From 0011b85ffd6fef96784b4e9b6ae4e008ba8d01b9 Mon Sep 17 00:00:00 2001 From: Leho Kraav Date: Mon, 29 Aug 2011 19:58:08 +0300 Subject: [PATCH] get keys via custom pipe v2 --- cryptsetup/files/1.0.6-dmcrypt.confd | 11 +++++++++-- cryptsetup/files/1.1.3-dm-crypt-start.sh | 12 ++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/cryptsetup/files/1.0.6-dmcrypt.confd b/cryptsetup/files/1.0.6-dmcrypt.confd index 35a1fd2..f44331b 100644 --- a/cryptsetup/files/1.0.6-dmcrypt.confd +++ b/cryptsetup/files/1.0.6-dmcrypt.confd @@ -79,13 +79,13 @@ #key='/full/path/to/homekey' #remdev='/dev/sda1' -##/home with gpg protected key on removable media(such as usb-stick) +## /home with gpg protected key on removable media(such as usb-stick) #target=crypt-home #source='/dev/hda5' #key='/full/path/to/homekey:gpg' #remdev='/dev/sda1' -##/tmp with regular keyfile +## /tmp with regular keyfile #target=crypt-tmp #source='/dev/hda6' #key='/full/path/to/tmpkey' @@ -96,3 +96,10 @@ #mount='crypt-loop-home' #source='/dev/loop0' #loop_file='/mnt/crypt/home' + +## Create a key with any command at runtime and pipe it to cryptsetup +# This example ensures that a certain token has to be present in the +# system for sha512 to generate a correct password for unlocking the volume +target=c3 +source=/dev/sda3 +pipe='ls /dev/disk/by-uuid | sha512sum' diff --git a/cryptsetup/files/1.1.3-dm-crypt-start.sh b/cryptsetup/files/1.1.3-dm-crypt-start.sh index e56dbc9..5be8bf4 100644 --- a/cryptsetup/files/1.1.3-dm-crypt-start.sh +++ b/cryptsetup/files/1.1.3-dm-crypt-start.sh @@ -171,7 +171,11 @@ dm_crypt_execute_dmcrypt() { ret="$?" eend "${ret}" "failure running cryptsetup" else - cryptsetup ${options} ${arg1} ${arg2} ${arg3} + if [ -n "${pipe}" ]; then + eval "${pipe}" | cryptsetup ${options} ${arg1} ${arg2} ${arg3} + else + cryptsetup ${options} ${arg1} ${arg2} ${arg3} + fi ret="$?" eend "${ret}" "failure running cryptsetup" fi @@ -244,7 +248,7 @@ parse_opt() { } local cryptfs_status=0 -local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev +local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev pipe CMDLINE="`cat /proc/cmdline`" for x in ${CMDLINE} @@ -276,10 +280,10 @@ if [[ -f ${conf_file} ]] && [[ -x /sbin/cryptsetup ]] ; then ${execute_hook} # Prepare for the next target/swap by resetting variables - unset gpg_options key loop_file target options pre_mount post_mount source swap remdev + unset gpg_options key loop_file target options pre_mount post_mount source swap remdev pipe ;; - gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) + gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*|pipe=*) if [[ -z ${target} && -z ${swap} ]] ; then ewarn "Ignoring setting outside target/swap section: ${targetline}" continue -- 1.7.6