" ]; then |
171 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
191 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
172 |
ret="$?" |
192 |
ret="$?" |
173 |
eend "${ret}" "failure running cryptsetup" |
193 |
eend "${ret}" "failure running cryptsetup" |
Lines 178-192
Link Here
|
178 |
fi |
198 |
fi |
179 |
fi |
199 |
fi |
180 |
if [ -d "$mntrem" ]; then |
200 |
if [ -d "$mntrem" ]; then |
181 |
umount -n ${mntrem} 2>/dev/null >/dev/null |
201 |
umount -n "${mntrem}" 2>/dev/null >/dev/null |
182 |
rmdir ${mntrem} 2>/dev/null >/dev/null |
202 |
rmdir "${mntrem}" 2>/dev/null >/dev/null |
183 |
fi |
203 |
fi |
184 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
204 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
185 |
|
205 |
|
186 |
if [[ ${ret} != 0 ]] ; then |
206 |
if [ "${ret}" -ne 0 ] ; then |
187 |
cryptfs_status=1 |
207 |
cryptfs_status=1 |
188 |
else |
208 |
else |
189 |
if [[ -n ${pre_mount} ]] ; then |
209 |
if [ -n "${pre_mount}" ] ; then |
190 |
dev="/dev/mapper/${target}" |
210 |
dev="/dev/mapper/${target}" |
191 |
ebegin " Running pre_mount commands for ${target}" |
211 |
ebegin " Running pre_mount commands for ${target}" |
192 |
eval "${pre_mount}" > /dev/null |
212 |
eval "${pre_mount}" > /dev/null |
Lines 210-221
Link Here
|
210 |
fi |
230 |
fi |
211 |
|
231 |
|
212 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
232 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
213 |
if [[ -z ${mount_point} ]] ; then |
233 |
if [ -z "${mount_point}" ] ; then |
214 |
ewarn "Failed to find mount point for ${target}, skipping" |
234 |
ewarn "Failed to find mount point for ${target}, skipping" |
215 |
cryptfs_status=1 |
235 |
cryptfs_status=1 |
216 |
fi |
236 |
fi |
217 |
|
237 |
|
218 |
if [[ -n ${post_mount} ]] ; then |
238 |
if [ -n "${post_mount}" ] ; then |
219 |
ebegin "Running post_mount commands for target ${target}" |
239 |
ebegin "Running post_mount commands for target ${target}" |
220 |
eval "${post_mount}" >/dev/null |
240 |
eval "${post_mount}" >/dev/null |
221 |
eend $? || cryptfs_status=1 |
241 |
eend $? || cryptfs_status=1 |
Lines 236-244
Link Here
|
236 |
parse_opt() { |
256 |
parse_opt() { |
237 |
case "$1" in |
257 |
case "$1" in |
238 |
*\=*) |
258 |
*\=*) |
239 |
local key_name="`echo "$1" | cut -f1 -d=`" |
259 |
local key_name=${1%%=*} |
240 |
local key_len=`strlen key_name` |
260 |
local key_len=`strlen key_name` |
241 |
local value_start=$((key_len+2)) |
261 |
local value_start=$(( $key_len + 2 )) |
242 |
echo "$1" | cut -c ${value_start}- |
262 |
echo "$1" | cut -c ${value_start}- |
243 |
;; |
263 |
;; |
244 |
esac |
264 |
esac |
Lines 260-274
Link Here
|
260 |
esac |
280 |
esac |
261 |
done |
281 |
done |
262 |
|
282 |
|
263 |
if [[ -f /etc/conf.d/${SVCNAME} ]] && [[ -x /sbin/cryptsetup ]] ; then |
283 |
if [ -f "/etc/conf.d/${SVCNAME}" ] && [ -x /sbin/cryptsetup ] ; then |
264 |
ebegin "Setting up dm-crypt mappings" |
284 |
ebegin "Setting up dm-crypt mappings" |
265 |
|
285 |
|
266 |
while read -u 3 targetline ; do |
286 |
while read targetline <&3 ; do |
267 |
# skip comments and blank lines |
|
|
268 |
[[ ${targetline}\# == \#* ]] && continue |
269 |
|
287 |
|
270 |
# check for the start of a new target/swap |
288 |
# check for the start of a new target/swap |
271 |
case ${targetline} in |
289 |
case ${targetline} in |
|
|
290 |
''|'#'*) |
291 |
# skip comments and blank lines |
292 |
continue |
293 |
