Lines 78-91
Link Here
|
78 |
losetup ${source} ${loop_file} |
78 |
losetup ${source} ${loop_file} |
79 |
fi |
79 |
fi |
80 |
|
80 |
|
|
|
81 |
read_abort() { |
82 |
# some colors |
83 |
local ans savetty resettty |
84 |
[ -z "${NORMAL}" ] && eval $(eval_ecolors) |
85 |
einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) " |
86 |
shift |
87 |
# This is ugly as s**t. But POSIX doesn't provide `read -t`, so |
88 |
# we end up having to implement our own crap with stty/etc... |
89 |
savetty=$(stty -g) |
90 |
resettty='stty ${savetty}; trap - EXIT HUP INT TERM' |
91 |
trap 'eval "${resettty}"' EXIT HUP INT TERM |
92 |
stty -icanon |
93 |
stty min 0 time "$(( $2 * 10 ))" |
94 |
ans=$(dd count=1 bs=1 2>/dev/null) || ans='' |
95 |
eval "${resettty}" |
96 |
if [ -z "${ans}" ] ; then |
97 |
printf '\r' |
98 |
else |
99 |
echo |
100 |
fi |
101 |
case ${ans} in |
102 |
[yY]) return 0;; |
103 |
*) return 1;; |
104 |
esac |
105 |
} |
106 |
|
81 |
# cryptsetup: |
107 |
# cryptsetup: |
82 |
# open <device> <name> # <device> is $source |
108 |
# open <device> <name> # <device> is $source |
83 |
# create <name> <device> # <name> is $target |
109 |
# create <name> <device> # <name> is $target |
84 |
local arg1="create" arg2="${target}" arg3="${source}" |
110 |
local arg1="create" arg2="${target}" arg3="${source}" arg_header="" |
85 |
if cryptsetup isLuks ${source} 2>/dev/null ; then |
111 |
if [ cryptsetup isLuks ${source} 2>/dev/null ] || [ -n "${luks_header}" ] ; then |
86 |
arg1="open" |
112 |
arg1="open" |
87 |
arg2="${source}" |
113 |
arg2="${source}" |
88 |
arg3="${target}" |
114 |
arg3="${target}" |
|
|
115 |
if [ -n "${luks_header}" ] ; then |
116 |
# handle header on removable device |
117 |
if [ -n "${remdev}" ] ; then |
118 |
# temp directory to mount removable device |
119 |
local mntrem="${RC_SVCDIR}/dm-crypt-remdev-header.$$" |
120 |
if [ ! -d "${mntrem}" ] ; then |
121 |
if ! mkdir -p "${mntrem}" ; then |
122 |
ewarn "${source} will not be decrypted ..." |
123 |
einfo "Reason: Unable to create temporary mount point '${mntrem}'" |
124 |
return |
125 |
fi |
126 |
fi |
127 |
i=0 |
128 |
einfo "Please insert removable device for ${target}" |
129 |
while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do |
130 |
foo="" |
131 |
if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then |
132 |
# header exists? |
133 |
if [ ! -e "${mntrem}${luks_header}" ] ; then |
134 |
umount -n "${mntrem}" |
135 |
rmdir "${mntrem}" |
136 |
einfo "Cannot find ${luks_header} on removable media." |
137 |
read_abort "Abort" ${dmcrypt_key_timeout} && return |
138 |
else |
139 |
luks_header="${mntrem}${luks_header}" |
140 |
break |
141 |
fi |
142 |
else |
143 |
[ -e "${remdev}" ] \ |
144 |
&& foo="mount failed" \ |
145 |
|| foo="mount source not found" |
146 |
fi |
147 |
: $((i += 1)) |
148 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
149 |
done |
150 |
else # header ! on removable device |
151 |
if [ ! -e "${luks_header}" ] ; then |
152 |
ewarn "${source} will not be decrypted ..." |
153 |
einfo "Reason: header file ${luks_header} does not exist." |
154 |
return |
155 |
fi |
156 |
fi |
157 |
arg_header="--header ${luks_header}" |
158 |
fi |
89 |
fi |
159 |
fi |
90 |
|
160 |
|
91 |
# Older versions reported: |
161 |
# Older versions reported: |
Lines 100-131
Link Here
|
100 |
|
170 |
|
101 |
# Handle keys |
171 |
# Handle keys |
102 |
if [ -n "${key}" ] ; then |
172 |
if [ -n "${key}" ] ; then |
103 |
read_abort() { |
|
|
104 |
# some colors |
105 |
local ans savetty resettty |
