|
Lines 763-768
Link Here
|
| 763 |
# Open a LUKS device |
763 |
# Open a LUKS device |
| 764 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
764 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
| 765 |
# $1 - root/swap |
765 |
# $1 - root/swap |
|
|
766 |
# $1 - <[mapname:]device> pair, e.g., "usr:/dev/sda3" or "root:/dev/sda1" |
| 766 |
openLUKS() { |
767 |
openLUKS() { |
| 767 |
# please use 'tr' and this line, or remove it |
768 |
# please use 'tr' and this line, or remove it |
| 768 |
# eval local TYPE=`uppercase $1` |
769 |
# eval local TYPE=`uppercase $1` |
|
Lines 770-782
Link Here
|
| 770 |
case $1 in |
771 |
case $1 in |
| 771 |
root) |
772 |
root) |
| 772 |
local TYPE=ROOT |
773 |
local TYPE=ROOT |
|
|
774 |
[ -z "${REAL_ROOT}" ] || CRYPT_ROOT_OPEN='1' |
| 775 |
;; |
| 776 |
root:*) |
| 777 |
local TYPE=ROOT |
| 778 |
CRYPT_ROOT="${CRYPT_MAPS}" |
| 779 |
REAL_ROOT="${1#*:}" |
| 773 |
;; |
780 |
;; |
| 774 |
swap) |
781 |
swap) |
| 775 |
local TYPE=SWAP |
782 |
local TYPE=SWAP |
| 776 |
;; |
783 |
;; |
|
|
784 |
*:*) |
| 785 |
local TYPE=MAPS |
| 786 |
;; |
| 787 |
*) |
| 788 |
bad_msg "List encrypted volumes as \`crypt_maps=<[mapname:]device>,...'" ${CRYPT_SILENT} |
| 789 |
run_shell |
| 790 |
;; |
| 777 |
esac |
791 |
esac |
| 778 |
|
792 |
|
| 779 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
793 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="${1%:*}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
| 780 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
794 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
| 781 |
local mntkey="/mnt/key/" cryptsetup_options='' |
795 |
local mntkey="/mnt/key/" cryptsetup_options='' |
| 782 |
|
796 |
|
|
Lines 920-929
Link Here
|
| 920 |
|
934 |
|
| 921 |
if [ ${crypt_filter_ret} -eq 0 ] |
935 |
if [ ${crypt_filter_ret} -eq 0 ] |
| 922 |
then |
936 |
then |
| 923 |
good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} |
937 |
good_msg "LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\") opened" ${CRYPT_SILENT} |
| 924 |
break |
938 |
break |
| 925 |
else |
939 |
else |
| 926 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} |
940 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\")" ${CRYPT_SILENT} |
| 927 |
DEV_ERROR=1 |
941 |
DEV_ERROR=1 |
| 928 |
KEY_ERROR=1 |
942 |
KEY_ERROR=1 |
| 929 |
KEYDEV_ERROR=1 |
943 |
KEYDEV_ERROR=1 |
|
Lines 935-940
Link Here
|
| 935 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
949 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
| 936 |
} |
950 |
} |
| 937 |
|
951 |
|
|
|
952 |
# volumes `crypt_maps' syntax: a comma separated list of <mapname:device> pairs, |
| 953 |
# where <mapname> and <device> are from `cryptsetup luksOpen <device> <mapname>' |
| 954 |
# if missing, <mapname> defaults to "root"; as in these examples: |
| 955 |
# 1.1 crypt_root=/dev/sda1 |
| 956 |
# 1.1 crypt_maps=/dev/sda1 |
| 957 |
# 1.2 crypt_maps=root:/dev/sda1 |
| 958 |
# 2.1 crypt_maps=root:/dev/sda1,usr:/dev/sda3 |
| 959 |
# 3.1 crypt_maps=usr:/dev/sda3,/dev/sda1,big:/dev/sdb1,xxl:/dev/sdc1 |
| 960 |
iterLUKS() { |
| 961 |
local pair |
| 962 |
for pair in $* |
| 963 |
do |
| 964 |
[ -n "${pair#*:}" -a -n "${pair%:*}" ] || continue |
| 965 |
|
| 966 |
CRYPT_MAPS="${pair#*:}" |
| 967 |
CRYPT_MAPS_KEY="${CRYPT_ROOT_KEYDEV:+/${pair%:*}key}" |
| 968 |
CRYPT_MAPS_KEYDEV="${CRYPT_ROOT_KEYDEV}" |
| 969 |
|
| 970 |
[ "${pair#*:}" != "${pair}" ] || openLUKS "root" |
| 971 |
[ "${pair%:*}" == "${pair}" ] || openLUKS "${pair}" |
| 972 |
done |
| 973 |
} |
| 974 |
|
| 938 |
startLUKS() { |
975 |
startLUKS() { |
| 939 |
|
976 |
|
| 940 |
# if key is set but key device isn't, find it |
977 |
# if key is set but key device isn't, find it |
|
Lines 943-949
Link Here
|
| 943 |
&& sleep 6 && bootstrapKey "ROOT" |
980 |
&& sleep 6 && bootstrapKey "ROOT" |
| 944 |
|
981 |
|
| 945 |
if [ -n "${CRYPT_ROOT}" ]; then |
982 |
if [ -n "${CRYPT_ROOT}" ]; then |
| 946 |
openLUKS "root" |
983 |
CRYPT_ROOT_OPEN='0' |
|
|
984 |
[ "${CDROOT}" == '1' ] && openLUKS "root" |
| 985 |
[ "${CDROOT}" == '1' ] || iterLUKS "${MAPLIST}" |
| 986 |
[ "${CRYPT_ROOT_OPEN}" == '1' ] || openLUKS "root" |
| 947 |
if [ -n "${REAL_ROOT}" ] |
987 |
if [ -n "${REAL_ROOT}" ] |
| 948 |
then |
988 |
then |
| 949 |
# Rescan volumes |
989 |
# Rescan volumes |