;; |
272 |
target=*|swap=*) |
294 |
target=*|swap=*) |
273 |
# If we have a target queued up, then execute it |
295 |
# If we have a target queued up, then execute it |
274 |
dm_crypt_execute_${SVCNAME%.*} |
296 |
dm_crypt_execute_${SVCNAME%.*} |
Lines 278-284
Link Here
|
278 |
;; |
300 |
;; |
279 |
|
301 |
|
280 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
302 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
281 |
if [[ -z ${target} && -z ${swap} ]] ; then |
303 |
if [ -z "${target}" ] && [ -z "${swap}" ] ; then |
282 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
304 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
283 |
continue |
305 |
continue |
284 |
fi |
306 |
fi |
Lines 296-302
Link Here
|
296 |
|
318 |
|
297 |
# Queue this setting for the next call to dm_crypt_execute_${SVCNAME%.*} |
319 |
# Queue this setting for the next call to dm_crypt_execute_${SVCNAME%.*} |
298 |
eval "${targetline}" |
320 |
eval "${targetline}" |
299 |
done 3< /etc/conf.d/${SVCNAME} |
321 |
done 3< "/etc/conf.d/${SVCNAME}" |
300 |
|
322 |
|
301 |
# If we have a target queued up, then execute it |
323 |
# If we have a target queued up, then execute it |
302 |
dm_crypt_execute_${SVCNAME%.*} |
324 |
dm_crypt_execute_${SVCNAME%.*} |
303 |
-- 1.1.3-dm-crypt-stop.sh |
325 |
++ 1.1.3-dm-crypt-stop.sh |
Lines 1-15
Link Here
|
1 |
# /lib/rcscripts/addons/dm-crypt-stop.sh |
1 |
# /lib/rcscripts/addons/dm-crypt-stop.sh |
2 |
|
2 |
|
3 |
# Fix for baselayout-1.12.10 (bug 174256) |
3 |
# Fix for baselayout-1.12.10 (bug 174256) |
4 |
: ${SVCNAME:=${myservice}} |
4 |
: ${SVCNAME:="${myservice}"} |
5 |
|
5 |
|
6 |
# Try to remove any dm-crypt mappings |
6 |
# Try to remove any dm-crypt mappings |
7 |
csetup=/sbin/cryptsetup |
7 |
csetup=/sbin/cryptsetup |
8 |
if [ -f /etc/conf.d/${SVCNAME} ] && [ -x "$csetup" ] |
8 |
if [ -f "/etc/conf.d/${SVCNAME}" ] && [ -x "$csetup" ] |
9 |
then |
9 |
then |
10 |
einfo "Removing dm-crypt mappings" |
10 |
einfo "Removing dm-crypt mappings" |
11 |
|
11 |
|
12 |
/bin/egrep "^(target|swap)" /etc/conf.d/${SVCNAME} | \ |
12 |
/bin/egrep "^(target|swap)" "/etc/conf.d/${SVCNAME}" | \ |
13 |
while read targetline |
13 |
while read targetline |
14 |
do |
14 |
do |
15 |
target= |
15 |
target= |
Lines 25-41
Link Here
|
25 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
25 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
26 |
done |
26 |
done |
27 |
|
27 |
|
28 |
if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" /etc/conf.d/${SVCNAME}) ]] ; then |
28 |
if /bin/egrep -q -e "^(source=)./dev/loop*" "/etc/conf.d/${SVCNAME}"; then |
29 |
einfo "Taking down any dm-crypt loop devices" |
29 |
einfo "Taking down any dm-crypt loop devices" |
30 |
/bin/egrep -e "^(source)" /etc/conf.d/${SVCNAME} | while read sourceline |
30 |
/bin/egrep -e "^(source)" "/etc/conf.d/${SVCNAME}" | while read sourceline |
31 |
do |
31 |
do |
32 |
source= |
32 |
source= |
33 |
eval ${sourceline} |
33 |
eval "${sourceline}" |
34 |
if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then |
34 |
case "${source}" in |
|
|
35 |
*/dev/loop*) |
35 |
ebegin " Taking down ${source}" |
36 |
ebegin " Taking down ${source}" |
36 |
/sbin/losetup -d ${source} |
37 |
/sbin/losetup -d ${source} |
37 |
eend $? " Failed to remove loop" |
38 |
eend $? " Failed to remove loop" |
38 |
fi |
39 |
;; |
|
|
40 |
esac |
39 |
done |
41 |
done |
40 |
fi |
42 |
fi |
41 |
fi |
43 |
fi |