1 |
vapier 10/09/30 01:35:24 |
2 |
|
3 |
Added: 1.1.3-dm-crypt-start.sh 1.1.3-dm-crypt-stop.sh |
4 |
Log: |
5 |
Update by Wolfram to let the init.d scripts be multiplexed #338876. |
6 |
|
7 |
(Portage version: 2.2_rc86/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 sys-fs/cryptsetup/files/1.1.3-dm-crypt-start.sh |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-fs/cryptsetup/files/1.1.3-dm-crypt-start.sh?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-fs/cryptsetup/files/1.1.3-dm-crypt-start.sh?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: 1.1.3-dm-crypt-start.sh |
16 |
=================================================================== |
17 |
# /lib/rcscripts/addons/dm-crypt-start.sh |
18 |
|
19 |
# For backwards compatability with baselayout < 1.13.0 |
20 |
: ${SVCNAME:=${myservice}} #174256 |
21 |
dm_crypt_execute_checkfs() { |
22 |
dm_crypt_execute_dmcrypt |
23 |
} |
24 |
|
25 |
dm_crypt_execute_volumes() { |
26 |
dm_crypt_execute_dmcrypt |
27 |
} |
28 |
|
29 |
# Setup mappings for an individual target/swap |
30 |
# Note: This relies on variables localized in the main body below. |
31 |
dm_crypt_execute_dmcrypt() { |
32 |
local dev ret mode foo |
33 |
# some colors |
34 |
local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m' |
35 |
|
36 |
if [ -n "$target" ]; then |
37 |
# let user set options, otherwise leave empty |
38 |
: ${options:=' '} |
39 |
elif [ -n "$swap" ]; then |
40 |
einfo "Checking swap is not LUKS" |
41 |
cryptsetup isLuks ${source} 2>/dev/null |
42 |
foo="$?" |
43 |
if [ "${foo}" -eq 0 ]; then |
44 |
ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup." |
45 |
return |
46 |
fi |
47 |
target=${swap} |
48 |
# swap contents do not need to be preserved between boots, luks not required. |
49 |
# suspend2 users should have initramfs's init handling their swap partition either way. |
50 |
: ${options:='-c aes -h sha1 -d /dev/urandom'} |
51 |
: ${pre_mount:='mkswap ${dev}'} |
52 |
else |
53 |
return |
54 |
fi |
55 |
if [ -z "$source" ] && [ ! -e "$source" ]; then |
56 |
ewarn "source \"${source}\" for ${target} missing, skipping..." |
57 |
return |
58 |
fi |
59 |
|
60 |
if [[ -n ${loop_file} ]] ; then |
61 |
dev="/dev/mapper/${target}" |
62 |
ebegin " Setting up loop device ${source}" |
63 |
/sbin/losetup ${source} ${loop_file} |
64 |
fi |
65 |
|
66 |
# cryptsetup: |
67 |
# luksOpen <device> <name> # <device> is $source |
68 |
# create <name> <device> # <name> is $target |
69 |
local arg1="create" arg2="$target" arg3="$source" luks=0 |
70 |
|
71 |
cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="$source"; arg3="$target"; luks=1; } |
72 |
|
73 |
if /sbin/cryptsetup status ${target} | egrep -q '\<active:' ; then |
74 |
einfo "dm-crypt mapping ${target} is already configured" |
75 |
return |
76 |
fi |
77 |
splash svc_input_begin ${SVCNAME} >/dev/null 2>&1 |
78 |
|
79 |
# Handle keys |
80 |
if [ -n "$key" ]; then |
81 |
read_abort() { |
82 |
local ans |
83 |
local prompt=" ${green}*${off} $1? (${red}yes${off}/${green}No${off}) " |
84 |
shift |
85 |
echo -n -e "${prompt}" |
86 |
if ! read -n 1 $* ans ; then |
87 |
local back=${prompt//?/\\b} |
88 |
echo -n -e "${back}" |
89 |
else |
90 |
echo |
91 |
fi |
92 |
case $ans in |
93 |
[yY]|[yY][eE][sS]) return 0;; |
94 |
*) return 1;; |
95 |
esac |
96 |
} |
97 |
|
98 |
# Notes: sed not used to avoid case where /usr partition is encrypted. |
99 |
mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg |
100 |
key=${key/:*/} |
101 |
case "$mode" in |
102 |
gpg|reg) |
103 |
# handle key on removable device |
104 |
if [ -n "$remdev" ]; then |
105 |
# temp directory to mount removable device |
106 |
local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$" |
107 |
if [ ! -d "${mntrem}" ] ; then |
108 |
if ! mkdir -p "${mntrem}" ; then |
109 |
ewarn "${source} will not be decrypted ..." |
110 |
einfo "Reason: Unable to create temporary mount point '${mntrem}'" |
111 |
return |
112 |
fi |
113 |
fi |
114 |
i=0 |
