summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Auty <ikelos@gentoo.org>2007-04-12 10:36:05 +0000
committerMike Auty <ikelos@gentoo.org>2007-04-12 10:36:05 +0000
commitb1bef5d12ab4cef0ff5d0063076a93230c51b472 (patch)
tree7af64b59f7fe59ebc64b22c8921d7fbc881e6626 /sys-fs/cryptsetup-luks
parentstable x86, security bug 174206 (diff)
downloadhistorical-b1bef5d12ab4cef0ff5d0063076a93230c51b472.tar.gz
historical-b1bef5d12ab4cef0ff5d0063076a93230c51b472.tar.bz2
historical-b1bef5d12ab4cef0ff5d0063076a93230c51b472.zip
Version bump to fix bug 174256 (thanks to UberLord and zzam) and removing old version.
Package-Manager: portage-2.1.2.3
Diffstat (limited to 'sys-fs/cryptsetup-luks')
-rw-r--r--sys-fs/cryptsetup-luks/ChangeLog10
-rw-r--r--sys-fs/cryptsetup-luks/Manifest44
-rw-r--r--sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild (renamed from sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild)2
-rw-r--r--sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh3
-rw-r--r--sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r3 (renamed from sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r2)0
-rw-r--r--sys-fs/cryptsetup-luks/files/dm-crypt-start.sh229
6 files changed, 193 insertions, 95 deletions
diff --git a/sys-fs/cryptsetup-luks/ChangeLog b/sys-fs/cryptsetup-luks/ChangeLog
index d3bc21414f83..b5389c128fd0 100644
--- a/sys-fs/cryptsetup-luks/ChangeLog
+++ b/sys-fs/cryptsetup-luks/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for sys-fs/cryptsetup-luks
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/ChangeLog,v 1.49 2007/04/11 15:27:55 ikelos Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/ChangeLog,v 1.50 2007/04/12 10:36:05 ikelos Exp $
+
+*cryptsetup-luks-1.0.4-r3 (12 Apr 2007)
+
+ 12 Apr 2007; Mike Auty <ikelos@gentoo.org> files/1.0.4-dm-crypt-start.sh,
+ files/dm-crypt-start.sh, -cryptsetup-luks-1.0.4-r2.ebuild,
+ +cryptsetup-luks-1.0.4-r3.ebuild:
+ Version bump to fix bug 174256 (thanks to UberLord and zzam) and removing
+ old version.
*cryptsetup-luks-1.0.4-r2 (11 Apr 2007)
diff --git a/sys-fs/cryptsetup-luks/Manifest b/sys-fs/cryptsetup-luks/Manifest
index 4cc34bd98314..b73b6906947c 100644
--- a/sys-fs/cryptsetup-luks/Manifest
+++ b/sys-fs/cryptsetup-luks/Manifest
@@ -13,10 +13,10 @@ AUX 1.0.3-dm-crypt-stop.sh 1021 RMD160 4b4537e0cadf447c1efed6ca8a4478b058e99aad
MD5 341064815588da90206d883ed5dc42df files/1.0.3-dm-crypt-stop.sh 1021
RMD160 4b4537e0cadf447c1efed6ca8a4478b058e99aad files/1.0.3-dm-crypt-stop.sh 1021
SHA256 fd8856130104aa37d6941168b299389a47e6760077a9e6d3f86f3301385a4973 files/1.0.3-dm-crypt-stop.sh 1021
-AUX 1.0.4-dm-crypt-start.sh 7274 RMD160 22e364fb7887ed016c02241c078c79c41c373289 SHA1 84ae6918301b9f6f8761d4f500936d390eaeb180 SHA256 a191aa680814eae2f2d5de7694eae4756d44ab78fbcdd254bef05c3d3653a147
-MD5 df7af1ac103b488312891f0e123b4bfb files/1.0.4-dm-crypt-start.sh 7274