106 |
[ -z "${NORMAL}" ] && eval $(eval_ecolors) |
107 |
einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) " |
108 |
shift |
109 |
# This is ugly as s**t. But POSIX doesn't provide `read -t`, so |
110 |
# we end up having to implement our own crap with stty/etc... |
111 |
savetty=$(stty -g) |
112 |
resettty='stty ${savetty}; trap - EXIT HUP INT TERM' |
113 |
trap 'eval "${resettty}"' EXIT HUP INT TERM |
114 |
stty -icanon |
115 |
stty min 0 time "$(( $2 * 10 ))" |
116 |
ans=$(dd count=1 bs=1 2>/dev/null) || ans='' |
117 |
eval "${resettty}" |
118 |
if [ -z "${ans}" ] ; then |
119 |
printf '\r' |
120 |
else |
121 |
echo |
122 |
fi |
123 |
case ${ans} in |
124 |
[yY]) return 0;; |
125 |
*) return 1;; |
126 |
esac |
127 |
} |
128 |
|
129 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
173 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
130 |
mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg |
174 |
mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg |
131 |
key=${key%:*} |
175 |
key=${key%:*} |
Lines 182-188
Link Here
|
182 |
else |
226 |
else |
183 |
mode=none |
227 |
mode=none |
184 |
fi |
228 |
fi |
185 |
ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}" |
229 |
ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}" |
186 |
if [ "${mode}" = "gpg" ] ; then |
230 |
if [ "${mode}" = "gpg" ] ; then |
187 |
: ${gpg_options:='-q -d'} |
231 |
: ${gpg_options:='-q -d'} |
188 |
# gpg available ? |
232 |
# gpg available ? |
Lines 192-198
Link Here
|
192 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
236 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
193 |
# save stdin stdout stderr "values" |
237 |
# save stdin stdout stderr "values" |
194 |
timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \ |
238 |
timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \ |
195 |
cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} |
239 |
cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header} |
196 |
ret=$? |
240 |
ret=$? |
197 |
# The timeout command exits 124 when it times out. |
241 |
# The timeout command exits 124 when it times out. |
198 |
[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break |
242 |
[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break |
Lines 207-217
Link Here
|
207 |
fi |
251 |
fi |
208 |
else |
252 |
else |
209 |
if [ "${mode}" = "reg" ] ; then |
253 |
if [ "${mode}" = "reg" ] ; then |
210 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
254 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header} |
211 |
ret=$? |
255 |
ret=$? |
212 |
eend ${ret} "failure running cryptsetup" |
256 |
eend ${ret} "failure running cryptsetup" |
213 |
else |
257 |
else |
214 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
258 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header} |
215 |
ret=$? |
259 |
ret=$? |
216 |
eend ${ret} "failure running cryptsetup" |
260 |
eend ${ret} "failure running cryptsetup" |
217 |
fi |
261 |
fi |
Lines 280-286
Link Here
|
280 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait |
324 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait |
281 |
;; |
325 |
;; |
282 |
|
326 |
|
283 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*) |
327 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|luks_header=*) |
284 |
if [ -z "${target}${swap}" ] ; then |
328 |
if [ -z "${target}${swap}" ] ; then |
285 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
329 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
286 |
continue |
330 |
continue |