Line
Link Here
|
0 |
-- 1.1.3-dm-crypt-start.sh |
0 |
++ 1.1.3-dm-crypt-start.sh |
Lines 20-26
Link Here
|
20 |
dm_crypt_execute_dmcrypt() { |
20 |
dm_crypt_execute_dmcrypt() { |
21 |
local dev ret mode foo |
21 |
local dev ret mode foo |
22 |
# some colors |
22 |
# some colors |
23 |
local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m' |
23 |
local red='\033[31;01m' green='\033[32;01m' off='\033[0;0m' |
24 |
|
24 |
|
25 |
if [ -n "$target" ]; then |
25 |
if [ -n "$target" ]; then |
26 |
# let user set options, otherwise leave empty |
26 |
# let user set options, otherwise leave empty |
Lines 46-55
Link Here
|
46 |
return |
46 |
return |
47 |
fi |
47 |
fi |
48 |
|
48 |
|
49 |
if [[ -n ${loop_file} ]] ; then |
49 |
if [ -n "${loop_file}" ] ; then |
50 |
dev="/dev/mapper/${target}" |
50 |
dev="/dev/mapper/${target}" |
51 |
ebegin " Setting up loop device ${source}" |
51 |
ebegin " Setting up loop device ${source}" |
52 |
/sbin/losetup ${source} ${loop_file} |
52 |
/sbin/losetup "${source}" "${loop_file}" |
53 |
fi |
53 |
fi |
54 |
|
54 |
|
55 |
# cryptsetup: |
55 |
# cryptsetup: |
Lines 71-96
Link Here
|
71 |
|
71 |
|
72 |
# Handle keys |
72 |
# Handle keys |
73 |
if [ -n "$key" ]; then |
73 |
if [ -n "$key" ]; then |
|
|
74 |
reset_stty() { |
75 |
stty ${savestty} |
76 |
trap - EXIT HUP INT TERM |
77 |
} |
74 |
read_abort() { |
78 |
read_abort() { |
75 |
local ans |
79 |
local ans a b back |
76 |
local prompt=" ${green}*${off} $1? (${red}yes${off}/${green}No${off}) " |
80 |
printf " ${green}*${off} %s? (${red}yes${off}/${green}No${off}) " "$1" |
|
|
81 |
back=" * $1? (yes/No) " |
77 |
shift |
82 |
shift |
78 |
echo -n -e "${prompt}" |
83 |
savestty=`stty -g` |
79 |
if ! read -n 1 $* ans ; then |
84 |
trap reset_stty EXIT HUP INT TERM |
80 |
local back=${prompt//?/\\b} |
85 |
stty -icanon -echo |
81 |
echo -n -e "${back}" |
86 |
if [ "$1" = '-t' ] && [ "$2" -gt 0 ]; then |
82 |
else |
87 |
stty min 0 time "$(( $2 * 10 ))" |
83 |
echo |
88 |
fi |
|
|
89 |
ans=`dd count=1 bs=1 2>/dev/null` || ans='' |
90 |
reset_stty |
91 |
if [ -z "${ans}" ]; then |
92 |
a='' |
93 |
b='' |
94 |
while [ -n "${back}" ]; do |
95 |
a="${a}"'\b' |
96 |
b="${b} " |
97 |
back=${back%?} |
98 |
done |
99 |
printf "${a}${b}${a}" |
100 |
return 1 |
84 |
fi |
101 |
fi |
85 |
case $ans in |
102 |
case "${ans}" in |
86 |
[yY]|[yY][eE][sS]) return 0;; |
103 |
y*|Y*) printf "${red}YES${off}\n"; return 0;; |
87 |
*) return 1;; |
|
|
88 |
esac |
104 |
esac |
|
|
105 |
printf "${green}No${off}\n" |
106 |
return 1 |
89 |
} |
107 |
} |
90 |
|
108 |
|
91 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
109 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
92 |
mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg |
110 |
mode=${key##*:} && ( [ "$mode" = "$key" ] || [ -z "$mode" ] ) && mode=reg |
93 |
key=${key/:*/} |
111 |
key=${key%%:*} |
94 |
case "$mode" in |
112 |
case "$mode" in |
95 |
gpg|reg) |
113 |
gpg|reg) |
96 |
# handle key on removable device |
114 |
# handle key on removable device |
Lines 124-130
Link Here
|
124 |
&& foo="mount failed" \ |
142 |
&& foo="mount failed" \ |
125 |
|| foo="mount source not found" |
143 |
|| foo="mount source not found" |
126 |
fi |
144 |
fi |
127 |
((++i)) |
145 |
i=$(( $i + 1 )) |
128 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
146 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
129 |
done |
147 |
done |
130 |
else # keyfile ! on removable device |
148 |
else # keyfile ! on removable device |
Lines 146-162
Link Here
|
146 |
fi |
164 |
fi |
147 |
ebegin "dm-crypt map ${target}" |
165 |
ebegin "dm-crypt map ${target}" |
148 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
166 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
149 |
if [ "$mode" == "gpg" ]; then |
167 |
if [ "$mode" = "gpg" ]; then |
150 |
