diff options
| author |   Martin Schlemmer <azarah@gentoo.org> | 2005-03-01 23:25:14 +0000 |
|---|---|---|
| committer | Martin Schlemmer <azarah@gentoo.org> | 2005-03-01 23:25:14 +0000 |
| commit | ab62db1528079c719d308fce236399bd9752bce6 (patch) | |
| tree | 6859db958acd9d7ad5a6abae336d5f3726101815 /sys-fs/cryptsetup/files | |
| parent | version bump (diff) | |
| download | gentoo-2-ab62db1528079c719d308fce236399bd9752bce6.tar.gz gentoo-2-ab62db1528079c719d308fce236399bd9752bce6.tar.bz2 gentoo-2-ab62db1528079c719d308fce236399bd9752bce6.zip | |
Add cryptfs conf.d file and addon scripts.
(Portage version: 2.0.51.18)
Diffstat (limited to 'sys-fs/cryptsetup/files')
| -rw-r--r-- | sys-fs/cryptsetup/files/cryptfs.confd | 31 | ||||
| -rw-r--r-- | sys-fs/cryptsetup/files/digest-cryptsetup-0.1-r1 | 1 | ||||
| -rw-r--r-- | sys-fs/cryptsetup/files/dm-crypt-start.sh | 142 | ||||
| -rw-r--r-- | sys-fs/cryptsetup/files/dm-crypt-stop.sh | 49 |
4 files changed, 223 insertions, 0 deletions
diff --git a/sys-fs/cryptsetup/files/cryptfs.confd b/sys-fs/cryptsetup/files/cryptfs.confd new file mode 100644 index 000000000000..a11e116f9245 --- /dev/null +++ b/sys-fs/cryptsetup/files/cryptfs.confd @@ -0,0 +1,31 @@ +# /etc/conf.d/cryptfs +# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup/files/cryptfs.confd,v 1.1 2005/03/01 23:25:14 azarah Exp $ + +# Note regarding the syntax of this file. This file is *almost* bash, +# but each line is evaluated separately. Separate swaps/mounts can be +# specified. The init-script which reads this file assumes that a +# swap= or mount= line starts a new section, similar to lilo or grub +# configuration. + +# Swap partitions. These should come first so that no keys make their +# way into unencrypted swap. +# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom +# If no makefs is given then mkswap will be assumed +#swap=crypt-swap +#source='/dev/main/swap' + +# Mounts +# If no options are given, they will default to: -c aes -h sha1 +# No mkfs is run unless you specify a makefs option +#mount=crypt-tmp +#source='/dev/main/tmp' +#options='-d /dev/urandom' +#pre_mount='/sbin/mkreiserfs -f -f ${dev}' +#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}' + +# Loopback file example + +#mount='home-crypt' +#source='/dev/loop0' +#options='-c serpent -s 256' +#loop_file='/mnt/crypt/home' diff --git a/sys-fs/cryptsetup/files/digest-cryptsetup-0.1-r1 b/sys-fs/cryptsetup/files/digest-cryptsetup-0.1-r1 new file mode 100644 index 000000000000..e129539b0444 --- /dev/null +++ b/sys-fs/cryptsetup/files/digest-cryptsetup-0.1-r1 @@ -0,0 +1 @@ +MD5 c813ca6b5e8ecd9a48ec126c3b8ce857 cryptsetup-0.1.tar.bz2 249013 diff --git a/sys-fs/cryptsetup/files/dm-crypt-start.sh b/sys-fs/cryptsetup/files/dm-crypt-start.sh new file mode 100644 index 000000000000..a6b98fe5981f --- /dev/null +++ b/sys-fs/cryptsetup/files/dm-crypt-start.sh @@ -0,0 +1,142 @@ +# /lib/rcscripts/dm-crypt-start.sh: +# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup/files/dm-crypt-start.sh,v 1.1 2005/03/01 23:25:14 azarah Exp $ + +# Setup mappings for an individual mount/swap +# +# Note: This relies on variables localized in the main body below. +dm-crypt-execute-checkfs() { + local dev target + + if [[ -n ${loop_file} ]] ; then + dev="/dev/mapper/${target}" + ebegin " Setting up loop device ${source}" + /sbin/losetup ${source} ${loop_file} + fi + + if [[ -n ${mount} ]] ; then + target=${mount} + : ${options:='-c aes -h sha1'} + [[ -n ${key} ]] && : ${gpg_options:='-q -d'} + elif [[ -n ${swap} ]] ; then + target=${swap} + : ${options:='-c aes -h sha1 -d /dev/urandom'} + : ${pre_mount:='mkswap ${dev}'} + else + return + fi + + if /bin/cryptsetup status ${target} | egrep -q '\<active:'; then + einfo "dm-crypt mapping ${target} is already configured" + return + fi + + ebegin "dm-crypt map ${target}" + if [[ -z ${key} ]] ; then + /bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console + eend $? "failure running cryptsetup" + else + if [[ -x /usr/bin/gpg ]] ; then + retval=1 + while [[ $retval -gt 0 ]] ; do + keystring=$(gpg ${gpg_options} ${key} 2>/dev/null </dev/console) + if [[ -z ${keystring} ]] ; then + retval=5 + else + /bin/cryptsetup ${options} create ${target} ${source} << EOF +${keystring} +EOF + retval=$? + fi + done + eend $retval + else + einfo "You have to install app-crypt/gpg first" + fi + fi + if [[ $? != 0 ]] ; then + cryptfs_status=1 + else + if [[ -n ${pre_mount} ]] ; then + dev="/dev/mapper/${target}" + ebegin " Running pre_mount commands for ${target}" + eval "${pre_mount}" > /dev/null + ewend $? || cryptfs_status=1 + fi + fi +} + +# Run any post_mount commands for an individual mount +# +# Note: This relies on variables localized in the main body below. +dm-crypt-execute-localmount() { + local mount_point target + + if [[ -n ${mount} && -n ${post_mount} ]] ; then + target=${mount} + else + return + fi + + if ! /bin/cryptsetup status ${target} | egrep -q '\<active:'; then + ewarn "Skipping unmapped target ${target}" + cryptfs_status=1 + return + fi + + mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2) + if [[ -z ${mount_point} ]] ; then + ewarn "Failed to find mount point for ${target}, skipping" + cryptfs_status=1 + fi + + if [[ -n ${post_mount} ]] ; then + ebegin "Running post_mount commands for target ${target}" + eval "${post_mount}" >/dev/null + eend $? || cryptfs_status=1 + fi +} + +local cryptfs_status=0 +local gpg_options key loop_file mount mountline options pre_mount post_mount source swap + +if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /bin/cryptsetup ]] ; then + ebegin "Setting up dm-crypt mappings" + + while read mountline; do + # skip comments and blank lines + [[ ${mountline}\# == \#* ]] && continue + + # check for the start of a new mount/swap + case ${mountline} in + mount=*|swap=*) + # If we have a mount queued up, then execute it + dm-crypt-execute-${myservice} + + # Prepare for the next mount/swap by resetting variables + unset gpg_options key loop_file mount options pre_mount post_mount source swap + ;; + + gpg_options=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) + if [[ -z ${mount} && -z ${swap} ]] ; then + ewarn "Ignoring setting outside mount/swap section: ${mountline}" + continue + fi + ;; + + *) + ewarn "Skipping invalid line in /etc/conf.d/cryptfs: ${mountline}" + ;; + esac + + # Queue this setting for the next call to dm-crypt-execute-${myservice} + eval "${mountline}" + done < /etc/conf.d/cryptfs + + # If we have a mount queued up, then execute it + dm-crypt-execute-${myservice} + + ewend ${cryptfs_status} "Failed to setup dm-crypt devices" +fi + + +# vim:ts=4 diff --git a/sys-fs/cryptsetup/files/dm-crypt-stop.sh b/sys-fs/cryptsetup/files/dm-crypt-stop.sh new file mode 100644 index 000000000000..ce25f830f235 --- /dev/null +++ b/sys-fs/cryptsetup/files/dm-crypt-stop.sh @@ -0,0 +1,49 @@ +# /lib/rcscripts/addons/dm-crypt-stop.sh +# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup/files/dm-crypt-stop.sh,v 1.1 2005/03/01 23:25:14 azarah Exp $ + +# Try to remove any dm-crypt mappings +if [ -f /etc/conf.d/cryptfs ] && [ -x /bin/cryptsetup ] +then + einfo "Removing dm-crypt mappings" + + /bin/egrep "^(mount|swap)" /etc/conf.d/cryptfs | \ + while read mountline + do + mount= + swap= + target= + + eval ${mountline} + + if [ -n "${mount}" ] + then + target=${mount} + elif [ -n "${swap}" ] + then + target=${swap} + else + ewarn "Invalid line in /etc/conf.d/cryptfs: ${mountline}" + fi + + ebegin "Removing dm-crypt mapping for: ${target}" + /bin/cryptsetup remove ${target} + eend $? "Failed to remove dm-crypt mapping for: ${target}" + done + + if [[ -n $(/bin/egrep -e "^(source=)./dev/loop*" /etc/conf.d/cryptfs) ]] ; then + einfo "Taking down any dm-crypt loop devices" + /bin/egrep -e "^(source)" /etc/conf.d/cryptfs | while read sourceline + do + source= + eval ${sourceline} + if [[ -n $(echo ${source} | grep /dev/loop) ]] ; then + ebegin " Taking down ${source}" + /sbin/losetup -d ${source} + eend $? " Failed to remove loop" + fi + done + fi +fi + + +# vim:ts=4 |