|
Lines 57-65
Link Here
|
| 57 |
# cryptsetup: |
57 |
# cryptsetup: |
| 58 |
# luksOpen <device> <name> # <device> is $source |
58 |
# luksOpen <device> <name> # <device> is $source |
| 59 |
# create <name> <device> # <name> is $target |
59 |
# create <name> <device> # <name> is $target |
| 60 |
local arg1="create" arg2="${target}" arg3="${source}" luks=0 |
60 |
local arg1="create" arg2="${target}" arg3="${source}" luks=0 arg_header="" |
| 61 |
|
61 |
|
| 62 |
cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; } |
62 |
# luks_header force luks mode |
|
|
63 |
if [ -n "${luks_header}" ] ; then |
| 64 |
if [ ! -e "${luks_header}" ] ; then |
| 65 |
ewarn "${source} will not be decrypted ..." |
| 66 |
einfo "Reason: header file ${luks_header} does not exist." |
| 67 |
return |
| 68 |
fi |
| 69 |
arg1="luksOpen"; arg2="${source}"; arg3="${target}"; |
| 70 |
arg_header="--header ${luks_header}"; luks=1; |
| 71 |
else |
| 72 |
cryptsetup isLuks ${source} 2>/dev/null \ |
| 73 |
&& { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; } |
| 74 |
fi |
| 63 |
|
75 |
|
| 64 |
# Older versions reported: |
76 |
# Older versions reported: |
| 65 |
# ${target} is active: |
77 |
# ${target} is active: |
|
Lines 155-161
Link Here
|
| 155 |
else |
167 |
else |
| 156 |
mode=none |
168 |
mode=none |
| 157 |
fi |
169 |
fi |
| 158 |
ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}" |
170 |
ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}" |
| 159 |
if [ "${mode}" = "gpg" ] ; then |
171 |
if [ "${mode}" = "gpg" ] ; then |
| 160 |
: ${gpg_options:='-q -d'} |
172 |
: ${gpg_options:='-q -d'} |
| 161 |
# gpg available ? |
173 |
# gpg available ? |
|
Lines 163-169
Link Here
|
| 163 |
for i in 0 1 2 ; do |
175 |
for i in 0 1 2 ; do |
| 164 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
176 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
| 165 |
# save stdin stdout stderr "values" |
177 |
# save stdin stdout stderr "values" |
| 166 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
178 |
gpg ${gpg_options} ${key} 2>/dev/null \ |
|
|
179 |
| cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header} |
| 167 |
ret=$? |
180 |
ret=$? |
| 168 |
[ ${ret} -eq 0 ] && break |
181 |
[ ${ret} -eq 0 ] && break |
| 169 |
done |
182 |
done |
|
Lines 176-186
Link Here
|
| 176 |
fi |
189 |
fi |
| 177 |
else |
190 |
else |
| 178 |
if [ "${mode}" = "reg" ] ; then |
191 |
if [ "${mode}" = "reg" ] ; then |
| 179 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
192 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header} |
| 180 |
ret=$? |
193 |
ret=$? |
| 181 |
eend ${ret} "failure running cryptsetup" |
194 |
eend ${ret} "failure running cryptsetup" |
| 182 |
else |
195 |
else |
| 183 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
196 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header} |
| 184 |
ret=$? |
197 |
ret=$? |
| 185 |
eend ${ret} "failure running cryptsetup" |
198 |
eend ${ret} "failure running cryptsetup" |
| 186 |
fi |
199 |
fi |
|
Lines 280-286
Link Here
|
| 280 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev |
293 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev |
| 281 |
;; |
294 |
;; |
| 282 |
|
295 |
|
| 283 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
296 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*|luks_header=*) |
| 284 |
if [ -z "${target}${swap}" ] ; then |
297 |
if [ -z "${target}${swap}" ] ; then |
| 285 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
298 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
| 286 |
continue |
299 |
continue |