: ${gpg_options:='-q -d'} |
168 |
: ${gpg_options:='-q -d'} |
151 |
# gpg available ? |
169 |
# gpg available ? |
152 |
if type -p gpg >/dev/null ; then |
170 |
if command -v gpg >/dev/null 2>&1; then |
153 |
for (( i = 0 ; i < 3 ; i++ )) |
171 |
local i=0 |
|
|
172 |
while [ $i -lt 3 ] |
154 |
do |
173 |
do |
155 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
174 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
156 |
# save stdin stdout stderr "values" |
175 |
# save stdin stdout stderr "values" |
157 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
176 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
158 |
ret="$?" |
177 |
ret="$?" |
159 |
[ "$ret" -eq 0 ] && break |
178 |
[ "$ret" -eq 0 ] && break |
|
|
179 |
i=$(( $i + 1 )) |
160 |
done |
180 |
done |
161 |
eend "${ret}" "failure running cryptsetup" |
181 |
eend "${ret}" "failure running cryptsetup" |
162 |
else |
182 |
else |
Lines 166-172
Link Here
|
166 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
186 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
167 |
fi |
187 |
fi |
168 |
else |
188 |
else |
169 |
if [ "$mode" == "reg" ]; then |
189 |
if [ "$mode" = "reg" ]; then |
170 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
190 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
171 |
ret="$?" |
191 |
ret="$?" |
172 |
eend "${ret}" "failure running cryptsetup" |
192 |
eend "${ret}" "failure running cryptsetup" |
Lines 177-191
Link Here
|
177 |
fi |
197 |
fi |
178 |
fi |
198 |
fi |
179 |
if [ -d "$mntrem" ]; then |
199 |
if [ -d "$mntrem" ]; then |
180 |
umount -n ${mntrem} 2>/dev/null >/dev/null |
200 |
umount -n "${mntrem}" 2>/dev/null >/dev/null |
181 |
rmdir ${mntrem} 2>/dev/null >/dev/null |
201 |
rmdir "${mntrem}" 2>/dev/null >/dev/null |
182 |
fi |
202 |
fi |
183 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
203 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
184 |
|
204 |
|
185 |
if [[ ${ret} != 0 ]] ; then |
205 |
if [ "${ret}" -ne 0 ] ; then |
186 |
cryptfs_status=1 |
206 |
cryptfs_status=1 |
187 |
else |
207 |
else |
188 |
if [[ -n ${pre_mount} ]] ; then |
208 |
if [ -n "${pre_mount}" ] ; then |
189 |
dev="/dev/mapper/${target}" |
209 |
dev="/dev/mapper/${target}" |
190 |
ebegin " Running pre_mount commands for ${target}" |
210 |
ebegin " Running pre_mount commands for ${target}" |
191 |
eval "${pre_mount}" > /dev/null |
211 |
eval "${pre_mount}" > /dev/null |
Lines 209-220
Link Here
|
209 |
fi |
229 |
fi |
210 |
|
230 |
|
211 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
231 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
212 |
if [[ -z ${mount_point} ]] ; then |
232 |
if [ -z "${mount_point}" ] ; then |
213 |
ewarn "Failed to find mount point for ${target}, skipping" |
233 |
ewarn "Failed to find mount point for ${target}, skipping" |
214 |
cryptfs_status=1 |
234 |
cryptfs_status=1 |
215 |
fi |
235 |
fi |
216 |
|
236 |
|
217 |
if [[ -n ${post_mount} ]] ; then |
237 |
if [ -n "${post_mount}" ] ; then |
218 |
ebegin "Running post_mount commands for target ${target}" |
238 |
ebegin "Running post_mount commands for target ${target}" |
219 |
eval "${post_mount}" >/dev/null |
239 |
eval "${post_mount}" >/dev/null |
220 |
eend $? || cryptfs_status=1 |
240 |
eend $? || cryptfs_status=1 |
Lines 235-243
Link Here
|
235 |
parse_opt() { |
255 |
parse_opt() { |
236 |
case "$1" in |
256 |
case "$1" in |
237 |
*\=*) |
257 |
*\=*) |
238 |
local key_name="`echo "$1" | cut -f1 -d=`" |
258 |
local key_name=${1%%=*} |
239 |
local key_len=`strlen key_name` |
259 |
local key_len=`strlen key_name` |
240 |
local value_start=$((key_len+2)) |
260 |
local value_start=$(( $key_len + 2 )) |
241 |
echo "$1" | cut -c ${value_start}- |
261 |
echo "$1" | cut -c ${value_start}- |
242 |
;; |
262 |
;; |
243 |
esac |
263 |
esac |
Lines 259-273
Link Here
