Lines 720-725
Link Here
|
720 |
# Open a LUKS device |
720 |
# Open a LUKS device |
721 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
721 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
722 |
# $1 - root/swap |
722 |
# $1 - root/swap |
|
|
723 |
# $1 - <[mapname:]device> pair, e.g., "usr:/dev/sda3" or "root:/dev/sda1" |
723 |
openLUKS() { |
724 |
openLUKS() { |
724 |
# please use 'tr' and this line, or remove it |
725 |
# please use 'tr' and this line, or remove it |
725 |
# eval local TYPE=`uppercase $1` |
726 |
# eval local TYPE=`uppercase $1` |
Lines 727-739
Link Here
|
727 |
case $1 in |
728 |
case $1 in |
728 |
root) |
729 |
root) |
729 |
local TYPE=ROOT |
730 |
local TYPE=ROOT |
|
|
731 |
CRYPT_ROOT_OPEN='1' |
732 |
;; |
733 |
root:*) |
734 |
local TYPE=ROOT |
735 |
CRYPT_ROOT="${CRYPT_MAPS}" |
736 |
CRYPT_ROOT_OPEN='1' |
730 |
;; |
737 |
;; |
731 |
swap) |
738 |
swap) |
732 |
local TYPE=SWAP |
739 |
local TYPE=SWAP |
733 |
;; |
740 |
;; |
|
|
741 |
*:*) |
742 |
local TYPE=MAPS |
743 |
;; |
744 |
*) |
745 |
bad_msg "List encrypted volumes as \`crypt_maps=<[mapname:]device>,...'" ${CRYPT_SILENT} |
746 |
run_shell |
747 |
;; |
734 |
esac |
748 |
esac |
735 |
|
749 |
|
736 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
750 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
|
|
751 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="${1%:*}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' |
737 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
752 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
738 |
local mntkey="/mnt/key/" cryptsetup_options='' |
753 |
local mntkey="/mnt/key/" cryptsetup_options='' |
739 |
|
754 |
|
Lines 877-886
Link Here
|
877 |
|
892 |
|
878 |
if [ ${crypt_filter_ret} -eq 0 ] |
893 |
if [ ${crypt_filter_ret} -eq 0 ] |
879 |
then |
894 |
then |
880 |
good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} |
895 |
good_msg "LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\") opened" ${CRYPT_SILENT} |
881 |
break |
896 |
break |
882 |
else |
897 |
else |
883 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} |
898 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\")" ${CRYPT_SILENT} |
884 |
DEV_ERROR=1 |
899 |
DEV_ERROR=1 |
885 |
KEY_ERROR=1 |
900 |
KEY_ERROR=1 |
886 |
KEYDEV_ERROR=1 |
901 |
KEYDEV_ERROR=1 |
Lines 892-897
Link Here
|
892 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
907 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
893 |
} |
908 |
} |
894 |
|
909 |
|
|
|
910 |
# volumes `crypt_maps' syntax: a comma separated list of <mapname:device> pairs, |
911 |
# where <mapname> and <device> are from `cryptsetup luksOpen <device> <mapname>' |
912 |
# if missing, <mapname> defaults to "root"; as in these examples: |
913 |
# 1.1 crypt_root=/dev/sda1 |
914 |
# 1.1 crypt_maps=/dev/sda1 |
915 |
# 1.2 crypt_maps=root:/dev/sda1 |
916 |
# 2.1 crypt_maps=root:/dev/sda1,usr:/dev/sda3 |
917 |
# 3.1 crypt_maps=usr:/dev/sda3,/dev/sda1,big:/dev/sdb1,xxl:/dev/sdc1 |
918 |
iterLUKS() { |
919 |
local pair |
920 |
for pair in $* |
921 |
do |
922 |
CRYPT_MAPS="${pair#*:}" |
923 |
CRYPT_MAPS_KEY="${CRYPT_ROOT_KEYDEV:+/${pair%:*}key}" |
924 |
CRYPT_MAPS_KEYDEV="${CRYPT_ROOT_KEYDEV}" |
925 |
|
926 |
[ "${pair#*:}" != "${pair}" ] || openLUKS "root" |
927 |
[ "${pair%:*}" == "${pair}" ] || openLUKS "${pair}" |
928 |
done |
929 |
} |
930 |
|
895 |
startLUKS() { |
931 |
startLUKS() { |
896 |
|
932 |
|
897 |
# if key is set but key device isn't, find it |
933 |
# if key is set but key device isn't, find it |
Lines 900-906
Link Here
|
900 |
&& sleep 6 && bootstrapKey "ROOT" |
936 |
&& sleep 6 && bootstrapKey "ROOT" |
901 |
|
937 |
|
902 |
if [ -n "${CRYPT_ROOT}" ]; then |
938 |
if [ -n "${CRYPT_ROOT}" ]; then |
903 |
openLUKS "root" |
939 |
CRYPT_ROOT_OPEN='0' |
|
|
940 |
[ "${CDROOT}" == '1' ] && openLUKS "root" |
941 |
[ "${CDROOT}" == '1' ] || iterLUKS "${MAPLIST}" |
942 |
[ "${CRYPT_ROOT_OPEN}" == '1' ] || openLUKS "root" |
904 |
if [ -n "${REAL_ROOT}" ] |
943 |
if [ -n "${REAL_ROOT}" ] |
905 |
then |
944 |
then |
906 |
# Rescan volumes |
945 |
# Rescan volumes |