115 |
einfo "Please insert removable device for ${target}" |
116 |
while [ ${i} -lt ${dmcrypt_max_timeout:-120} ] ; do |
117 |
foo="" |
118 |
if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then |
119 |
# keyfile exists? |
120 |
if [ ! -e "${mntrem}${key}" ]; then |
121 |
umount -n "${mntrem}" |
122 |
rmdir "${mntrem}" |
123 |
einfo "Cannot find ${key} on removable media." |
124 |
read_abort "Abort" ${read_timeout:--t 1} && return |
125 |
else |
126 |
key="${mntrem}${key}" |
127 |
break |
128 |
fi |
129 |
else |
130 |
[ -e "${remdev}" ] \ |
131 |
&& foo="mount failed" \ |
132 |
|| foo="mount source not found" |
133 |
fi |
134 |
((++i)) |
135 |
read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
136 |
done |
137 |
else # keyfile ! on removable device |
138 |
if [ ! -e "$key" ]; then |
139 |
ewarn "${source} will not be decrypted ..." |
140 |
einfo "Reason: keyfile ${key} does not exist." |
141 |
return |
142 |
fi |
143 |
fi |
144 |
;; |
145 |
*) |
146 |
ewarn "${source} will not be decrypted ..." |
147 |
einfo "Reason: mode ${mode} is invalid." |
148 |
return |
149 |
;; |
150 |
esac |
151 |
else |
152 |
mode=none |
153 |
fi |
154 |
ebegin "dm-crypt map ${target}" |
155 |
einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" |
156 |
if [ "$mode" == "gpg" ]; then |
157 |
: ${gpg_options:='-q -d'} |
158 |
# gpg available ? |
159 |
if type -p gpg >/dev/null ; then |
160 |
for (( i = 0 ; i < 3 ; i++ )) |
161 |
do |
162 |
# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
163 |
# save stdin stdout stderr "values" |
164 |
gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
165 |
ret="$?" |
166 |
[ "$ret" -eq 0 ] && break |
167 |
done |
168 |
eend "${ret}" "failure running cryptsetup" |
169 |
else |
170 |
ewarn "${source} will not be decrypted ..." |
171 |
einfo "Reason: cannot find gpg application." |
172 |
einfo "You have to install app-crypt/gnupg first." |
173 |
einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
174 |
fi |
175 |
else |
176 |
if [ "$mode" == "reg" ]; then |
177 |
cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
178 |
ret="$?" |
179 |
eend "${ret}" "failure running cryptsetup" |
180 |
else |
181 |
cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
182 |
ret="$?" |
183 |
eend "${ret}" "failure running cryptsetup" |
184 |
fi |
185 |
fi |
186 |
if [ -d "$mntrem" ]; then |
187 |
umount -n ${mntrem} 2>/dev/null >/dev/null |
188 |
rmdir ${mntrem} 2>/dev/null >/dev/null |
189 |
fi |
190 |
splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
191 |
|
192 |
if [[ ${ret} != 0 ]] ; then |
193 |
cryptfs_status=1 |
194 |
else |
195 |
if [[ -n ${pre_mount} ]] ; then |
196 |
dev="/dev/mapper/${target}" |
197 |
ebegin " Running pre_mount commands for ${target}" |
198 |
eval "${pre_mount}" > /dev/null |
199 |
ewend $? || cryptfs_status=1 |
200 |
fi |
201 |
fi |
202 |
} |
203 |
|
204 |
# Run any post_mount commands for an individual mount |
205 |
# |
206 |
# Note: This relies on variables localized in the main body below. |
207 |
dm_crypt_execute_localmount() { |
208 |
local mount_point |
209 |
|
210 |
[ -z "$target" ] && [ -z "$post_mount" ] && return |
211 |
|
212 |
if ! /sbin/cryptsetup status ${target} | egrep -q '\<active:' ; then |
213 |
ewarn "Skipping unmapped target ${target}" |
214 |
cryptfs_status=1 |
215 |
return |
216 |
fi |
217 |
|
218 |
mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) |
219 |
if [[ -z ${mount_point} ]] ; then |
220 |
ewarn "Failed to find mount point for ${target}, skipping" |
221 |
cryptfs_status=1 |
222 |
fi |
223 |
|
224 |
if [[ -n ${post_mount} ]] ; then |
225 |
ebegin "Running post_mount commands for target ${target}" |
226 |
eval "${post_mount}" >/dev/null |
227 |
eend $? || cryptfs_status=1 |
228 |
fi |
229 |
} |
230 |
|
231 |
# Determine string lengths |
232 |
strlen() { |
233 |
if [ -z "$1" ] |
234 |
then |
235 |
echo "usage: strlen <variable_name>" |
236 |
die |
237 |
fi |
238 |
eval echo "\${#${1}}" |
239 |
} |
240 |
