Lines 826-831
Link Here
|
826 |
# Open a LUKS device |
826 |
# Open a LUKS device |
827 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
827 |
# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks |
828 |
# $1 - root/swap |
828 |
# $1 - root/swap |
|
|
829 |
# $1 - <[mapname:]device> pair, e.g., "usr:/dev/sda3" or "root:/dev/sda1" |
829 |
openLUKS() { |
830 |
openLUKS() { |
830 |
# please use 'tr' and this line, or remove it |
831 |
# please use 'tr' and this line, or remove it |
831 |
# eval local TYPE=`uppercase $1` |
832 |
# eval local TYPE=`uppercase $1` |
Lines 833-845
Link Here
|
833 |
case $1 in |
834 |
case $1 in |
834 |
root) |
835 |
root) |
835 |
local TYPE=ROOT |
836 |
local TYPE=ROOT |
|
|
837 |
[ -z "${REAL_ROOT}" ] || CRYPT_ROOT_OPEN='1' |
838 |
;; |
839 |
root:*) |
840 |
local TYPE=ROOT |
841 |
CRYPT_ROOT="${CRYPT_MAPS}" |
842 |
REAL_ROOT="${1#*:}" |
836 |
;; |
843 |
;; |
837 |
swap) |
844 |
swap) |
838 |
local TYPE=SWAP |
845 |
local TYPE=SWAP |
839 |
;; |
846 |
;; |
|
|
847 |
*:*) |
848 |
local TYPE=MAPS |
849 |
;; |
850 |
*) |
851 |
bad_msg "List encrypted volumes as \`crypt_maps=<[mapname:]device>,...'" ${CRYPT_SILENT} |
852 |
run_shell |
853 |
;; |
840 |
esac |
854 |
esac |
841 |
|
855 |
|
842 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
856 |
eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="${1%:*}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' |
843 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
857 |
local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 |
844 |
local mntkey="/mnt/key/" cryptsetup_options='' |
858 |
local mntkey="/mnt/key/" cryptsetup_options='' |
845 |
|
859 |
|
Lines 962-971
Link Here
|
962 |
|
976 |
|
963 |
if [ ${crypt_filter_ret} -eq 0 ] |
977 |
if [ ${crypt_filter_ret} -eq 0 ] |
964 |
then |
978 |
then |
965 |
good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} |
979 |
good_msg "LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\") opened" ${CRYPT_SILENT} |
966 |
break |
980 |
break |
967 |
else |
981 |
else |
968 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} |
982 |
bad_msg "Failed to open LUKS device ${LUKS_DEVICE} (\"${LUKS_NAME}\")" ${CRYPT_SILENT} |
969 |
DEV_ERROR=1 |
983 |
DEV_ERROR=1 |
970 |
KEY_ERROR=1 |
984 |
KEY_ERROR=1 |
971 |
KEYDEV_ERROR=1 |
985 |
KEYDEV_ERROR=1 |
Lines 977-982
Link Here
|
977 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
991 |
rmdir -p ${mntkey} 2>/dev/null >/dev/null |
978 |
} |
992 |
} |
979 |
|
993 |
|
|
|
994 |
# volumes `crypt_maps' syntax: a comma separated list of <mapname:device> pairs, |
995 |
# where <mapname> and <device> are from `cryptsetup luksOpen <device> <mapname>' |
996 |
# if missing, <mapname> defaults to "root"; as in these examples: |
997 |
# 1.1 crypt_root=/dev/sda1 |
998 |
# 1.1 crypt_maps=/dev/sda1 |
999 |
# 1.2 crypt_maps=root:/dev/sda1 |
1000 |
# 2.1 crypt_maps=root:/dev/sda1,usr:/dev/sda3 |
1001 |
# 3.1 crypt_maps=usr:/dev/sda3,/dev/sda1,big:/dev/sdb1,xxl:/dev/sdc1 |
1002 |
iterLUKS() { |
1003 |
local pair |
1004 |
for pair in $* |
1005 |
do |
1006 |
[ -n "${pair#*:}" -a -n "${pair%:*}" ] || continue |
1007 |
|
1008 |
CRYPT_MAPS="${pair#*:}" |
1009 |
CRYPT_MAPS_KEY="${CRYPT_ROOT_KEYDEV:+/${pair%:*}key}" |
1010 |
CRYPT_MAPS_KEYDEV="${CRYPT_ROOT_KEYDEV}" |
1011 |
|
1012 |
[ "${pair#*:}" != "${pair}" ] || openLUKS "root" |
1013 |
[ "${pair%:*}" == "${pair}" ] || openLUKS "${pair}" |
1014 |
done |
1015 |
} |
1016 |
|
980 |
startLUKS() { |
1017 |
startLUKS() { |
981 |
|
1018 |
|
982 |
# if key is set but key device isn't, find it |
1019 |
# if key is set but key device isn't, find it |
Lines 985-991
Link Here
|
985 |
&& sleep 6 && bootstrapKey "ROOT" |
1022 |
&& sleep 6 && bootstrapKey "ROOT" |
986 |
|
1023 |
|
987 |
if [ -n "${CRYPT_ROOT}" ]; then |
1024 |
if [ -n "${CRYPT_ROOT}" ]; then |
988 |
openLUKS "root" |
1025 |
CRYPT_ROOT_OPEN='0' |
|
|
1026 |
[ "${CDROOT}" == '1' ] && openLUKS "root" |
1027 |
[ "${CDROOT}" == '1' ] || iterLUKS "${MAPLIST}" |
1028 |
[ "${CRYPT_ROOT_OPEN}" == '1' ] || openLUKS "root" |
989 |
if [ -n "${REAL_ROOT}" ] |
1029 |
if [ -n "${REAL_ROOT}" ] |
990 |
then |
1030 |
then |
991 |
# Rescan volumes |
1031 |
# Rescan volumes |