-RMD160 22e364fb7887ed016c02241c078c79c41c373289 files/1.0.4-dm-crypt-start.sh 7274
-SHA256 a191aa680814eae2f2d5de7694eae4756d44ab78fbcdd254bef05c3d3653a147 files/1.0.4-dm-crypt-start.sh 7274
+AUX 1.0.4-dm-crypt-start.sh 7363 RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 SHA1 8e872c7a6a7c0cb19518bfc97eddd262565ef5c7 SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f
+MD5 d9bb83f14d9e3bc1f2e2ba81c225ce96 files/1.0.4-dm-crypt-start.sh 7363
+RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 files/1.0.4-dm-crypt-start.sh 7363
+SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f files/1.0.4-dm-crypt-start.sh 7363
AUX cryptfs.confd 1548 RMD160 a009482d77e0c467fc9b26bbf7cd0a46ed5eb26e SHA1 a51fd66f741436626706f6221be4709f5b6870ad SHA256 7e6d165edb4e3971d949847629e56849c0839c73f43de07822b4c942171dc16a
MD5 6d86b15e07cd0cdf96d8a363b1d778cd files/cryptfs.confd 1548
RMD160 a009482d77e0c467fc9b26bbf7cd0a46ed5eb26e files/cryptfs.confd 1548
@@ -33,10 +33,10 @@ AUX cryptsetup-luks-1.0.3-selinux.patch 418 RMD160 2f0d805d378ce0629e81abf84929b
MD5 8e76b60d4e94130170c49c7f32bb2ee6 files/cryptsetup-luks-1.0.3-selinux.patch 418
RMD160 2f0d805d378ce0629e81abf84929bb54a1324e45 files/cryptsetup-luks-1.0.3-selinux.patch 418
SHA256 8203c3c77c5c091103d329f48bba51bfc7e5d6feb8c51348e7b192d2872ac9b3 files/cryptsetup-luks-1.0.3-selinux.patch 418
-AUX dm-crypt-start.sh 4306 RMD160 558705676a62acdaacb1362ad5459c1719f5b247 SHA1 07c4aafe6e0a3defc654215796e22165fbad777e SHA256 48669629db92c204f208406cf5ca78acce9088568e0bc03bba511b38a668b0fc
-MD5 c653a0b4ace27569ccc659b7cb43b4a9 files/dm-crypt-start.sh 4306
-RMD160 558705676a62acdaacb1362ad5459c1719f5b247 files/dm-crypt-start.sh 4306
-SHA256 48669629db92c204f208406cf5ca78acce9088568e0bc03bba511b38a668b0fc files/dm-crypt-start.sh 4306
+AUX dm-crypt-start.sh 7363 RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 SHA1 8e872c7a6a7c0cb19518bfc97eddd262565ef5c7 SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f
+MD5 d9bb83f14d9e3bc1f2e2ba81c225ce96 files/dm-crypt-start.sh 7363
+RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 files/dm-crypt-start.sh 7363
+SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f files/dm-crypt-start.sh 7363
AUX dm-crypt-stop.sh 1297 RMD160 aae23fdb24788b31992f61afd750d0be270a586b SHA1 185ac9098155cc4e070a277baca7b29976d68618 SHA256 c160c65b947af563e5e5ee0b090f3d2a4f4097361b1088be05cba3f3461907b7
MD5 a3bb6598f67c8922ccb6576ff256ced0 files/dm-crypt-stop.sh 1297
RMD160 aae23fdb24788b31992f61afd750d0be270a586b files/dm-crypt-stop.sh 1297
@@ -64,18 +64,18 @@ EBUILD cryptsetup-luks-1.0.4-r1.ebuild 2605 RMD160 2e37b32c41ee15c9120f154fab0fc
MD5 f36c87aa5faa82b33e8e51c9b1773d0b cryptsetup-luks-1.0.4-r1.ebuild 2605
RMD160 2e37b32c41ee15c9120f154fab0fca5fbc048f91 cryptsetup-luks-1.0.4-r1.ebuild 2605
SHA256 20880e9fd0faeadb1ac41678487a74037ae9542de70fb489a2ef44e574c31f18 cryptsetup-luks-1.0.4-r1.ebuild 2605
