--- 1.1.3-dm-crypt-start.sh +++ 1.1.3-dm-crypt-start.sh @@ -20,7 +20,7 @@ dm_crypt_execute_dmcrypt() { local dev ret mode foo # some colors - local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m' + local red='\033[31;01m' green='\033[32;01m' off='\033[0;0m' if [ -n "$target" ]; then # let user set options, otherwise leave empty @@ -46,10 +46,10 @@ return fi - if [[ -n ${loop_file} ]] ; then + if [ -n "${loop_file}" ] ; then dev="/dev/mapper/${target}" ebegin " Setting up loop device ${source}" - /sbin/losetup ${source} ${loop_file} + /sbin/losetup "${source}" "${loop_file}" fi # cryptsetup: @@ -71,26 +71,44 @@ # Handle keys if [ -n "$key" ]; then + reset_stty() { + stty ${savestty} + trap - EXIT HUP INT TERM + } read_abort() { - local ans - local prompt=" ${green}*${off} $1? (${red}yes${off}/${green}No${off}) " + local ans a b back + printf " ${green}*${off} %s? (${red}yes${off}/${green}No${off}) " "$1" + back=" * $1? (yes/No) " shift - echo -n -e "${prompt}" - if ! read -n 1 $* ans ; then - local back=${prompt//?/\\b} - echo -n -e "${back}" - else - echo + savestty=`stty -g` + trap reset_stty EXIT HUP INT TERM + stty -icanon -echo + if [ "$1" = '-t' ] && [ "$2" -gt 0 ]; then + stty min 0 time "$(( $2 * 10 ))" + fi + ans=`dd count=1 bs=1 2>/dev/null` || ans='' + reset_stty + if [ -z "${ans}" ]; then + a='' + b='' + while [ -n "${back}" ]; do + a="${a}"'\b' + b="${b} " + back=${back%?} + done + printf "${a}${b}${a}" + return 1 fi - case $ans in - [yY]|[yY][eE][sS]) return 0;; - *) return 1;; + case "${ans}" in + y*|Y*) printf "${red}YES${off}\n"; return 0;; esac + printf "${green}No${off}\n" + return 1 } # Notes: sed not used to avoid case where /usr partition is encrypted. - mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg - key=${key/:*/} + mode=${key##*:} && ( [ "$mode" = "$key" ] || [ -z "$mode" ] ) && mode=reg + key=${key%%:*} case "$mode" in gpg|reg) # handle key on removable device @@ -124,7 +142,7 @@ && foo="mount failed" \ || foo="mount source not found" fi - ((++i)) + i=$(( $i + 1 )) read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return done else # keyfile ! on removable device @@ -146,17 +164,19 @@ fi ebegin "dm-crypt map ${target}" einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" - if [ "$mode" == "gpg" ]; then + if [ "$mode" = "gpg" ]; then : ${gpg_options:='-q -d'} # gpg available ? - if type -p gpg >/dev/null ; then - for (( i = 0 ; i < 3 ; i++ )) + if command -v gpg >/dev/null 2>&1; then + local i=0 + while [ $i -lt 3 ] do # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. # save stdin stdout stderr "values" gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} ret="$?" [ "$ret" -eq 0 ] && break + i=$(( $i + 1 )) done eend "${ret}" "failure running cryptsetup" else @@ -166,7 +186,7 @@ einfo "If you have /usr on its own partition, try copying gpg to /bin ." fi else - if [ "$mode" == "reg" ]; then + if [ "$mode" = "reg" ]; then cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ret="$?" eend "${ret}" "failure running cryptsetup" @@ -177,15 +197,15 @@ fi fi if [ -d "$mntrem" ]; then - umount -n ${mntrem} 2>/dev/null >/dev/null - rmdir ${mntrem} 2>/dev/null >/dev/null + umount -n "${mntrem}" 2>/dev/null >/dev/null + rmdir "${mntrem}" 2>/dev/null >/dev/null fi splash svc_input_end ${SVCNAME} >/dev/null 2>&1 - if [[ ${ret} != 0 ]] ; then + if [ "${ret}" -ne 0 ] ; then cryptfs_status=1 else - if [[ -n ${pre_mount} ]] ; then + if [ -n "${pre_mount}" ] ; then dev="/dev/mapper/${target}" ebegin " Running pre_mount commands for ${target}" eval "${pre_mount}" > /dev/null @@ -209,12 +229,12 @@ fi mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) - if [[ -z ${mount_point} ]] ; then + if [ -z "${mount_point}" ] ; then ewarn "Failed to find mount point for ${target}, skipping" cryptfs_status=1 fi - if [[ -n ${post_mount} ]] ; then + if [ -n "${post_mount}" ] ; then ebegin "Running post_mount commands for target ${target}" eval "${post_mount}" >/dev/null eend $? || cryptfs_status=1 @@ -235,9 +255,9 @@ parse_opt() { case "$1" in *\=*) - local key_name="`echo "$1" | cut -f1 -d=`" + local key_name=${1%%=*} local key_len=`strlen key_name` - local value_start=$((key_len+2)) + local value_start=$(( $key_len + 2 )) echo "$1" | cut -c ${value_start}- ;; esac @@ -259,15 +279,19 @@ esac done -if [[ -f ${conf_file} ]] && [[ -x /sbin/cryptsetup ]] ; then +if [ -f "${conf_file}" ] && [ -x /sbin/cryptsetup ] ; then ebegin "Setting up dm-crypt mappings" - while read -u 3 targetline ; do + while read targetline <&3 ; do # skip comments and blank lines [[ ${targetline}\# == \#* ]] && continue # check for the start of a new target/swap case ${targetline} in + ''|'#'*) + # skip comments and blank lines + continue + ;; target=*|swap=*) # If we have a target queued up, then execute it ${execute_hook} @@ -277,7 +301,7 @@ ;; gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) - if [[ -z ${target} && -z ${swap} ]] ; then + if [ -z "${target}" ] && [ -z "${swap}" ] ; then ewarn "Ignoring setting outside target/swap section: ${targetline}" continue fi @@ -295,7 +319,7 @@ # Queue this setting for the next call to dm_crypt_execute_xxx eval "${targetline}" - done 3< ${conf_file} + done 3< "${conf_file}" # If we have a target queued up, then execute it ${execute_hook} --- 1.1.3-dm-crypt-stop.sh +++ 1.1.3-dm-crypt-stop.sh @@ -13,11 +13,11 @@ # Try to remove any dm-crypt mappings csetup=/sbin/cryptsetup -if [ -f ${conf_file} ] && [ -x "$csetup" ] +if [ -f "${conf_file}" ] && [ -x "$csetup" ] then einfo "Removing dm-crypt mappings" - /bin/egrep "^(target|swap)" ${conf_file} | \ + /bin/egrep "^(target|swap)" "${conf_file}" | \ while read targetline do target= @@ -33,17 +33,19 @@ eend $? "Failed to remove dm-crypt mapping for: ${target}" done - if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" ${conf_file}) ]] ; then + if /bin/egrep -q -e "^(source=)./dev/loop" "${conf_file}"; then einfo "Taking down any dm-crypt loop devices" - /bin/egrep -e "^(source)" ${conf_file} | while read sourceline + /bin/egrep -e "^(source)" "${conf_file}" | while read sourceline do source= - eval ${sourceline} - if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then + eval "${sourceline}" + case "${source}" in + */dev/loop*) ebegin " Taking down ${source}" /sbin/losetup -d ${source} eend $? " Failed to remove loop" - fi + ;; + esac done fi fi