#!/sbin/runscript # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 # Author: Justin Whitney (ripple@riple.be) # Init script for dm-crypt by Christophe Saout # See http://www.saout.de/misc/cryptsetup for details cf="/etc/conf.d/dm-crypt" # You should not need to change these dmpath=/dev/mapper/ cs=/sbin/cryptsetup rndsrc=/dev/urandom depend() { need checkroot modules use hotplug before localmount } checkconfig() { if [ ! -e $cf ] then eend 1 "$cf does not exist" return 1 fi if [ ! -x $cs ] then eend 1 "$cs does not exist or is chmod -x" return 1 fi } start() { local status="0" keys keyn=$((0)) ebegin "Starting dm-crypt" checkconfig || return 1 #FIXME: must be easier way to get 1line/element than the tr hack below #turn $cf into an array, one line/element maps=( `egrep "^map" $cf | tr ' ' ','` ) #check for usekey= variable, if in use, remember keys [ -z "`echo ${maps[@]} | grep usekey`" ] || memkeys="true" #eval each line for (( i=0; i<$((${#maps[@]})); i++ )) do #clear out optional args unset skipped offset size type keysrc usekey [ -z "$memkeys" ] || keyn=$(($keyn +1)) eval `echo ${maps[$i]} | tr ',' ' '` if [ "$map" == "" ] || [ "$cipher" == "" ] || [ "$keysize" == "" ] || [ "$hash" == "" ] || [ "$device" == "" ] then ewarn "Config for $map missing required values, skipping" status=1 continue fi ebegin "Creating $map for $device ($cipher/$hash)" cl="-c $cipher -h $hash -s $keysize" [ -z "$size" ] || cl="$cl -b $size" [ -z "$offset" ] || cl="$cl -o $offset" [ -z "$skipped" ] || cl="$cl -p $skipped" [ -z "$keysrc" ] || cl="$cl -d $keysrc" #if type=swap, use $rndsrc for key, fall back to user input if error if [ "$type" == "swap" -a -z "$keysrc" ] then if [ -r $rndsrc ] then cl="$cl -d $rndsrc" else ewarn 1 "Cannot read from $rndsrc" fi fi if [ -e "$dmpath$map" ] then eend 1 "$dmpath$map already exists, skipping" status=1 continue fi #usekeys var is in used, and target is non-swap if [ -n "$memkeys" -a -z "$type" ] then if [ -z "$usekey" ] then read -r -s -p 'Enter passphrase: ' key keys[$keyn]="$key" else key="${keys[$(($usekey))]}" if [ -z "$key" ] then ewarn "key $usekey is empty, falling back to input" read -r -s -p 'Enter passphrase: ' key fi fi ret=`echo $key | $cs $cl create $map $device &> /dev/null` else ret=`$cs $cl create $map $device &> /dev/null` fi if ! $ret then cryptsetup remove "$map" &> /dev/null status=1 eend 1 "Failed to create $map (check log for details)" continue fi if [ "$type" == "swap" ] && ! mkswap "$dmpath$map" &> /dev/null then ewarn "Failed to mkswap on $map" $cs remove $map &> /dev/null status=1 eend 1 continue fi eend 0 done ewend ${status} "Some mappings failed" #don't fail in case some started return 0 } stop() { #turn $cf into an array, one line/element maps=( `egrep "^map" $cf | tr ' ' ','` ) status=0 #eval each line for (( i=0; i<$((${#maps[@]})); i++ )) do eval `echo ${maps[$i]} | tr ',' ' '` ebegin "Removing $map" if grep -qE "^$dmpath$map" /proc/swaps || grep -qE "^$dmpath$map" /proc/mounts then ewarn "$map is still mounted, or swapped-on, skipping" eend 1 status=1 continue fi if ! $cs remove $map &> /dev/null then ewarn "Failed to remove $map ($dmpath$map) (check log for details)" status=1 eend 1 fi eend 0 done ewend ${status} "Failed to remove some devices" return 0 } # vim:ts=4