-EBUILD cryptsetup-luks-1.0.4-r2.ebuild 2603 RMD160 4909e9f2a36056b9ae31afa286321f64924e5cbf SHA1 7951b5578c1ecd49a9e1cc37cdbb545b244143db SHA256 622ed75b3faf622d0e577a4fe1ad724e8e6f5d6d065052ab5ad6df208699082f
-MD5 971f19c2fdc7c7ecdbb190691a8d6344 cryptsetup-luks-1.0.4-r2.ebuild 2603
-RMD160 4909e9f2a36056b9ae31afa286321f64924e5cbf cryptsetup-luks-1.0.4-r2.ebuild 2603
-SHA256 622ed75b3faf622d0e577a4fe1ad724e8e6f5d6d065052ab5ad6df208699082f cryptsetup-luks-1.0.4-r2.ebuild 2603
+EBUILD cryptsetup-luks-1.0.4-r3.ebuild 2603 RMD160 7da653c7523729027d5b744df5eb62e286af8d5e SHA1 71fbdd5090f7f528556e4f85615adc9baa14e078 SHA256 52c9c9845eb9b16ad3033cb20fb46f5dd019ab018ce677399055bfd0874c1830
+MD5 9315dbe340003e48d036ae1ff102a2be cryptsetup-luks-1.0.4-r3.ebuild 2603
+RMD160 7da653c7523729027d5b744df5eb62e286af8d5e cryptsetup-luks-1.0.4-r3.ebuild 2603
+SHA256 52c9c9845eb9b16ad3033cb20fb46f5dd019ab018ce677399055bfd0874c1830 cryptsetup-luks-1.0.4-r3.ebuild 2603
EBUILD cryptsetup-luks-1.0.4.ebuild 2557 RMD160 f0852837246003218baa1a691eb0d0fd7ff451f0 SHA1 23e3159c6c156b004f8611a7eb96413c2e2a03f3 SHA256 9d20d95029a8123d9dc20b05d028103205440aa972cebb39742395ba3a169df4
MD5 8aa10f77a53fabd16359c10bfe57f980 cryptsetup-luks-1.0.4.ebuild 2557
RMD160 f0852837246003218baa1a691eb0d0fd7ff451f0 cryptsetup-luks-1.0.4.ebuild 2557
SHA256 9d20d95029a8123d9dc20b05d028103205440aa972cebb39742395ba3a169df4 cryptsetup-luks-1.0.4.ebuild 2557
-MISC ChangeLog 6993 RMD160 fb739be4733968cdfe99016386866d756262df2e SHA1 6fc7b89c62715a781e6377e00a303267676e4d10 SHA256 28fbef8cc6c6d11f00f50ced77a96328fb0a5b7b8bf92e9ce63267628019639d
-MD5 4c5d1e21e66f1aef0724a63da4a317c2 ChangeLog 6993
-RMD160 fb739be4733968cdfe99016386866d756262df2e ChangeLog 6993
-SHA256 28fbef8cc6c6d11f00f50ced77a96328fb0a5b7b8bf92e9ce63267628019639d ChangeLog 6993
+MISC ChangeLog 7299 RMD160 a509cf21ed1bb7e1f33c7458293948ee7f6f3965 SHA1 224cbd8c91566bd247f44e43a73a910c67bbabcb SHA256 6b5be9032bc0d230db543c2f3977d74815f3c9a984463f271969e223a6a7f80b
+MD5 1356f68e1b763cf41ae9cb9a1fae85e8 ChangeLog 7299
+RMD160 a509cf21ed1bb7e1f33c7458293948ee7f6f3965 ChangeLog 7299
+SHA256 6b5be9032bc0d230db543c2f3977d74815f3c9a984463f271969e223a6a7f80b ChangeLog 7299
MISC metadata.xml 228 RMD160 4ecb17bc29c5805c7d009098d379f85807f0ff9a SHA1 0f7be0d47f13ff42c97b3787385fe6e1cd9cbfc0 SHA256 157fd3642e30749762584d579cbeb8095379a572897d3f60dc30414cfd0f5c34
MD5 6c788beeca78bd11e5cd6e759e52fadc metadata.xml 228
RMD160 4ecb17bc29c5805c7d009098d379f85807f0ff9a metadata.xml 228
@@ -98,13 +98,13 @@ SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/di
MD5 99aa86b96620381c73335d1bc21ddf77 files/digest-cryptsetup-luks-1.0.4-r1 268
RMD160 ba93465625d521cc777c1fbc352c3aec11786eff files/digest-cryptsetup-luks-1.0.4-r1 268
SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/digest-cryptsetup-luks-1.0.4-r1 268
