Lines 179-247
Link Here
|
179 |
eend $? "Failed to setup the LVM" |
179 |
eend $? "Failed to setup the LVM" |
180 |
fi |
180 |
fi |
181 |
|
181 |
|
182 |
|
|
|
183 |
ebegin 'Setting up dm-crypt mappings' |
182 |
ebegin 'Setting up dm-crypt mappings' |
184 |
|
183 |
dm-crypt-start |
185 |
if [ -f /etc/conf.d/cryptfs ] |
184 |
ewend $? 'Failed to setup a mapping or swap device' |
186 |
then |
|
|
187 |
cryptfs_status=0 |
188 |
|
189 |
/bin/egrep '^(mount|swap)' /etc/conf.d/cryptfs | \ |
190 |
while read mountline |
191 |
do |
192 |
mount= |
193 |
swap= |
194 |
options= |
195 |
pre_mount= |
196 |
|
197 |
eval ${mountline} |
198 |
|
199 |
if [ -n "${mount}" ] |
200 |
then |
201 |
target=${mount} |
202 |
[ -z "${options}" ] && options='-c aes -h sha1' |
203 |
elif [ -n "${swap}" ] |
204 |
then |
205 |
target=${swap} |
206 |
[ -z "${options}" ] && options='-c aes -h sha1 -d /dev/urandom' |
207 |
else |
208 |
ewarn "Invalid line in /etc/conf.d/cryptomount: ${mountline}" |
209 |
fi |
210 |
|
211 |
! /bin/cryptsetup status ${target}|egrep '\<active:' > /dev/null |
212 |
configured=$? |
213 |
|
214 |
if [ ${configured} -eq 0 ] |
215 |
then |
216 |
einfo "dm-crypt map ${target}" |
217 |
if ! /bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console |
218 |
then |
219 |
ewarn "Failure configuring ${target}" |
220 |
cryptfs_status=1 |
221 |
else |
222 |
if [ -n "${swap}" ] |
223 |
then |
224 |
[ -z "${pre_mount}" ] && pre_mount='mkswap ${dev}' |
225 |
fi |
226 |
|
227 |
if [ -n "${pre_mount}" ] |
228 |
then |
229 |
dev="/dev/mapper/${target}" |
230 |
einfo " Running pre_mount commands on: ${target}" |
231 |
if ! eval "${pre_mount}" > /dev/null |
232 |
then |
233 |
ewarn "Failed to run pre_mount commands on: ${target}" |
234 |
cryptfs_status=1 |
235 |
fi |
236 |
fi |
237 |
fi |
238 |
else |
239 |
ewarn "dm-crypt mapping ${target} is already configured" |
240 |
cryptfs_status=1 |
241 |
fi |
242 |
done |
243 |
fi |
244 |
ewend ${cryptfs_status} 'Failed to setup a mapping or swap device.' |
245 |
|
185 |
|
246 |
if [ -f /fastboot -o -n "${CDBOOT}" ] |
186 |
if [ -f /fastboot -o -n "${CDBOOT}" ] |
247 |
then |
187 |
then |
Lines 273-276
Link Here
|
273 |
fi |
213 |
fi |
274 |
} |
214 |
} |
275 |
|
215 |
|
|
|
216 |
# Note: This function is exactly duplicated in localmount. If you change it |
217 |
# here, make sure to change it there also! |
218 |
dm-crypt-start() { |
219 |
local cryptfs_status=0 |
220 |
local mountline mount swap options pre_mount post_mount source |
221 |
|
222 |
if [ -f /etc/conf.d/cryptfs ]; then |
223 |
while read mountline; do |
224 |
# skip comments and blank lines |
225 |
[[ ${mountline}\# == \#* ]] && continue |
226 |
|
227 |
# check for the start of a new mount/swap |
228 |
case ${mountline} in |
229 |
mount=*|swap=*) |
230 |
# If we have a mount queued up, then execute it |
231 |
dm-crypt-execute |
232 |
|
233 |
# Prepare for the next mount/swap by resetting variables |
234 |
unset mount swap options pre_mount post_mount source |
235 |
;; |
236 |
|
237 |
options=*|pre_mount=*|post_mount=*|source=*) |
238 |
if [[ -z ${mount} && -z ${swap} ]]; then |
239 |
ewarn "Ignoring setting outside mount/swap section: ${mountline}" |
240 |
continue |
241 |
fi |
242 |
;; |
243 |
|
244 |
*) |
245 |
ewarn "Skipping invalid line in /etc/conf.d/cryptfs: ${mountline}" |
246 |
;; |
247 |
esac |
248 |
|
249 |
# Queue this setting for the next call to dm-crypt-execute |
250 |
eval "${mountline}" |
251 |
done < /etc/conf.d/cryptfs |
252 |
|
253 |
# If we have a mount queued up, then execute it |
254 |
dm-crypt-execute |
255 |
fi |
256 |
|
257 |
return ${cryptfs_status} |
258 |
} |
259 |
|
260 |
# Setup mappings for an individual mount/swap |
261 |
# |
262 |
# Note: This relies on variables localized in dm-crypt-start. This function |
263 |
# is quite different from the function by the same name in localmount... |
264 |
dm-crypt-execute() { |
265 |
local dev target |
266 |
|
267 |
if [[ -n ${mount} ]]; then |
268 |
target=${mount} |
269 |
: ${options:='-c aes -h sha1'} |
270 |
elif [[ -n ${swap} ]]; then |
271 |
target=${swap} |
272 |
: ${options:='-c aes -h sha1 -d /dev/urandom'} |
273 |
: ${pre_mount:='mkswap ${dev}'} |
274 |
else |
275 |
return |
276 |
fi |
277 |
|
278 |
if /bin/cryptsetup status ${target} | egrep -q '\<active:'; then |
279 |
einfo "dm-crypt mapping ${target} is already configured" |
280 |
return |
281 |
fi |
282 |
|
283 |
ebegin "dm-crypt map ${target}" |
284 |
/bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console |
285 |
eend $? "failure running cryptsetup" |
286 |
if [[ $? != 0 ]]; then |
287 |
cryptfs_status=1 |
288 |
else |
289 |
if [[ -n ${pre_mount} ]]; then |
290 |
dev="/dev/mapper/${target}" |
291 |
ebegin " Running pre_mount commands for ${target}" |
292 |
eval "${pre_mount}" > /dev/null |
293 |
ewend $? || cryptfs_status=1 |
294 |
fi |
295 |
fi |
296 |
} |
297 |
|
276 |
# vim:ts=4 |
298 |
# vim:ts=4 |