Attachment #767898 for bug #493690




		losetup ${source} ${loop_file}
	fi

	read_abort() {
		# some colors
		local ans savetty resettty
		[ -z "${NORMAL}" ] && eval $(eval_ecolors)
		einfon "  $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
		shift
		# This is ugly as s**t.  But POSIX doesn't provide `read -t`, so
		# we end up having to implement our own crap with stty/etc...
		savetty=$(stty -g)
		resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
		trap 'eval "${resettty}"' EXIT HUP INT TERM
		stty -icanon
		stty min 0 time "$(( $2 * 10 ))"
		ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
		eval "${resettty}"
		if [ -z "${ans}" ] ; then
			printf '\r'
		else
			echo
		fi
		case ${ans} in
			[yY]) return 0;;
			*) return 1;;
		esac
	}

	# cryptsetup:
	# open   <device> <name>      # <device> is $source
	# create <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}" arg_header=""
	if [ cryptsetup isLuks ${source} 2>/dev/null ] || [ -n "${luks_header}" ] ; then
		arg1="open"
		arg2="${source}"
		arg3="${target}"
		if [ -n "${luks_header}" ] ; then
			# handle header on removable device
			if [ -n "${remdev}" ] ; then
				# temp directory to mount removable device
				local mntrem="${RC_SVCDIR}/dm-crypt-remdev-header.$$"
				if [ ! -d "${mntrem}" ] ; then
					if ! mkdir -p "${mntrem}" ; then
						ewarn "${source} will not be decrypted ..."
						einfo "Reason: Unable to create temporary mount point '${mntrem}'"
						return
					fi
				fi
				i=0
				einfo "Please insert removable device for ${target}"
				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
					foo=""
					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
						# header exists?
						if [ ! -e "${mntrem}${luks_header}" ] ; then
							umount -n "${mntrem}"
							rmdir "${mntrem}"
							einfo "Cannot find ${luks_header} on removable media."
							read_abort "Abort" ${dmcrypt_key_timeout} && return
						else
							luks_header="${mntrem}${luks_header}"
							break
						fi
					else
						[ -e "${remdev}" ] \
							&& foo="mount failed" \
							|| foo="mount source not found"
					fi
					: $((i += 1))
					read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
				done
			else    # header ! on removable device
				if [ ! -e "${luks_header}" ] ; then
					ewarn "${source} will not be decrypted ..."
					einfo "Reason: header file ${luks_header} does not exist."
					return
				fi
			fi
			arg_header="--header ${luks_header}"
		fi
	fi

	# Older versions reported:


	# Handle keys
	if [ -n "${key}" ] ; then
		read_abort() {
			# some colors
			local ans savetty resettty
			[ -z "${NORMAL}" ] && eval $(eval_ecolors)
			einfon "  $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
			shift
			# This is ugly as s**t.  But POSIX doesn't provide `read -t`, so
			# we end up having to implement our own crap with stty/etc...
			savetty=$(stty -g)
			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
			trap 'eval "${resettty}"' EXIT HUP INT TERM
			stty -icanon
			stty min 0 time "$(( $2 * 10 ))"
			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
			eval "${resettty}"
			if [ -z "${ans}" ] ; then
				printf '\r'
			else
				echo
			fi
			case ${ans} in
				[yY]) return 0;;
				*) return 1;;
			esac
		}

		# Notes: sed not used to avoid case where /usr partition is encrypted.
		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key%:*}

	else
		mode=none
	fi
	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}"
	if [ "${mode}" = "gpg" ] ; then
		: ${gpg_options:='-q -d'}
		# gpg available ?

				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
				# save stdin stdout stderr "values"
				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
				ret=$?
				# The timeout command exits 124 when it times out.
				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break

		fi
	else
		if [ "${mode}" = "reg" ] ; then
			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header}
			ret=$?
			eend ${ret} "failure running cryptsetup"
		else
			cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
			ret=$?
			eend ${ret} "failure running cryptsetup"
		fi

			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
			;;

		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|luks_header=*)
			if [ -z "${target}${swap}" ] ; then
				ewarn "Ignoring setting outside target/swap section: ${targetline}"
				continue