-MD5 99aa86b96620381c73335d1bc21ddf77 files/digest-cryptsetup-luks-1.0.4-r2 268
-RMD160 ba93465625d521cc777c1fbc352c3aec11786eff files/digest-cryptsetup-luks-1.0.4-r2 268
-SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/digest-cryptsetup-luks-1.0.4-r2 268
+MD5 99aa86b96620381c73335d1bc21ddf77 files/digest-cryptsetup-luks-1.0.4-r3 268
+RMD160 ba93465625d521cc777c1fbc352c3aec11786eff files/digest-cryptsetup-luks-1.0.4-r3 268
+SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/digest-cryptsetup-luks-1.0.4-r3 268
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.3 (GNU/Linux)
-iD8DBQFGHP6Ku7rWomwgFXoRAnQ9AKCD41ZMYae2Kso+OdmZYXznz4YbdQCgskaV
-Zik4w0g1KvbbtcsxWvb7BmU=
-=cCJ1
+iD8DBQFGHguiu7rWomwgFXoRAvGsAJ96icLsxnlydAtb6Dxi+8XNeQFDyACfR+T3
+9LKzmV6+BbiT/1SXZtzguZ4=
+=EnBK
-----END PGP SIGNATURE-----
diff --git a/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild b/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild
index 32e36e709692..77b9fd7c9fa2 100644
--- a/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild
+++ b/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild,v 1.1 2007/04/11 15:27:55 ikelos Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild,v 1.1 2007/04/12 10:36:05 ikelos Exp $
inherit linux-info eutils flag-o-matic multilib
diff --git a/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh b/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh
index 01ff7905a076..a1887da8aee6 100644
--- a/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh
+++ b/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh
@@ -197,6 +197,9 @@ local gpg_options key loop_file target targetline options pre_mount post_mount s
if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /bin/cryptsetup ]] ; then
ebegin "Setting up dm-crypt mappings"
+ # Fix for baselayout-1.12.10 (bug 174256)
+ [ -z ${SVCNAME} ] && SVCNAME="${myservice}"
+
while read targetline ; do
# skip comments and blank lines
[[ ${targetline}\# == \#* ]] && continue
diff --git a/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r2 b/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r3
index 5941fa96ba5e..5941fa96ba5e 100644
--- a/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r2
+++ b/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r3
diff --git a/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh b/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh
index 3d22c95d0def..a1887da8aee6 100644
--- a/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh
+++ b/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh
@@ -1,67 +1,156 @@
# /lib/rcscripts/addons/dm-crypt-start.sh
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh,v 1.2 2005/06/15 09:53:25 strerror Exp $
-# Setup mappings for an individual mount/swap
-#
-# Note: This relies on variables localized in the main body below.
