Attachment #285027 for bug #380795




#key='/full/path/to/homekey'
#remdev='/dev/sda1'

## /home with gpg protected key on removable media(such as usb-stick)
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey:gpg'
#remdev='/dev/sda1'

## /tmp with regular keyfile
#target=crypt-tmp
#source='/dev/hda6'
#key='/full/path/to/tmpkey'

#mount='crypt-loop-home'
#source='/dev/loop0'
#loop_file='/mnt/crypt/home'

## Create a key with any command at runtime and pipe it to cryptsetup
# This example ensures that a certain token has to be present in the 
# system for sha512 to generate a correct password for unlocking the volume
target=c3
source=/dev/sda3
pipe='ls /dev/disk/by-uuid | sha512sum'

Lines 171-177 dm_crypt_execute_dmcrypt() { Link Here

(-)a/cryptsetup/files/1.1.3-dm-crypt-start.sh (-5 / +8 lines)
171	ret="$?"	171	ret="$?"
172	eend "${ret}" "failure running cryptsetup"	172	eend "${ret}" "failure running cryptsetup"
173	else	173	else
174	cryptsetup ${options} ${arg1} ${arg2} ${arg3}	174	if [ -n "${pipe}" ]; then
		175	eval "${pipe}" \| cryptsetup ${options} ${arg1} ${arg2} ${arg3}
		176	else
		177	cryptsetup ${options} ${arg1} ${arg2} ${arg3}
		178	fi
175	ret="$?"	179	ret="$?"
176	eend "${ret}" "failure running cryptsetup"	180	eend "${ret}" "failure running cryptsetup"
177	fi	181	fi
Lines 244-250 parse_opt() { Link Here
244	}	248	}
245		249
246	local cryptfs_status=0	250	local cryptfs_status=0
247	local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev	251	local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev pipe
248		252
249	CMDLINE="`cat /proc/cmdline`"	253	CMDLINE="`cat /proc/cmdline`"
250	for x in ${CMDLINE}	254	for x in ${CMDLINE}
Lines 276-285 if [[ -f ${conf_file} ]] && [[ -x /sbin/cryptsetup ]] ; then Link Here
276	${execute_hook}	280	${execute_hook}
277		281
278	# Prepare for the next target/swap by resetting variables	282	# Prepare for the next target/swap by resetting variables
279	unset gpg_options key loop_file target options pre_mount post_mount source swap remdev	283	unset gpg_options key loop_file target options pre_mount post_mount source swap remdev pipe
280	;;	284	;;
281		285
282	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|source=)	286	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|source=\|pipe=*)
283	if [[ -z ${target} && -z ${swap} ]] ; then	287	if [[ -z ${target} && -z ${swap} ]] ; then
284	ewarn "Ignoring setting outside target/swap section: ${targetline}"	288	ewarn "Ignoring setting outside target/swap section: ${targetline}"
285	continue	289	continue
286	-

Return to bug 380795

Lines 79-91 Link Here

(-)a/cryptsetup/files/1.0.6-dmcrypt.confd (-2 / +9 lines)
79	#key='/full/path/to/homekey'	79	#key='/full/path/to/homekey'
80	#remdev='/dev/sda1'	80	#remdev='/dev/sda1'
81		81
82	##/home with gpg protected key on removable media(such as usb-stick)	82	## /home with gpg protected key on removable media(such as usb-stick)
83	#target=crypt-home	83	#target=crypt-home
84	#source='/dev/hda5'	84	#source='/dev/hda5'
85	#key='/full/path/to/homekey:gpg'	85	#key='/full/path/to/homekey:gpg'
86	#remdev='/dev/sda1'	86	#remdev='/dev/sda1'
87		87
88	##/tmp with regular keyfile	88	## /tmp with regular keyfile
89	#target=crypt-tmp	89	#target=crypt-tmp
90	#source='/dev/hda6'	90	#source='/dev/hda6'
91	#key='/full/path/to/tmpkey'	91	#key='/full/path/to/tmpkey'
Lines 96-98 Link Here
96	#mount='crypt-loop-home'	96	#mount='crypt-loop-home'
97	#source='/dev/loop0'	97	#source='/dev/loop0'
98	#loop_file='/mnt/crypt/home'	98	#loop_file='/mnt/crypt/home'
		99
		100	## Create a key with any command at runtime and pipe it to cryptsetup
		101	# This example ensures that a certain token has to be present in the
		102	# system for sha512 to generate a correct password for unlocking the volume
		103	target=c3
		104	source=/dev/sda3
		105	pipe='ls /dev/disk/by-uuid \| sha512sum'