Lines 747-752
Link Here
|
747 |
# Open a LUKS device |
747 |
# Open a LUKS device |
748 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
748 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
749 |
# $1 - root/swap |
749 |
# $1 - root/swap |
|
|
750 |
# $1 - <[mapname:]device> pair, e.g., "usr:/dev/sda3" or "root:/dev/sda1" |
750 |
openLUKS() { |
751 |
openLUKS() { |
751 |
# please use 'tr' and this line, or remove it |
752 |
# please use 'tr' and this line, or remove it |
752 |
# eval local TYPE=`uppercase $1` |
753 |
# eval local TYPE=`uppercase $1` |
Lines 757-769
Link Here
|
757 |
root) |
758 |
root) |
758 |
local TYPE=ROOT |
759 |
local TYPE=ROOT |
759 |
[ -n "${REAL_ROOT}" ] && local LUKS_NAME="`echo "${REAL_ROOT}" | sed -e 's|.*/||'`" |
760 |
[ -n "${REAL_ROOT}" ] && local LUKS_NAME="`echo "${REAL_ROOT}" | sed -e 's|.*/||'`" |
|
|
761 |
[ -z "${REAL_ROOT}" ] || CRYPT_ROOT_OPEN='1' |
762 |
;; |
763 |
root:*) |
764 |
local TYPE=ROOT |
765 |
CRYPT_ROOT="${CRYPT_MAPS}" |
766 |
REAL_ROOT="${LUKS_NAME#*:}" |
767 |
[ -n "${REAL_ROOT}" ] && local LUKS_NAME="`echo "${REAL_ROOT}" | sed -e 's|.*/||'`" |
768 |
[ -z "${REAL_ROOT}" ] || CRYPT_ROOT_OPEN='1' |
760 |
;; |
769 |
;; |
761 |
swap) |
770 |
swap) |
762 |
local TYPE=SWAP |
771 |
local TYPE=SWAP |
763 |
;; |
772 |
;; |
|
|
773 |
*:*) |
774 |
local TYPE=MAPS |
775 |
;; |
776 |
*) |
777 |
bad_msg "List encrypted volumes as \`crypt_maps=<[mapname:]device>,...'" ${CRYPT_SILENT} |
778 |
run_shell |
779 |
;; |
764 |
esac |
780 |
esac |
765 |
|
781 |
|
766 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$LUKS_NAME" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
782 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="${LUKS_NAME%:*}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
767 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
783 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
768 |
local mntkey="/mnt/key/" cryptsetup_options='' |
784 |
local mntkey="/mnt/key/" cryptsetup_options='' |
769 |
|
785 |
|
Lines 907-916
Link Here
|
907 |
|
923 |
|
908 |
if [ ${crypt_filter_ret} -eq 0 ] |
924 |
if [ ${crypt_filter_ret} -eq 0 ] |
909 |
then |
925 |
then |
910 |
good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} |
926 |
good_msg "LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\") opened" ${CRYPT_SILENT} |
911 |
break |
927 |
break |
912 |
else |
928 |
else |
913 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} |
929 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\")" ${CRYPT_SILENT} |
914 |
DEV_ERROR=1 |
930 |
DEV_ERROR=1 |
915 |
KEY_ERROR=1 |
931 |
KEY_ERROR=1 |
916 |
KEYDEV_ERROR=1 |
932 |
KEYDEV_ERROR=1 |
Lines 922-927
Link Here
|
922 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
938 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
923 |
} |
939 |
} |
924 |
|
940 |
|
|
|
941 |
# volumes `crypt_maps' syntax: a comma separated list of <mapname:device> pairs, |
942 |
# where <mapname> and <device> are from `cryptsetup luksOpen <device> <mapname>' |
943 |
# if missing, <mapname> defaults to "root"; as in these examples: |
944 |
# 1.1 crypt_root=/dev/sda1 |
945 |
# 1.1 crypt_maps=/dev/sda1 |
946 |
# 1.2 crypt_maps=root:/dev/sda1 |
947 |
# 2.1 crypt_maps=root:/dev/sda1,usr:/dev/sda3 |
948 |
# 3.1 crypt_maps=usr:/dev/sda3,/dev/sda1,big:/dev/sdb1,xxl:/dev/sdc1 |
949 |
iterLUKS() { |
950 |
local pair |
951 |
for pair in $* |
952 |
do |
953 |
CRYPT_MAPS="${pair#*:}" |
954 |
CRYPT_MAPS_KEY="${CRYPT_ROOT_KEYDEV:+/${pair%:*}key}" |
955 |
CRYPT_MAPS_KEYDEV="${CRYPT_ROOT_KEYDEV}" |
956 |
|
957 |
[ "${pair#*:}" != "${pair}" ] || openLUKS "root" |
958 |
[ "${pair%:*}" == "${pair}" ] || openLUKS "${pair}" |
959 |
done |
960 |
} |
961 |
|
925 |
startLUKS() { |
962 |
startLUKS() { |
926 |
|
963 |
|
927 |
# if key is set but key device isn't, find it |
964 |
# if key is set but key device isn't, find it |
Lines 930-936
Link Here
|
930 |
&& sleep 6 && bootstrapKey "ROOT" |
967 |
&& sleep 6 && bootstrapKey "ROOT" |
931 |
|
968 |
|
932 |
if [ -n "${CRYPT_ROOT}" ]; then |
969 |
if [ -n "${CRYPT_ROOT}" ]; then |
933 |
openLUKS "root" |
970 |
CRYPT_ROOT_OPEN='0' |
|
|
971 |
[ "${CDROOT}" == '1' ] && openLUKS "root" |
972 |
[ "${CDROOT}" == '1' ] || iterLUKS "${MAPLIST}" |
973 |
[ "${CRYPT_ROOT_OPEN}" == '1' ] || openLUKS "root" |
934 |
if [ -n "${REAL_ROOT}" ] |
974 |
if [ -n "${REAL_ROOT}" ] |
935 |
then |
975 |
then |
936 |
# Rescan volumes |
976 |
# Rescan volumes |