summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Gundersen <teg@jklm.no>2012-03-17 11:38:14 +0100
committerTom Gundersen <teg@jklm.no>2012-03-17 11:38:14 +0100
commite57e4ebe4aee02b175f3d4d13a0fa1838769b3f2 (patch)
tree396d3150f92b18b6934a52ce9027866e82dc0ebd
parent4c6aba5ab3812523e65806c2876035b4498aad2e (diff)
crypto: move function from sysinit to functions
No functional change, just improve readability. Signed-off-by: Tom Gundersen <teg@jklm.no>
-rw-r--r--functions78
-rwxr-xr-xrc.sysinit77
2 files changed, 78 insertions, 77 deletions
diff --git a/functions b/functions
index f5da93c..11ab11f 100644
--- a/functions
+++ b/functions
@@ -377,6 +377,84 @@ activate_vgs() {
(( $? == 0 )) && stat_done || stat_fail
}
+do_unlock() {
+ # $1 = requested name
+ # $2 = source device
+ # $3 = password
+ # $4 = options
+ stat_append "${1}.."
+ local open=create a=$1 b=$2 failed=0
+ # Ordering of options is different if you are using LUKS vs. not.
+ # Use ugly swizzling to deal with it.
+ # isLuks only gives an exit code but no output to stdout or stderr.
+ if cryptsetup isLuks "$2" 2>/dev/null; then
+ open=luksOpen
+ a=$2
+ b=$1
+ fi
+ case $3 in
+ SWAP)
+ local _overwriteokay=0
+ if [[ -b $2 && -r $2 ]]; then
+ # This is DANGEROUS! If there is any known file system,
+ # partition table, RAID or LVM volume on the device
+ # we don't overwrite it.
+ #
+ # 'blkid' returns 2 if no valid signature has been found.
+ # Only in this case we should allow overwriting the device.
+ #
+ # This sanity check _should_ be sufficient, but it might not.
+ # This may cause dataloss if it is not used carefully.
+ blkid -p "$2" &>/dev/null
+ (( $? == 2 )) && _overwriteokay=1
+ fi
+ if (( _overwriteokay == 0 )); then
+ false
+ elif cryptsetup -d /dev/urandom $4 $open "$a" "$b" >/dev/null; then
+ stat_append "creating swapspace.."
+ mkswap -f -L $1 /dev/mapper/$1 >/dev/null
+ fi;;
+ ASK)
+ printf "\nOpening '$1' volume:\n"
+ cryptsetup $4 $open "$a" "$b" < /dev/console;;
+ /dev*)
+ local ckdev=${3%%:*}
+ local cka=${3#*:}
+ local ckb=${cka#*:}
+ local cka=${cka%:*}
+ local ckfile=/dev/ckfile
+ local ckdir=/dev/ckdir
+ case ${cka} in
+ *[!0-9]*)
+ # Use a file on the device
+ # cka is not numeric: cka=filesystem, ckb=path
+ mkdir ${ckdir}
+ mount -r -t ${cka} ${ckdev} ${ckdir}
+ dd if=${ckdir}/${ckb} of=${ckfile} >/dev/null 2>&1
+ umount ${ckdir}
+ rmdir ${ckdir};;
+ *)
+ # Read raw data from the block device
+ # cka is numeric: cka=offset, ckb=length
+ dd if=${ckdev} of=${ckfile} bs=1 skip=${cka} count=${ckb} >/dev/null 2>&1;;
+ esac
+ cryptsetup -d ${ckfile} $4 $open "$a" "$b" >/dev/null
+ dd if=/dev/urandom of=${ckfile} bs=1 count=$(stat -c %s ${ckfile}) conv=notrunc >/dev/null 2>&1
+ rm ${ckfile};;
+ /*)
+ cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;;
+ *)
+ echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;;
+ esac
+ if (( $? )); then
+ failed=1
+ stat_append "failed "
+ else
+ stat_append "ok "
+ fi
+ return $failed
+}
+
read_crypttab() {
# $1 = function to call with the split out line from the crypttab
local line nspo failed=0
diff --git a/rc.sysinit b/rc.sysinit
index 06b4bda..3528bb2 100755
--- a/rc.sysinit
+++ b/rc.sysinit
@@ -89,83 +89,6 @@ activate_vgs
# Set up non-root encrypted partition mappings
if [[ -f /etc/crypttab ]] && type -p cryptsetup >/dev/null; then
stat_busy "Unlocking encrypted volumes:"
- do_unlock() {
- # $1 = requested name
- # $2 = source device
- # $3 = password
- # $4 = options
- stat_append "${1}.."
- local open=create a=$1 b=$2 failed=0
- # Ordering of options is different if you are using LUKS vs. not.
- # Use ugly swizzling to deal with it.
- # isLuks only gives an exit code but no output to stdout or stderr.
- if cryptsetup isLuks "$2" 2>/dev/null; then
- open=luksOpen
- a=$2
- b=$1
- fi
- case $3 in
- SWAP)
- local _overwriteokay=0
- if [[ -b $2 && -r $2 ]]; then
- # This is DANGEROUS! If there is any known file system,
- # partition table, RAID or LVM volume on the device
- # we don't overwrite it.
- #
- # 'blkid' returns 2 if no valid signature has been found.
- # Only in this case we should allow overwriting the device.
- #
- # This sanity check _should_ be sufficient, but it might not.
- # This may cause dataloss if it is not used carefully.
- blkid -p "$2" &>/dev/null
- (( $? == 2 )) && _overwriteokay=1
- fi
- if (( _overwriteokay == 0 )); then
- false
- elif cryptsetup -d /dev/urandom $4 $open "$a" "$b" >/dev/null; then
- stat_append "creating swapspace.."
- mkswap -f -L $1 /dev/mapper/$1 >/dev/null
- fi;;
- ASK)
- printf "\nOpening '$1' volume:\n"
- cryptsetup $4 $open "$a" "$b" < /dev/console;;
- /dev*)
- local ckdev=${3%%:*}
- local cka=${3#*:}
- local ckb=${cka#*:}
- local cka=${cka%:*}
- local ckfile=/dev/ckfile
- local ckdir=/dev/ckdir
- case ${cka} in
- *[!0-9]*)
- # Use a file on the device
- # cka is not numeric: cka=filesystem, ckb=path
- mkdir ${ckdir}
- mount -r -t ${cka} ${ckdev} ${ckdir}
- dd if=${ckdir}/${ckb} of=${ckfile} >/dev/null 2>&1
- umount ${ckdir}
- rmdir ${ckdir};;
- *)
- # Read raw data from the block device
- # cka is numeric: cka=offset, ckb=length
- dd if=${ckdev} of=${ckfile} bs=1 skip=${cka} count=${ckb} >/dev/null 2>&1;;
- esac
- cryptsetup -d ${ckfile} $4 $open "$a" "$b" >/dev/null
- dd if=/dev/urandom of=${ckfile} bs=1 count=$(stat -c %s ${ckfile}) conv=notrunc >/dev/null 2>&1
- rm ${ckfile};;
- /*)
- cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;;
- *)
- echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;;
- esac
- if (( $? )); then
- failed=1
- stat_append "failed "
- else
- stat_append "ok "
- fi
- return $failed
- }
crypto_unlocked=0
read_crypttab do_unlock && stat_done || stat_fail
# Maybe someone has LVM on an encrypted block device