SVN: rc-scripts/trunk/rc.d/init.d/cryptsetup

glen glen at pld-linux.org
Fri Nov 9 01:33:22 CET 2007


Author: glen
Date: Fri Nov  9 01:33:22 2007
New Revision: 9022

Added:
   rc-scripts/trunk/rc.d/init.d/cryptsetup   (contents, props changed)
Log:
- based on code from rc.sysinit of fc initscripts-8.54

Added: rc-scripts/trunk/rc.d/init.d/cryptsetup
==============================================================================
--- (empty file)
+++ rc-scripts/trunk/rc.d/init.d/cryptsetup	Fri Nov  9 01:33:22 2007
@@ -0,0 +1,133 @@
+#!/bin/sh
+# cryptsetup functions for rc-scripts
+# if invoked standalone, processes /etc/cryptab like on boot.
+
+key_is_random() {
+	[ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" -o "$1" = "/dev/random" ]
+}
+
+# Because of a chicken/egg problem, init_crypto must be run twice.  /var may be
+# encrypted but /var/lib/random-seed is needed to initialize swap.
+init_crypto() {
+	local have_random dst src key opt mode owner params makeswap skip arg opt
+	local param value rc ret mke2fs mdir
+
+	ret=0
+	have_random=$1
+	while read dst src key opt; do
+		[ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
+		[ -b "/dev/mapper/$dst" ] && continue;
+		if [ "$have_random" = 0 ] && key_is_random "$key"; then
+			continue
+		fi
+		if [ -n "$key" -a "x$key" != "xnone" ]; then
+			if test -e "$key" ; then
+				mode=$(ls -l "$key" | cut -c 5-10)
+				owner=$(ls -l $key | awk '{ print $3 }')
+				if [ "$mode" != "------" ] && ! key_is_random "$key"; then
+					echo $"INSECURE MODE FOR $key"
+				fi
+				if [ "$owner" != root ]; then
+					echo $"INSECURE OWNER FOR $key"
+				fi
+			else
+				echo $"Key file for $dst not found, skipping"
+				ret=1
+				continue
+			fi
+		else
+			key=""
+		fi
+		params=""
+		makeswap=""
+		mke2fs=""
+		skip=""
+		# Parse the options field, convert to cryptsetup parameters
+		# and contruct the command line
+		while [ -n "$opt" ]; do
+			arg=${opt%%,*}
+			opt=${opt##$arg}
+			opt=${opt##,}
+			param=${arg%%=*}
+			value=${arg##$param=}
+
+			case "$param" in
+			cipher)
+				params="$params -c $value"
+				if [ -z "$value" ]; then
+					echo $"$dst: no value for cipher option, skipping"
+					skip="yes"
+				fi
+			;;
+			size)
+				params="$params -s $value"
+				if [ -z "$value" ]; then
+					echo $"$dst: no value for size option, skipping"
+					skip="yes"
+				fi
+			;;
+			hash)
+				params="$params -h $value"
+				if [ -z "$value" ]; then
+					echo $"$dst: no value for hash option, skipping"
+					skip="yes"
+				fi
+			;;
+			verify)
+				params="$params -y"
+			;;
+			swap)
+				makeswap=yes
+			;;
+			tmp)
+				mke2fs=yes
+			esac
+		done
+
+		if [ "$skip" = "yes" ]; then
+			ret=1
+			continue
+		fi
+
+		if /sbin/cryptsetup isLuks "$src" 2>/dev/null; then
+			if key_is_random "$key"; then
+				echo $"$dst: LUKS requires non-random key, skipping"
+				ret=1
+				continue
+			fi
+			if [ -n "$params" ]; then
+				echo "$dst: options are invalid for LUKS partitions, ignoring them"
+			fi
+			/sbin/cryptsetup ${key:+-d $key} luksOpen "$src" "$dst" <&1
+		else
+			/sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null
+		fi
+		rc=$?
+		if [ $rc -ne 0 ]; then
+			ret=1
+			continue
+		fi
+		if [ -b "/dev/mapper/$dst" ]; then
+			if [ "$makeswap" = "yes" ]; then
+				mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null
+			fi
+			if [ "$mke2fs" = "yes" ]; then
+				if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \
+					&& mdir=$(mktemp -d /tmp/mountXXXXXX); then
+					mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir"
+					umount "$mdir"
+					rmdir "$mdir"
+				fi
+			fi
+		fi
+	done < /etc/crypttab
+	return $ret
+}
+
+# if invoked directly,
+if [[ "$0" = *cryptsetup ]] && [ -f /etc/crypttab ]; then
+	. /etc/rc.d/init.d/functions
+
+	show "Starting disk encryption:"
+	init_crypto 1 && ok || fail
+fi


More information about the pld-cvs-commit mailing list