diff options
author | Tom Gundersen <teg@jklm.no> | 2012-03-17 11:38:14 +0100 |
---|---|---|
committer | Tom Gundersen <teg@jklm.no> | 2012-03-17 11:38:14 +0100 |
commit | e57e4ebe4aee02b175f3d4d13a0fa1838769b3f2 (patch) | |
tree | 396d3150f92b18b6934a52ce9027866e82dc0ebd | |
parent | 4c6aba5ab3812523e65806c2876035b4498aad2e (diff) |
crypto: move function from sysinit to functions
No functional change, just improve readability.
Signed-off-by: Tom Gundersen <teg@jklm.no>
-rw-r--r-- | functions | 78 | ||||
-rwxr-xr-x | rc.sysinit | 77 |
2 files changed, 78 insertions, 77 deletions
@@ -377,6 +377,84 @@ activate_vgs() { (( $? == 0 )) && stat_done || stat_fail } +do_unlock() { + # $1 = requested name + # $2 = source device + # $3 = password + # $4 = options + stat_append "${1}.." + local open=create a=$1 b=$2 failed=0 + # Ordering of options is different if you are using LUKS vs. not. + # Use ugly swizzling to deal with it. + # isLuks only gives an exit code but no output to stdout or stderr. + if cryptsetup isLuks "$2" 2>/dev/null; then + open=luksOpen + a=$2 + b=$1 + fi + case $3 in + SWAP) + local _overwriteokay=0 + if [[ -b $2 && -r $2 ]]; then + # This is DANGEROUS! If there is any known file system, + # partition table, RAID or LVM volume on the device + # we don't overwrite it. + # + # 'blkid' returns 2 if no valid signature has been found. + # Only in this case we should allow overwriting the device. + # + # This sanity check _should_ be sufficient, but it might not. + # This may cause dataloss if it is not used carefully. + blkid -p "$2" &>/dev/null + (( $? == 2 )) && _overwriteokay=1 + fi + if (( _overwriteokay == 0 )); then + false + elif cryptsetup -d /dev/urandom $4 $open "$a" "$b" >/dev/null; then + stat_append "creating swapspace.." + mkswap -f -L $1 /dev/mapper/$1 >/dev/null + fi;; + ASK) + printf "\nOpening '$1' volume:\n" + cryptsetup $4 $open "$a" "$b" < /dev/console;; + /dev*) + local ckdev=${3%%:*} + local cka=${3#*:} + local ckb=${cka#*:} + local cka=${cka%:*} + local ckfile=/dev/ckfile + local ckdir=/dev/ckdir + case ${cka} in + *[!0-9]*) + # Use a file on the device + # cka is not numeric: cka=filesystem, ckb=path + mkdir ${ckdir} + mount -r -t ${cka} ${ckdev} ${ckdir} + dd if=${ckdir}/${ckb} of=${ckfile} >/dev/null 2>&1 + umount ${ckdir} + rmdir ${ckdir};; + *) + # Read raw data from the block device + # cka is numeric: cka=offset, ckb=length + dd if=${ckdev} of=${ckfile} bs=1 skip=${cka} count=${ckb} >/dev/null 2>&1;; + esac + cryptsetup -d ${ckfile} $4 $open "$a" "$b" >/dev/null + dd if=/dev/urandom of=${ckfile} bs=1 count=$(stat -c %s ${ckfile}) conv=notrunc >/dev/null 2>&1 + rm ${ckfile};; + /*) + cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;; + *) + echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;; + esac + if (( $? )); then + failed=1 + stat_append "failed " + else + stat_append "ok " + fi + return $failed +} + read_crypttab() { # $1 = function to call with the split out line from the crypttab local line nspo failed=0 @@ -89,83 +89,6 @@ activate_vgs # Set up non-root encrypted partition mappings if [[ -f /etc/crypttab ]] && type -p cryptsetup >/dev/null; then stat_busy "Unlocking encrypted volumes:" - do_unlock() { - # $1 = requested name - # $2 = source device - # $3 = password - # $4 = options - stat_append "${1}.." - local open=create a=$1 b=$2 failed=0 - # Ordering of options is different if you are using LUKS vs. not. - # Use ugly swizzling to deal with it. - # isLuks only gives an exit code but no output to stdout or stderr. - if cryptsetup isLuks "$2" 2>/dev/null; then - open=luksOpen - a=$2 - b=$1 - fi - case $3 in - SWAP) - local _overwriteokay=0 - if [[ -b $2 && -r $2 ]]; then - # This is DANGEROUS! If there is any known file system, - # partition table, RAID or LVM volume on the device - # we don't overwrite it. - # - # 'blkid' returns 2 if no valid signature has been found. - # Only in this case we should allow overwriting the device. - # - # This sanity check _should_ be sufficient, but it might not. - # This may cause dataloss if it is not used carefully. - blkid -p "$2" &>/dev/null - (( $? == 2 )) && _overwriteokay=1 - fi - if (( _overwriteokay == 0 )); then - false - elif cryptsetup -d /dev/urandom $4 $open "$a" "$b" >/dev/null; then - stat_append "creating swapspace.." - mkswap -f -L $1 /dev/mapper/$1 >/dev/null - fi;; - ASK) - printf "\nOpening '$1' volume:\n" - cryptsetup $4 $open "$a" "$b" < /dev/console;; - /dev*) - local ckdev=${3%%:*} - local cka=${3#*:} - local ckb=${cka#*:} - local cka=${cka%:*} - local ckfile=/dev/ckfile - local ckdir=/dev/ckdir - case ${cka} in - *[!0-9]*) - # Use a file on the device - # cka is not numeric: cka=filesystem, ckb=path - mkdir ${ckdir} - mount -r -t ${cka} ${ckdev} ${ckdir} - dd if=${ckdir}/${ckb} of=${ckfile} >/dev/null 2>&1 - umount ${ckdir} - rmdir ${ckdir};; - *) - # Read raw data from the block device - # cka is numeric: cka=offset, ckb=length - dd if=${ckdev} of=${ckfile} bs=1 skip=${cka} count=${ckb} >/dev/null 2>&1;; - esac - cryptsetup -d ${ckfile} $4 $open "$a" "$b" >/dev/null - dd if=/dev/urandom of=${ckfile} bs=1 count=$(stat -c %s ${ckfile}) conv=notrunc >/dev/null 2>&1 - rm ${ckfile};; - /*) - cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;; - *) - echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;; - esac - if (( $? )); then - failed=1 - stat_append "failed " - else - stat_append "ok " - fi - return $failed - } crypto_unlocked=0 read_crypttab do_unlock && stat_done || stat_fail # Maybe someone has LVM on an encrypted block device |