Lines 57-65
Link Here
|
57 |
# cryptsetup: |
57 |
# cryptsetup: |
58 |
# luksOpen <device> <name> # <device> is $source |
58 |
# luksOpen <device> <name> # <device> is $source |
59 |
# create <name> <device> # <name> is $target |
59 |
# create <name> <device> # <name> is $target |
60 |
local arg1="create" arg2="${target}" arg3="${source}" luks=0 |
60 |
local arg1="create" arg2="${target}" arg3="${source}" luks=0 arg_header="" |
61 |
|
61 |
|
62 |
cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; } |
62 |
# luks_header force luks mode |
|
|
63 |
if [ -n "${luks_header}" ] ; then |
64 |
if [ ! -e "${luks_header}" ] ; then |
65 |
ewarn "${source} will not be decrypted ..." |
66 |
einfo "Reason: header file ${luks_header} does not exist." |
67 |
return |
68 |
fi |
69 |
arg1="luksOpen"; arg2="${source}"; arg3="${target}"; |
70 |
arg_header="--header ${luks_header}"; luks=1; |
71 |
else |
72 |
cryptsetup isLuks ${source} 2>/dev/null \ |
73 |
&& { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; } |
74 |
fi |
63 |
|
75 |
|
64 |
# Older versions reported: |
76 |
# Older versions reported: |
65 |
# ${target} is active: |
77 |
# ${target} is active: |
Lines 155-161
Link Here
|
155 |
else |
167 |
else |
156 |
mode=none |
168 |
mode=none |
157 |
fi |
169 |
fi |
158 |
ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}" |
170 |
ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}" |
159 |
if [ "${mode}" = "gpg" ] ; then |
171 |
if [ "${mode}" = "gpg" ] ; then |
160 |
: ${gpg_options:='-q -d'} |
172 |
: ${gpg_options:='-q -d'} |
161 |
# gpg available ? |
173 |
# gpg available ? |
Lines 163-169
Link Here
|
163 |
for i in 0 1 2 ; do |
175 |
for i in 0 1 2 ; do |
164 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
176 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
165 |
# save stdin stdout stderr "values" |
177 |
# save stdin stdout stderr "values" |
166 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
178 |
gpg ${gpg_options} ${key} 2>/dev/null \ |
|
|
179 |
| cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header} |
167 |
ret=$? |
180 |
ret=$? |
168 |
[ ${ret} -eq 0 ] && break |
181 |
[ ${ret} -eq 0 ] && break |
169 |
done |
182 |
done |
Lines 176-186
Link Here
|
176 |
fi |
189 |
fi |
177 |
else |
190 |
else |
178 |
if [ "${mode}" = "reg" ] ; then |
191 |
if [ "${mode}" = "reg" ] ; then |
179 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
192 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header} |
180 |
ret=$? |
193 |
ret=$? |
181 |
eend ${ret} "failure running cryptsetup" |
194 |
eend ${ret} "failure running cryptsetup" |
182 |
else |
195 |
else |
183 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
196 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header} |
184 |
ret=$? |
197 |
ret=$? |
185 |
eend ${ret} "failure running cryptsetup" |
198 |
eend ${ret} "failure running cryptsetup" |
186 |
fi |
199 |
fi |
Lines 280-286
Link Here
|
280 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev |
293 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev |
281 |
;; |
294 |
;; |
282 |
|
295 |
|
283 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
296 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*|luks_header=*) |
284 |
if [ -z "${target}${swap}" ] ; then |
297 |
if [ -z "${target}${swap}" ] ; then |
285 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
298 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
286 |
continue |
299 |
continue |