SVN: rc-scripts/trunk/rc.d/init.d/cryptsetup
glen
glen at pld-linux.org
Fri Nov 9 01:33:22 CET 2007
Author: glen
Date: Fri Nov 9 01:33:22 2007
New Revision: 9022
Added:
rc-scripts/trunk/rc.d/init.d/cryptsetup (contents, props changed)
Log:
- based on code from rc.sysinit of fc initscripts-8.54
Added: rc-scripts/trunk/rc.d/init.d/cryptsetup
==============================================================================
--- (empty file)
+++ rc-scripts/trunk/rc.d/init.d/cryptsetup Fri Nov 9 01:33:22 2007
@@ -0,0 +1,133 @@
+#!/bin/sh
+# cryptsetup functions for rc-scripts
+# if invoked standalone, processes /etc/cryptab like on boot.
+
+key_is_random() {
+ [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" -o "$1" = "/dev/random" ]
+}
+
+# Because of a chicken/egg problem, init_crypto must be run twice. /var may be
+# encrypted but /var/lib/random-seed is needed to initialize swap.
+init_crypto() {
+ local have_random dst src key opt mode owner params makeswap skip arg opt
+ local param value rc ret mke2fs mdir
+
+ ret=0
+ have_random=$1
+ while read dst src key opt; do
+ [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
+ [ -b "/dev/mapper/$dst" ] && continue;
+ if [ "$have_random" = 0 ] && key_is_random "$key"; then
+ continue
+ fi
+ if [ -n "$key" -a "x$key" != "xnone" ]; then
+ if test -e "$key" ; then
+ mode=$(ls -l "$key" | cut -c 5-10)
+ owner=$(ls -l $key | awk '{ print $3 }')
+ if [ "$mode" != "------" ] && ! key_is_random "$key"; then
+ echo $"INSECURE MODE FOR $key"
+ fi
+ if [ "$owner" != root ]; then
+ echo $"INSECURE OWNER FOR $key"
+ fi
+ else
+ echo $"Key file for $dst not found, skipping"
+ ret=1
+ continue
+ fi
+ else
+ key=""
+ fi
+ params=""
+ makeswap=""
+ mke2fs=""
+ skip=""
+ # Parse the options field, convert to cryptsetup parameters
+ # and contruct the command line
+ while [ -n "$opt" ]; do
+ arg=${opt%%,*}
+ opt=${opt##$arg}
+ opt=${opt##,}
+ param=${arg%%=*}
+ value=${arg##$param=}
+
+ case "$param" in
+ cipher)
+ params="$params -c $value"
+ if [ -z "$value" ]; then
+ echo $"$dst: no value for cipher option, skipping"
+ skip="yes"
+ fi
+ ;;
+ size)
+ params="$params -s $value"
+ if [ -z "$value" ]; then
+ echo $"$dst: no value for size option, skipping"
+ skip="yes"
+ fi
+ ;;
+ hash)
+ params="$params -h $value"
+ if [ -z "$value" ]; then
+ echo $"$dst: no value for hash option, skipping"
+ skip="yes"
+ fi
+ ;;
+ verify)
+ params="$params -y"
+ ;;
+ swap)
+ makeswap=yes
+ ;;
+ tmp)
+ mke2fs=yes
+ esac
+ done
+
+ if [ "$skip" = "yes" ]; then
+ ret=1
+ continue
+ fi
+
+ if /sbin/cryptsetup isLuks "$src" 2>/dev/null; then
+ if key_is_random "$key"; then
+ echo $"$dst: LUKS requires non-random key, skipping"
+ ret=1
+ continue
+ fi
+ if [ -n "$params" ]; then
+ echo "$dst: options are invalid for LUKS partitions, ignoring them"
+ fi
+ /sbin/cryptsetup ${key:+-d $key} luksOpen "$src" "$dst" <&1
+ else
+ /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null
+ fi
+ rc=$?
+ if [ $rc -ne 0 ]; then
+ ret=1
+ continue
+ fi
+ if [ -b "/dev/mapper/$dst" ]; then
+ if [ "$makeswap" = "yes" ]; then
+ mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null
+ fi
+ if [ "$mke2fs" = "yes" ]; then
+ if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \
+ && mdir=$(mktemp -d /tmp/mountXXXXXX); then
+ mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir"
+ umount "$mdir"
+ rmdir "$mdir"
+ fi
+ fi
+ fi
+ done < /etc/crypttab
+ return $ret
+}
+
+# if invoked directly,
+if [[ "$0" = *cryptsetup ]] && [ -f /etc/crypttab ]; then
+ . /etc/rc.d/init.d/functions
+
+ show "Starting disk encryption:"
+ init_crypto 1 && ok || fail
+fi
More information about the pld-cvs-commit
mailing list