diff -urN a/defaults/initrd.scripts b/defaults/initrd.scripts --- a/defaults/initrd.scripts 2012-06-11 20:39:12.000000000 +0300 +++ b/defaults/initrd.scripts 2012-06-13 19:44:13.602341888 +0300 @@ -747,6 +747,7 @@ # Open a LUKS device # It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks # $1 - root/swap +# $1 - <[mapname:]device> pair, e.g., "usr:/dev/sda3" or "root:/dev/sda1" openLUKS() { # please use 'tr' and this line, or remove it # eval local TYPE=`uppercase $1` @@ -757,13 +758,28 @@ root) local TYPE=ROOT [ -n "${REAL_ROOT}" ] && local LUKS_NAME="`echo "${REAL_ROOT}" | sed -e 's|.*/||'`" + [ -z "${REAL_ROOT}" ] || CRYPT_ROOT_OPEN='1' + ;; + root:*) + local TYPE=ROOT + CRYPT_ROOT="${CRYPT_MAPS}" + REAL_ROOT="${LUKS_NAME#*:}" + [ -n "${REAL_ROOT}" ] && local LUKS_NAME="`echo "${REAL_ROOT}" | sed -e 's|.*/||'`" + [ -z "${REAL_ROOT}" ] || CRYPT_ROOT_OPEN='1' ;; swap) local TYPE=SWAP ;; + *:*) + local TYPE=MAPS + ;; + *) + bad_msg "List encrypted volumes as \`crypt_maps=<[mapname:]device>,...'" ${CRYPT_SILENT} + run_shell + ;; esac - eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$LUKS_NAME" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' + eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="${LUKS_NAME%:*}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 local mntkey="/mnt/key/" cryptsetup_options='' @@ -907,10 +923,10 @@ if [ ${crypt_filter_ret} -eq 0 ] then - good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} + good_msg "LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\") opened" ${CRYPT_SILENT} break else - bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} + bad_msg "Failed to open LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\")" ${CRYPT_SILENT} DEV_ERROR=1 KEY_ERROR=1 KEYDEV_ERROR=1 @@ -922,6 +938,27 @@ rmdir -p ${mntkey} 2>/dev/null >/dev/null } +# volumes `crypt_maps' syntax: a comma separated list of pairs, +# where and are from `cryptsetup luksOpen ' +# if missing, defaults to "root"; as in these examples: +# 1.1 crypt_root=/dev/sda1 +# 1.1 crypt_maps=/dev/sda1 +# 1.2 crypt_maps=root:/dev/sda1 +# 2.1 crypt_maps=root:/dev/sda1,usr:/dev/sda3 +# 3.1 crypt_maps=usr:/dev/sda3,/dev/sda1,big:/dev/sdb1,xxl:/dev/sdc1 +iterLUKS() { + local pair + for pair in $* + do + CRYPT_MAPS="${pair#*:}" + CRYPT_MAPS_KEY="${CRYPT_ROOT_KEYDEV:+/${pair%:*}key}" + CRYPT_MAPS_KEYDEV="${CRYPT_ROOT_KEYDEV}" + + [ "${pair#*:}" != "${pair}" ] || openLUKS "root" + [ "${pair%:*}" == "${pair}" ] || openLUKS "${pair}" + done +} + startLUKS() { # if key is set but key device isn't, find it @@ -930,7 +967,10 @@ && sleep 6 && bootstrapKey "ROOT" if [ -n "${CRYPT_ROOT}" ]; then - openLUKS "root" + CRYPT_ROOT_OPEN='0' + [ "${CDROOT}" == '1' ] && openLUKS "root" + [ "${CDROOT}" == '1' ] || iterLUKS "${MAPLIST}" + [ "${CRYPT_ROOT_OPEN}" == '1' ] || openLUKS "root" if [ -n "${REAL_ROOT}" ] then # Rescan volumes diff -urN a/defaults/linuxrc b/defaults/linuxrc --- a/defaults/linuxrc 2012-06-11 20:39:12.000000000 +0300 +++ b/defaults/linuxrc 2012-06-13 19:09:26.936067347 +0300 @@ -191,6 +191,10 @@ crypt_swap=*) CRYPT_SWAP=${x#*=} ;; + crypt_maps=*) + MAPLIST=${x#*=} + MAPLIST="$(echo ${MAPLIST} | sed -e 's/,/ /g')" + ;; root_key=*) CRYPT_ROOT_KEY=${x#*=} ;;