|
259 |
esac |
279 |
esac |
260 |
done |
280 |
done |
261 |
|
281 |
|
262 |
if [[ -f ${conf_file} ]] && [[ -x /sbin/cryptsetup ]] ; then |
282 |
if [ -f "${conf_file}" ] && [ -x /sbin/cryptsetup ] ; then |
263 |
ebegin "Setting up dm-crypt mappings" |
283 |
ebegin "Setting up dm-crypt mappings" |
264 |
|
284 |
|
265 |
while read -u 3 targetline ; do |
285 |
while read targetline <&3 ; do |
266 |
# skip comments and blank lines |
286 |
# skip comments and blank lines |
267 |
[[ ${targetline}\# == \#* ]] && continue |
287 |
[[ ${targetline}\# == \#* ]] && continue |
268 |
|
288 |
|
269 |
# check for the start of a new target/swap |
289 |
# check for the start of a new target/swap |
270 |
case ${targetline} in |
290 |
case ${targetline} in |
|
|
291 |
''|'#'*) |
292 |
# skip comments and blank lines |
293 |
continue |
294 |
;; |
271 |
target=*|swap=*) |
295 |
target=*|swap=*) |
272 |
# If we have a target queued up, then execute it |
296 |
# If we have a target queued up, then execute it |
273 |
${execute_hook} |
297 |
${execute_hook} |
Lines 277-283
Link Here
|
277 |
;; |
301 |
;; |
278 |
|
302 |
|
279 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
303 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
280 |
if [[ -z ${target} && -z ${swap} ]] ; then |
304 |
if [ -z "${target}" ] && [ -z "${swap}" ] ; then |
281 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
305 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
282 |
continue |
306 |
continue |
283 |
fi |
307 |
fi |
Lines 295-301
Link Here
|
295 |
|
319 |
|
296 |
# Queue this setting for the next call to dm_crypt_execute_xxx |
320 |
# Queue this setting for the next call to dm_crypt_execute_xxx |
297 |
eval "${targetline}" |
321 |
eval "${targetline}" |
298 |
done 3< ${conf_file} |
322 |
done 3< "${conf_file}" |
299 |
|
323 |
|
300 |
# If we have a target queued up, then execute it |
324 |
# If we have a target queued up, then execute it |
301 |
${execute_hook} |
325 |
${execute_hook} |
302 |
-- 1.1.3-dm-crypt-stop.sh |
326 |
++ 1.1.3-dm-crypt-stop.sh |
Lines 13-23
Link Here
|
13 |
|
13 |
|
14 |
# Try to remove any dm-crypt mappings |
14 |
# Try to remove any dm-crypt mappings |
15 |
csetup=/sbin/cryptsetup |
15 |
csetup=/sbin/cryptsetup |
16 |
if [ -f ${conf_file} ] && [ -x "$csetup" ] |
16 |
if [ -f "${conf_file}" ] && [ -x "$csetup" ] |
17 |
then |
17 |
then |
18 |
einfo "Removing dm-crypt mappings" |
18 |
einfo "Removing dm-crypt mappings" |
19 |
|
19 |
|
20 |
/bin/egrep "^(target|swap)" ${conf_file} | \ |
20 |
/bin/egrep "^(target|swap)" "${conf_file}" | \ |
21 |
while read targetline |
21 |
while read targetline |
22 |
do |
22 |
do |
23 |
target= |
23 |
target= |
Lines 33-49
Link Here
|
33 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
33 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
34 |
done |
34 |
done |
35 |
|
35 |
|
36 |
if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" ${conf_file}) ]] ; then |
36 |
if /bin/egrep -q -e "^(source=)./dev/loop" "${conf_file}"; then |
37 |
einfo "Taking down any dm-crypt loop devices" |
37 |
einfo "Taking down any dm-crypt loop devices" |
38 |
/bin/egrep -e "^(source)" ${conf_file} | while read sourceline |
38 |
/bin/egrep -e "^(source)" "${conf_file}" | while read sourceline |
39 |
do |
39 |
do |
40 |
source= |
40 |
source= |
41 |
eval ${sourceline} |
41 |
eval "${sourceline}" |
42 |
if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then |
42 |
case "${source}" in |
|
|
43 |
*/dev/loop*) |
43 |
ebegin " Taking down ${source}" |
44 |
ebegin " Taking down ${source}" |
44 |
/sbin/losetup -d ${source} |
45 |
/sbin/losetup -d ${source} |
45 |
eend $? " Failed to remove loop" |
46 |
eend $? " Failed to remove loop" |
46 |
fi |
47 |
;; |
|
|
48 |
esac |
47 |
done |
49 |
done |
48 |
fi |
50 |
fi |
49 |
fi |
51 |
fi |