|
241 |
# Lookup optional bootparams |
242 |
parse_opt() { |
243 |
case "$1" in |
244 |
*\=*) |
245 |
local key_name="`echo "$1" | cut -f1 -d=`" |
246 |
local key_len=`strlen key_name` |
247 |
local value_start=$((key_len+2)) |
248 |
echo "$1" | cut -c ${value_start}- |
249 |
;; |
250 |
esac |
251 |
} |
252 |
|
253 |
local cryptfs_status=0 |
254 |
local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev |
255 |
|
256 |
CMDLINE="`cat /proc/cmdline`" |
257 |
for x in ${CMDLINE} |
258 |
do |
259 |
case "${x}" in |
260 |
key_timeout\=*) |
261 |
KEY_TIMEOUT=`parse_opt "${x}"` |
262 |
if [ ${KEY_TIMEOUT} -gt 0 ]; then |
263 |
read_timeout="-t ${KEY_TIMEOUT}" |
264 |
fi |
265 |
;; |
266 |
esac |
267 |
done |
268 |
|
269 |
if [[ -f /etc/conf.d/${SVCNAME} ]] && [[ -x /sbin/cryptsetup ]] ; then |
270 |
ebegin "Setting up dm-crypt mappings" |
271 |
|
272 |
while read -u 3 targetline ; do |
273 |
# skip comments and blank lines |
274 |
[[ ${targetline}\# == \#* ]] && continue |
275 |
|
276 |
# check for the start of a new target/swap |
277 |
case ${targetline} in |
278 |
target=*|swap=*) |
279 |
# If we have a target queued up, then execute it |
280 |
dm_crypt_execute_${SVCNAME%.*} |
281 |
|
282 |
# Prepare for the next target/swap by resetting variables |
283 |
unset gpg_options key loop_file target options pre_mount post_mount source swap remdev |
284 |
;; |
285 |
|
286 |
gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
287 |
if [[ -z ${target} && -z ${swap} ]] ; then |
288 |
ewarn "Ignoring setting outside target/swap section: ${targetline}" |
289 |
continue |
290 |
fi |
291 |
;; |
292 |
|
293 |
*) |
294 |
ewarn "Skipping invalid line in /etc/conf.d/${SVCNAME}: ${targetline}" |
295 |
;; |
296 |
esac |
297 |
|
298 |
# Queue this setting for the next call to dm_crypt_execute_${SVCNAME%.*} |
299 |
eval "${targetline}" |
300 |
done 3< /etc/conf.d/${SVCNAME} |
301 |
|
302 |
# If we have a target queued up, then execute it |
303 |
dm_crypt_execute_${SVCNAME%.*} |
304 |
|
305 |
ewend ${cryptfs_status} "Failed to setup dm-crypt devices" |
306 |
fi |
307 |
|
308 |
# vim:ts=4 |
309 |
|
310 |
|
311 |
|
312 |
1.1 sys-fs/cryptsetup/files/1.1.3-dm-crypt-stop.sh |
313 |
|
314 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-fs/cryptsetup/files/1.1.3-dm-crypt-stop.sh?rev=1.1&view=markup |
315 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-fs/cryptsetup/files/1.1.3-dm-crypt-stop.sh?rev=1.1&content-type=text/plain |
316 |
|
317 |
Index: 1.1.3-dm-crypt-stop.sh |
318 |
=================================================================== |
319 |
# /lib/rcscripts/addons/dm-crypt-stop.sh |
320 |
|
321 |
# Fix for baselayout-1.12.10 (bug 174256) |
322 |
: ${SVCNAME:=${myservice}} |
323 |
|
324 |
# Try to remove any dm-crypt mappings |
325 |
csetup=/sbin/cryptsetup |
326 |
if [ -f /etc/conf.d/${SVCNAME} ] && [ -x "$csetup" ] |
327 |
then |
328 |
einfo "Removing dm-crypt mappings" |
329 |
|
330 |
/bin/egrep "^(target|swap)" /etc/conf.d/${SVCNAME} | \ |
331 |
while read targetline |
332 |
do |
333 |
target= |
334 |
swap= |
335 |
|
336 |
eval ${targetline} |
337 |
|
338 |
[ -n "${swap}" ] && target=${swap} |
339 |
[ -z "${target}" ] && ewarn "Invalid line in /etc/conf.d/${SVCNAME}: ${targetline}" |
340 |
|
341 |
ebegin "Removing dm-crypt mapping for: ${target}" |
342 |
${csetup} remove ${target} |
343 |
eend $? "Failed to remove dm-crypt mapping for: ${target}" |
344 |
done |
345 |
|
346 |
if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" /etc/conf.d/${SVCNAME}) ]] ; then |
347 |
einfo "Taking down any dm-crypt loop devices" |
348 |
/bin/egrep -e "^(source)" /etc/conf.d/${SVCNAME} | while read sourceline |
349 |
do |
350 |
source= |
351 |
eval ${sourceline} |
352 |
if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then |
353 |
ebegin " Taking down ${source}" |
354 |
/sbin/losetup -d ${source} |
355 |
eend $? " Failed to remove loop" |
356 |
fi |
357 |
done |
358 |
fi |
359 |
fi |
360 |
|
361 |
# vim:ts=4 |