Attachment #649158 for bug #694778




			then
				good_msg "ZFS pool ${ZFS_POOL} already imported."

				if [ -n "${CRYPT_ROOTS}" -o -n "${CRYPT_SWAP}" ]
				then
					good_msg "LUKS detected. Reimporting ${ZFS_POOL} ..."


			;;
		swap)
			local TYPE=SWAP
      local CRYPT_INDEX=0
			;;
	esac

	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1_${CRYPT_INDEX}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"'
	eval local LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"'
	eval local OPENED_LOCKFILE='"${CRYPT_'${TYPE}'_'${CRYPT_INDEX}'_OPENED_LOCKFILE}"'
	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
	local mntkey="/mnt/key/" crypt_filter_ret=


	[ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
		&& sleep 6 && bootstrapKey "ROOT"

	if [ -n "${CRYPT_ROOTS}" ]
	then
    CRYPT_INDEX=0
		for CRYPT_ROOT in ${CRYPT_ROOTS}; do
			openLUKS "root"
      let CRYPT_INDEX=${CRYPT_INDEX}+1
		done
		if [ -n "${REAL_ROOT}" ]
		then
			# Rescan volumes


	# same for swap, but no need to sleep if root was unencrypted
	[ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
		&& { [ -z "${CRYPT_ROOTS}" ] && sleep 6; bootstrapKey "SWAP"; }

	if [ -n "${CRYPT_SWAP}" ]
	then

	# isn't known yet.
	write_env_file \
		"${CRYPT_ENV_FILE}" \
		CRYPT_ROOTS \
		CRYPT_ROOT_TRIM \
		CRYPT_SILENT \
		CRYPT_SWAP




		;;
		# Crypto
		crypt_root=*)
			CRYPT_ROOTS=${x#*=}
			USE_CRYPTSETUP=1
		;;
		crypt_swap=*)
			CRYPT_SWAP=${x#*=}
			USE_CRYPTSETUP=1
		;;
		crypt_roots=*)
			CRYPT_ROOTS="${CRYPT_ROOTS} ${x#*=}"
			USE_CRYPTSETUP=1
		;;
		root_key=*)
			CRYPT_ROOT_KEY=${x#*=}
		;;

	cache_cd_contents

	# If encrypted, find key and mount, otherwise mount as usual
	if [ -n "${CRYPT_ROOTS}" ]
	then
		CRYPT_ROOT_KEY="$(head -n 1 "${CDROOT_PATH}"/${CDROOT_MARKER})"
		CRYPT_ROOTS='/dev/loop0'
		good_msg 'You booted an encrypted livecd' "${CRYPT_SILENT}"

		losetup /dev/loop0 "${CDROOT_PATH}/${LOOPEXT}${LOOP}"

		test_success 'Mount filesystem'
		FS_LOCATION='mnt/livecd'
	# Setup the loopback mounts, if unencrypted
	else # if [ -n "${CRYPT_ROOTS}" ]
		if [ "${LOOPTYPE}" = 'normal' ]
		then
			good_msg 'Mounting loop filesystem'

			test_success 'mount /dev/loop0 /'
			FS_LOCATION='mnt/livecd'
		fi
	fi # if [ -n "${CRYPT_ROOTS}" ]

	if [ "${aufs}" = '1' ]
	then

Lines 95-101 Link Here

(-)genkernel-4.0.9.orig/defaults/login-remote.sh (-1 / +1 lines)
95	good_msg "${NORMAL}Be aware that it will kill your connection which means"	95	good_msg "${NORMAL}Be aware that it will kill your connection which means"
96	good_msg "${NORMAL}you will no longer be able to work in this shell."	96	good_msg "${NORMAL}you will no longer be able to work in this shell."
97		97
98	if [ -n "${CRYPT_ROOT}" ] && [ ! -f "${CRYPT_ROOT_OPENED_LOCKFILE}" ]	98	if [ -n "${CRYPT_ROOTS}" ] && [ ! -f "${CRYPT_ROOT_OPENED_LOCKFILE}" ]
99	then	99	then
100	good_msg "${NORMAL}To remote unlock LUKS-encrypted root device, run '${BOLD}unlock-luks root${NORMAL}'."	100	good_msg "${NORMAL}To remote unlock LUKS-encrypted root device, run '${BOLD}unlock-luks root${NORMAL}'."
101	fi	101	fi