Return to bug 493690

Lines 78-91 Link Here

(-)2.4.0-dmcrypt.rc (-33 / +77 lines)
78	losetup ${source} ${loop_file}	78	losetup ${source} ${loop_file}
79	fi	79	fi
80		80
		81	read_abort() {
		82	# some colors
		83	local ans savetty resettty
		84	[ -z "${NORMAL}" ] && eval $(eval_ecolors)
		85	einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
		86	shift
		87	# This is ugly as s**t. But POSIX doesn't provide `read -t`, so
		88	# we end up having to implement our own crap with stty/etc...
		89	savetty=$(stty -g)
		90	resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
		91	trap 'eval "${resettty}"' EXIT HUP INT TERM
		92	stty -icanon
		93	stty min 0 time "$(( $2 * 10 ))"
		94	ans=$(dd count=1 bs=1 2>/dev/null) \|\| ans=''
		95	eval "${resettty}"
		96	if [ -z "${ans}" ] ; then
		97	printf '\r'
		98	else
		99	echo
		100	fi
		101	case ${ans} in
		102	[yY]) return 0;;
		103	*) return 1;;
		104	esac
		105	}
		106
81	# cryptsetup:	107	# cryptsetup:
82	# open <device> <name> # <device> is $source	108	# open <device> <name> # <device> is $source
83	# create <name> <device> # <name> is $target	109	# create <name> <device> # <name> is $target
84	local arg1="create" arg2="${target}" arg3="${source}"	110	local arg1="create" arg2="${target}" arg3="${source}" arg_header=""
85	if cryptsetup isLuks ${source} 2>/dev/null ; then	111	if [ cryptsetup isLuks ${source} 2>/dev/null ] \|\| [ -n "${luks_header}" ] ; then
86	arg1="open"	112	arg1="open"
87	arg2="${source}"	113	arg2="${source}"
88	arg3="${target}"	114	arg3="${target}"
		115	if [ -n "${luks_header}" ] ; then
		116	# handle header on removable device
		117	if [ -n "${remdev}" ] ; then
		118	# temp directory to mount removable device
		119	local mntrem="${RC_SVCDIR}/dm-crypt-remdev-header.$$"
		120	if [ ! -d "${mntrem}" ] ; then
		121	if ! mkdir -p "${mntrem}" ; then
		122	ewarn "${source} will not be decrypted ..."
		123	einfo "Reason: Unable to create temporary mount point '${mntrem}'"
		124	return
		125	fi
		126	fi
		127	i=0
		128	einfo "Please insert removable device for ${target}"
		129	while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
		130	foo=""
		131	if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
		132	# header exists?
		133	if [ ! -e "${mntrem}${luks_header}" ] ; then
		134	umount -n "${mntrem}"
		135	rmdir "${mntrem}"
		136	einfo "Cannot find ${luks_header} on removable media."
		137	read_abort "Abort" ${dmcrypt_key_timeout} && return
		138	else
		139	luks_header="${mntrem}${luks_header}"
		140	break
		141	fi
		142	else
		143	[ -e "${remdev}" ] \
		144	&& foo="mount failed" \
		145	\|\| foo="mount source not found"
		146	fi
		147	: $((i += 1))
		148	read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
		149	done
		150	else # header ! on removable device
		151	if [ ! -e "${luks_header}" ] ; then
		152	ewarn "${source} will not be decrypted ..."
		153	einfo "Reason: header file ${luks_header} does not exist."
		154	return
		155	fi
		156	fi
		157	arg_header="--header ${luks_header}"
		158	fi
89	fi	159	fi
90		160
91	# Older versions reported:	161	# Older versions reported:
Lines 100-131 Link Here
100		170
101	# Handle keys	171	# Handle keys
102	if [ -n "${key}" ] ; then	172	if [ -n "${key}" ] ; then
103	read_abort() {
104	# some colors
105	local ans savetty resettty
106	[ -z "${NORMAL}" ] && eval $(eval_ecolors)
107	einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
108	shift
109	# This is ugly as s**t. But POSIX doesn't provide `read -t`, so
110	# we end up having to implement our own crap with stty/etc...
111	savetty=$(stty -g)
112	resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
113	trap 'eval "${resettty}"' EXIT HUP INT TERM
114	stty -icanon
115	stty min 0 time "$(( $2 * 10 ))"
116	ans=$(dd count=1 bs=1 2>/dev/null) \|\| ans=''
117	eval "${resettty}"
118	if [ -z "${ans}" ] ; then
119	printf '\r'
120	else
121	echo
122	fi
123	case ${ans} in
124	[yY]) return 0;;
125	*) return 1;;
126	esac
127	}
128
129	# Notes: sed not used to avoid case where /usr partition is encrypted.	173	# Notes: sed not used to avoid case where /usr partition is encrypted.
130	mode=${key##*:} && ( [ "${mode}" = "${key}" ] \|\| [ -z "${mode}" ] ) && mode=reg	174	mode=${key##*:} && ( [ "${mode}" = "${key}" ] \|\| [ -z "${mode}" ] ) && mode=reg
131	key=${key%:*}	175	key=${key%:*}
Lines 182-188 Link Here
182	else	226	else
183	mode=none	227	mode=none
184	fi	228	fi
185	ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"	229	ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3} ${arg_header}"
186	if [ "${mode}" = "gpg" ] ; then	230	if [ "${mode}" = "gpg" ] ; then
187	: ${gpg_options:='-q -d'}	231	: ${gpg_options:='-q -d'}
188	# gpg available ?	232	# gpg available ?
Lines 192-198 Link Here
192	# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.	236	# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
193	# save stdin stdout stderr "values"	237	# save stdin stdout stderr "values"
194	timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null \| \	238	timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null \| \
195	cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}	239	cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
196	ret=$?	240	ret=$?
197	# The timeout command exits 124 when it times out.	241	# The timeout command exits 124 when it times out.
198	[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break	242	[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
Lines 207-217 Link Here
207	fi	251	fi
208	else	252	else
209	if [ "${mode}" = "reg" ] ; then	253	if [ "${mode}" = "reg" ] ; then
210	cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}	254	cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} ${arg_header}
211	ret=$?	255	ret=$?
212	eend ${ret} "failure running cryptsetup"	256	eend ${ret} "failure running cryptsetup"
213	else	257	else
214	cryptsetup ${options} ${arg1} ${arg2} ${arg3}	258	cryptsetup ${options} ${arg1} ${arg2} ${arg3} ${arg_header}
215	ret=$?	259	ret=$?
216	eend ${ret} "failure running cryptsetup"	260	eend ${ret} "failure running cryptsetup"
217	fi	261	fi
Lines 280-286 Link Here
280	unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait	324	unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
281	;;	325	;;
282		326
283	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|wait=\|source=*)	327	gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|wait=\|source=\|luks_header=)
284	if [ -z "${target}${swap}" ] ; then	328	if [ -z "${target}${swap}" ] ; then
285	ewarn "Ignoring setting outside target/swap section: ${targetline}"	329	ewarn "Ignoring setting outside target/swap section: ${targetline}"
286	continue	330	continue