-dm-crypt-execute-checkfs() {
- local dev target ret
-
- if [[ -n ${loop_file} ]] ; then
- dev="/dev/mapper/${target}"
- ebegin " Setting up loop device ${source}"
- /sbin/losetup ${source} ${loop_file}
- fi
+# For backwards compatability with baselayout < 1.13.0
+dm_crypt_execute_checkfs() {
+ dm_crypt_execute_volumes
+}
- if [[ -n ${mount} ]] ; then
- target=${mount}
- : ${options:='-c aes -h sha1'}
- [[ -n ${key} ]] && : ${gpg_options:='-q -d'}
- elif [[ -n ${swap} ]] ; then
+# Setup mappings for an individual target/swap
+# Note: This relies on variables localized in the main body below.
+dm_crypt_execute_volumes() {
+ local dev ret mode
+ # some colors
+ local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m'
+
+ if [ -n "$target" ]; then
+ # let user set options, otherwise leave empty
+ : ${options:=' '}
+ elif [ -n "$swap" ]; then
target=${swap}
+ # swap contents do not need to be preserved between boots, luks not required.
+ # suspend2 users should have initramfs's init handling their swap partition either way.
: ${options:='-c aes -h sha1 -d /dev/urandom'}
: ${pre_mount:='mkswap ${dev}'}
else
return
fi
+ if [ -z "$source" ] && [ ! -e "$source" ]; then
+ ewarn "source \"${source}\" for ${target} missing, skipping..."
+ return
+ fi
+
+ if [[ -n ${loop_file} ]] ; then
+ dev="/dev/mapper/${target}"
+ ebegin " Setting up loop device ${source}"
+ /sbin/losetup ${source} ${loop_file}
+ fi
+
+ # cryptsetup:
+ # luksOpen <device> <name> # <device> is $source
+ # create <name> <device> # <name> is $target
+ local arg1="create" arg2="$target" arg3="$source" luks=0
+
+ cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="$source"; arg3="$target"; luks=1; }
if /bin/cryptsetup status ${target} | egrep -q '\<active:' ; then
einfo "dm-crypt mapping ${target} is already configured"
return
fi
-
- splash svc_input_begin checkfs
+ # Handle keys
+ if [ -n "$key" ]; then
+ # Notes: sed not used to avoid case where /usr partition is encrypted.
+ mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg
+ key=${key/:*/}
+ case "$mode" in
+ gpg|reg)
+ # handle key on removable device
+ if [ -n "$remdev" ]; then
+ # temp directory to mount removable device
+ local mntrem=/mnt/remdev
+ local c=0 ans
+ for (( i = 0 ; i < 10 ; i++ ))
+ do
+ [ ! -d "$mntrem" ] && mkdir -p ${mntrem} 2>/dev/null >/dev/null
+ if mount -n -o ro ${remdev} ${mntrem} 2>/dev/null >/dev/null ; then
+ sleep 2
+ # keyfile exists?
+ if [ ! -e "${mntrem}${key}" ]; then
+ umount -n ${mntrem} 2>/dev/null >/dev/null
+ rmdir ${mntrem} 2>/dev/null >/dev/null
+ einfo "Cannot find ${key} on removable media."
+ echo -n -e " ${green}*${off} Abort?(${red}yes${off}/${green}no${off})" >/dev/console
+ read ans </dev/console
+ echo >/dev/console
+ [ "$ans" != "yes" ] && { i=0; c=0; } || return
+ else
+ key="${mntrem}${key}"
+ break
+ fi
+ else
+ [ "$c" -eq 0 ] && einfo "Please insert removable device for ${target}"
+ c=1
+ sleep 2
+ # let user abort
+ if [ "$i" -eq 9 ]; then
+ rmdir ${mntrem} 2>/dev/null >/dev/null
+ einfo "Removable device for ${target} not present."
+ echo -n -e " ${green}*${off} Abort?(${red}yes${off}/${green}no${off})" >/dev/console
+ read ans </dev/console
+ echo >/dev/console
+ [ "$ans" != "yes" ] && { i=0; c=0; } || return
+ fi
+ fi
+ done
+ else # keyfile ! on removable device
+ if [ ! -e "$key" ]; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: keyfile ${key} does not exist."