Return to bug 694778

Lines 1654-1660 Link Here

(-)genkernel-4.0.9.orig/defaults/initrd.scripts (-7 / +12 lines)
1654	then	1654	then
1655	good_msg "ZFS pool ${ZFS_POOL} already imported."	1655	good_msg "ZFS pool ${ZFS_POOL} already imported."
1656		1656
1657	if [ -n "${CRYPT_ROOT}" -o -n "${CRYPT_SWAP}" ]	1657	if [ -n "${CRYPT_ROOTS}" -o -n "${CRYPT_SWAP}" ]
1658	then	1658	then
1659	good_msg "LUKS detected. Reimporting ${ZFS_POOL} ..."	1659	good_msg "LUKS detected. Reimporting ${ZFS_POOL} ..."
1660		1660
Lines 1760-1771 Link Here
1760	;;	1760	;;
1761	swap)	1761	swap)
1762	local TYPE=SWAP	1762	local TYPE=SWAP
		1763	local CRYPT_INDEX=0
1763	;;	1764	;;
1764	esac	1765	esac
1765		1766
1766	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"'	1767	eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1_${CRYPT_INDEX}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"'
1767	eval local LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"'	1768	eval local LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"'
1768	eval local OPENED_LOCKFILE='"${CRYPT_'${TYPE}'_OPENED_LOCKFILE}"'	1769	eval local OPENED_LOCKFILE='"${CRYPT_'${TYPE}'_'${CRYPT_INDEX}'_OPENED_LOCKFILE}"'
1769	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0	1770	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
1770	local mntkey="/mnt/key/" crypt_filter_ret=	1771	local mntkey="/mnt/key/" crypt_filter_ret=
1771		1772
Lines 2262-2270 Link Here
2262	[ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \	2263	[ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
2263	&& sleep 6 && bootstrapKey "ROOT"	2264	&& sleep 6 && bootstrapKey "ROOT"
2264		2265
2265	if [ -n "${CRYPT_ROOT}" ]	2266	if [ -n "${CRYPT_ROOTS}" ]
2266	then	2267	then
2267	openLUKS "root"	2268	CRYPT_INDEX=0
		2269	for CRYPT_ROOT in ${CRYPT_ROOTS}; do
		2270	openLUKS "root"
		2271	let CRYPT_INDEX=${CRYPT_INDEX}+1
		2272	done
2268	if [ -n "${REAL_ROOT}" ]	2273	if [ -n "${REAL_ROOT}" ]
2269	then	2274	then
2270	# Rescan volumes	2275	# Rescan volumes
Lines 2276-2282 Link Here
2276		2281
2277	# same for swap, but no need to sleep if root was unencrypted	2282	# same for swap, but no need to sleep if root was unencrypted
2278	[ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \	2283	[ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
2279	&& { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; }	2284	&& { [ -z "${CRYPT_ROOTS}" ] && sleep 6; bootstrapKey "SWAP"; }
2280		2285
2281	if [ -n "${CRYPT_SWAP}" ]	2286	if [ -n "${CRYPT_SWAP}" ]
2282	then	2287	then
Lines 2313-2319 Link Here
2313	# isn't known yet.	2318	# isn't known yet.
2314	write_env_file \	2319	write_env_file \
2315	"${CRYPT_ENV_FILE}" \	2320	"${CRYPT_ENV_FILE}" \
2316	CRYPT_ROOT \	2321	CRYPT_ROOTS \
2317	CRYPT_ROOT_TRIM \	2322	CRYPT_ROOT_TRIM \
2318	CRYPT_SILENT \	2323	CRYPT_SILENT \
2319	CRYPT_SWAP	2324	CRYPT_SWAP

Lines 245-257 Link Here

(-)genkernel-4.0.9.orig/defaults/linuxrc (-5 / +9 lines)
245	;;	245	;;
246	# Crypto	246	# Crypto
247	crypt_root=*)	247	crypt_root=*)
248	CRYPT_ROOT=${x#*=}	248	CRYPT_ROOTS=${x#*=}
249	USE_CRYPTSETUP=1	249	USE_CRYPTSETUP=1
250	;;	250	;;
251	crypt_swap=*)	251	crypt_swap=*)
252	CRYPT_SWAP=${x#*=}	252	CRYPT_SWAP=${x#*=}
253	USE_CRYPTSETUP=1	253	USE_CRYPTSETUP=1
254	;;	254	;;
		255	crypt_roots=*)
		256	CRYPT_ROOTS="${CRYPT_ROOTS} ${x#*=}"
		257	USE_CRYPTSETUP=1
		258	;;
255	root_key=*)	259	root_key=*)
256	CRYPT_ROOT_KEY=${x#*=}	260	CRYPT_ROOT_KEY=${x#*=}
257	;;	261	;;
Lines 985-994 Link Here
985	cache_cd_contents	989	cache_cd_contents
986		990
987	# If encrypted, find key and mount, otherwise mount as usual	991	# If encrypted, find key and mount, otherwise mount as usual
988	if [ -n "${CRYPT_ROOT}" ]	992	if [ -n "${CRYPT_ROOTS}" ]
989	then	993	then
990	CRYPT_ROOT_KEY="$(head -n 1 "${CDROOT_PATH}"/${CDROOT_MARKER})"	994	CRYPT_ROOT_KEY="$(head -n 1 "${CDROOT_PATH}"/${CDROOT_MARKER})"
991	CRYPT_ROOT='/dev/loop0'	995	CRYPT_ROOTS='/dev/loop0'
992	good_msg 'You booted an encrypted livecd' "${CRYPT_SILENT}"	996	good_msg 'You booted an encrypted livecd' "${CRYPT_SILENT}"
993		997
994	losetup /dev/loop0 "${CDROOT_PATH}/${LOOPEXT}${LOOP}"	998	losetup /dev/loop0 "${CDROOT_PATH}/${LOOPEXT}${LOOP}"
Lines 1008-1014 Link Here
1008	test_success 'Mount filesystem'	1012	test_success 'Mount filesystem'
1009	FS_LOCATION='mnt/livecd'	1013	FS_LOCATION='mnt/livecd'
1010	# Setup the loopback mounts, if unencrypted	1014	# Setup the loopback mounts, if unencrypted
1011	else # if [ -n "${CRYPT_ROOT}" ]	1015	else # if [ -n "${CRYPT_ROOTS}" ]
1012	if [ "${LOOPTYPE}" = 'normal' ]	1016	if [ "${LOOPTYPE}" = 'normal' ]
1013	then	1017	then
1014	good_msg 'Mounting loop filesystem'	1018	good_msg 'Mounting loop filesystem'
Lines 1083-1089 Link Here
1083	test_success 'mount /dev/loop0 /'	1087	test_success 'mount /dev/loop0 /'
1084	FS_LOCATION='mnt/livecd'	1088	FS_LOCATION='mnt/livecd'
1085	fi	1089	fi
1086	fi # if [ -n "${CRYPT_ROOT}" ]	1090	fi # if [ -n "${CRYPT_ROOTS}" ]
1087		1091
1088	if [ "${aufs}" = '1' ]	1092	if [ "${aufs}" = '1' ]
1089	then	1093	then