diff options
author | Victor Lowther <victor.lowther@gmail.com> | 2010-06-09 10:52:15 -0500 |
---|---|---|
committer | Victor Lowther <victor.lowther@gmail.com> | 2010-07-23 15:57:07 -0500 |
commit | 5a8e472335e58f3e2310b8d8161384af95f4c2a6 (patch) | |
tree | 6537ab71214243ed349bb55f903a864f4f799c1d | |
parent | 3ddbc5dbde6cb92b1058a10c11c31accf756dcac (diff) |
Rewrite /etc/crypttab processing.
Split out reading /etc/crypttab and procssing the individual lines into
their own helper functions, and bashify the resulting shorter code.
Processing this file is still ugly, though. :(
-rw-r--r-- | functions | 34 | ||||
-rwxr-xr-x | rc.shutdown | 38 | ||||
-rwxr-xr-x | rc.sysinit | 131 |
3 files changed, 86 insertions, 117 deletions
@@ -233,6 +233,40 @@ kill_everything() { run_hook "$1_postkillall" } +activate_vgs() { + [[ $USELVM =~ yes|YES && -x /sbin/lvm && -d /sys/block ]] || return + # Kernel 2.6.x, LVM2 groups + /sbin/modprobe -q dm-mod 2>/dev/null + stat_busy "Activating LVM2 groups" + if /sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null; then + stat_done + else + stat_fail + fi +} + +# Arch cryptsetup packages traditionally contained the binaries +# /usr/sbin/cryptsetup +# /sbin/cryptsetup.static +# By default, initscripts used the /sbin/cryptsetup.static. +# Newer packages will only have /sbin/cryptsetup and no static binary +# This ensures maximal compatibility with the old and new layout +for CS in /sbin/cryptsetup /usr/sbin/cryptsetup \ + /sbin/cryptsetup.static ''; do + [[ -x $CS ]] && break +done + +read_crypttab() { + # $1 = function to call with the split out line from the crypttab + local line nspo failed=0 + while read line; do + [[ $line && ${line:0:1} != '#' ]] || continue + eval nspo=("${line%#*}") + $1 "${nspo[0]}" "${nspo[1]}" "${nspo[2]}" "${nspo[@]:3}" || failed=1 + done < /etc/crypttab + return $failed +} + ############################### # Custom hooks in initscripts # ############################### diff --git a/rc.shutdown b/rc.shutdown index 07061e8..84003dd 100755 --- a/rc.shutdown +++ b/rc.shutdown @@ -65,34 +65,18 @@ stat_busy "Unmounting Filesystems" stat_done # Kill non-root encrypted partition mappings -if [[ -f /etc/crypttab ]]; then +if [[ -f /etc/crypttab && $CS ]]; then stat_busy "Deactivating encrypted volumes:" - # Arch cryptsetup packages traditionally contained the binaries - # /usr/sbin/cryptsetup - # /sbin/cryptsetup.static - # By default, initscripts used the /sbin/cryptsetup.static. - # Newer packages will only have /sbin/cryptsetup and no static binary - # This ensures maximal compatibility with the old and new layout - for CS in /sbin/cryptsetup /usr/sbin/cryptsetup \ - /sbin/cryptsetup.static ''; do - [[ -x $CS ]] && break - done - if [[ ! $CS ]]; then - stat_append " Failed, unable to find cryptsetup." - stat_fail - else - while read name src passwd opts; do - [[ ! $name || ${name:0:1} = '#']] && continue - [[ -b /dev/mapper/$name ]] || continue - stat_append "${1}.." - if "$CS" remove "$name" >/dev/null 2>&1; then - stat_append "ok " - else - stat_append "failed " - fi - done </etc/crypttab - fi - stat_done + do_lock() { + stat_append "${1}.." + if $CS remove "$1" >/dev/null 2>&1; then + stat_append "ok " + else + stat_append "failed " + fi + } + read_crypttab do_lock + stat_done fi if [[ $USELVM =~ yes|YES && -x /sbin/lvm && -d /sys/block ]]; then @@ -121,104 +121,55 @@ if [[ -f /etc/mdadm.conf ]] && /bin/grep -q ^ARRAY /etc/mdadm.conf; then status "Activating RAID arrays" /sbin/mdadm --assemble --scan fi -if [ "$USELVM" = "yes" -o "$USELVM" = "YES" ]; then - if [ -x /sbin/lvm -a -d /sys/block ]; then - # Kernel 2.6.x, LVM2 groups - /sbin/modprobe -q dm-mod 2>/dev/null - stat_busy "Activating LVM2 groups" - /sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null - if [ $? -ne 0 ]; then - stat_fail - else - stat_done - fi - fi -fi +activate_vgs # Set up non-root encrypted partition mappings -if [ -f /etc/crypttab -a -n "$(/bin/grep -v ^# /etc/crypttab | /bin/grep -v ^$)" ]; then - /sbin/modprobe -q dm-mod 2>/dev/null +if [[ -f /etc/crypttab && $CS ]]; then + /sbin/modprobe -q dm-crypt 2>/dev/null stat_busy "Unlocking encrypted volumes:" - csfailed=0 - # Arch cryptsetup packages traditionally contained the binaries - # /usr/sbin/cryptsetup - # /sbin/cryptsetup.static - # By default, initscripts used the /sbin/cryptsetup.static. - # Newer packages will only have /sbin/cryptsetup and no static binary - # This ensures maximal compatibility with the old and new layout - if [ -x /sbin/cryptsetup ]; then - CS=/sbin/cryptsetup - elif [ -x /usr/sbin/cryptsetup ]; then - CS=/usr/sbin/cryptsetup - else - CS=/sbin/cryptsetup.static - fi - do_crypt() { - if [ $# -ge 3 ]; then - cname="$1" - csrc="$2" - cpass="$3" - shift 3 - copts="$*" - stat_append "${cname}.." - # For some fun reason, the parameter ordering varies for - # LUKS and non-LUKS devices. Joy. - if [ "${cpass}" = "SWAP" ]; then - # This is DANGEROUS! The only possible safety check - # is to not proceed in case we find a LUKS device - # This may cause dataloss if it is not used carefully - if $CS isLuks $csrc 2>/dev/null; then - false - else - $CS -d /dev/urandom $copts create $cname $csrc >/dev/null - if [ $? -eq 0 ]; then - stat_append "creating swapspace.." - /sbin/mkswap -f -L $cname /dev/mapper/$cname >/dev/null - fi - fi - elif [ "${cpass}" = "ASK" ]; then - printf "\nOpening '${cname}' volume:\n" - - if $CS isLuks $csrc 2>/dev/null; then - $CS $copts luksOpen $csrc $cname < /dev/console - else - $CS $copts create $cname $csrc < /dev/console - fi - elif [ "${cpass:0:1}" != "/" ]; then - if $CS isLuks $csrc 2>/dev/null; then - echo "$cpass" | $CS $copts luksOpen $csrc $cname >/dev/null - else - echo "$cpass" | $CS $copts create $cname $csrc >/dev/null - fi - else - if $CS isLuks $csrc 2>/dev/null; then - $CS -d $cpass $copts luksOpen $csrc $cname >/dev/null - else - $CS -d $cpass $copts create $cname $csrc >/dev/null - fi - fi - if [ $? -ne 0 ]; then - csfailed=1 - stat_append "failed " - else - stat_append "ok " - fi - fi - } - while read line; do - eval do_crypt "$line" - done </etc/crypttab - if [ $csfailed -eq 0 ]; then + do_unlock() { + # $1 = requested name + # $2 = source device + # $3 = password + # $4 = options + local open=create a="$1" b="$2" failed=0 + # Ordering of options is different if you are using LUKS vs. not. + # Use ugly swizzling to deal with it. + if $CS isLuks "$2"; then + open=luksOpen + a="$2" + b="$1" + fi + case $3 in + SWAP) if [[ $_isluks ]]; then + # This is DANGEROUS! The only possible safety check + # is to not proceed in case we find a LUKS device + # This may cause dataloss if it is not used carefully + false + elif $CS -d /dev/urandom $4 $open "$a" "$b" >/dev/null; then + stat_append "creating swapspace.." + /sbin/mkswap -f -L $1 /dev/mapper/$1 >/dev/null + fi;; + ASK) printf "\nOpening '$1' volume:\n" + $CS $4 $open "$a" "$b" < /dev/console;; + /*) $CS -d "$3" $4 $open "$a" "$b" >/dev/null;; + *) echo "$3" | $CS $4 $open "$a" "$b" >/dev/null;; + esac + if (($? != 0)); then + failed=1 + stat_append "failed " + else + stat_append "ok " + fi + return $failed + } + if read_crypttab do_unlock; then stat_done else stat_fail fi # Maybe someone has LVM on an encrypted block device - if [ "$USELVM" = "yes" -o "$USELVM" = "YES" ]; then - if [ -x /sbin/lvm -a -d /sys/block ]; then - /sbin/lvm vgchange --ignorelockingfailure -a y >/dev/null - fi - fi + activate_vgs fi status "Mounting Root Read-only" /bin/mount -n -o remount,ro / |