+ return
+ fi
+ fi
+ ;;
+ *)
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: mode ${mode} is invalid."
+ return
+ ;;
+ esac
+ else
+ mode=none
+ fi
+ splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
ebegin "dm-crypt map ${target}"
- if [[ -z ${key} ]] && [[ -z ${type} ]] ; then
- /bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console
- ret=$?
- eend ${ret} "failure running cryptsetup"
- elif [[ -n ${type} ]] ; then
- einfo "/bin/cryptsetup ${options} luksOpen ${source} ${target}"
- /bin/cryptsetup ${options} luksOpen ${source} ${target} >/dev/console </dev/console
- #/bin/cryptsetup ${options} luksOpen ${source} ${target}
- ret=$?
- eend ${ret} "failure running cryptsetup-luks"
- elif [[ -n ${key} ]] ; then
+ einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}"
+ if [ "$mode" == "gpg" ]; then
+ : ${gpg_options:='-q -d'}
+ # gpg available ?
if type -p gpg >/dev/null ; then
- ret=1
- while [[ ${ret} -gt 0 ]] ; do
- keystring=$(gpg ${gpg_options} ${key} 2>/dev/null </dev/console)
- if [[ -z ${keystring} ]] ; then
- ret=5
- else
- echo ${keystring} | /bin/cryptsetup ${options} create ${target} ${source}
- ret=$?
- fi
+ for (( i = 0 ; i < 3 ; i++ ))
+ do
+ # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
+ # save stdin stdout stderr "values"
+ exec 3>&0 4>&1 6>&2 # ABS says fd 5 is reserved
+ exec &>/dev/console </dev/console
+ gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3}
+ ret="$?"
+ # restore values and close file descriptors
+ exec 0>&3 1>&4 2>&6
+ exec 3>&- 4>&- 6>&-
+ [ "$ret" -eq 0 ] && break
done
- eend ${ret}
+ eend "${ret}" "failure running cryptsetup"
+ else
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: cannot find gpg application."
+ einfo "You have to install app-crypt/gnupg first."
+ einfo "If you have /usr on its own partition, try copying gpg to /bin ."
+ fi
+ else
+ if [ "$mode" == "reg" ]; then
+ cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} >/dev/console </dev/console
+ ret="$?"
+ eend "${ret}" "failure running cryptsetup"
else
- einfo "You have to install app-crypt/gnupg first"
+ cryptsetup ${options} ${arg1} ${arg2} ${arg3} >/dev/console </dev/console
+ ret="$?"
+ eend "${ret}" "failure running cryptsetup"
fi
fi
- splash svc_input_end checkfs
+ if [ -d "$mntrem" ]; then
+ umount -n ${mntrem} 2>/dev/null >/dev/null
+ rmdir ${mntrem} 2>/dev/null >/dev/null
+ fi
+ splash svc_input_end ${SVCNAME} >/dev/null 2>&1
if [[ ${ret} != 0 ]] ; then
cryptfs_status=1
@@ -78,14 +167,10 @@ dm-crypt-execute-checkfs() {
# Run any post_mount commands for an individual mount
#
# Note: This relies on variables localized in the main body below.
-dm-crypt-execute-localmount() {
- local mount_point target
+dm_crypt_execute_localmount() {
+ local mount_point
- if [[ -n ${mount} && -n ${post_mount} ]] ; then
- target=${mount}
- else
- return
- fi
+ [ -z "$target" ] && [ -z "$post_mount" ] && return
if ! /bin/cryptsetup status ${target} | egrep -q '\<active:' ; then
ewarn "Skipping unmapped target ${target}"
@@ -106,47 +191,49 @@ dm-crypt-execute-localmount() {
fi
}
-local cryptfs_status=0
-local gpg_options key loop_file mount mountline options pre_mount post_mount source swap type
+local cryptfs_status=0
+local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /bin/cryptsetup ]] ; then
ebegin "Setting up dm-crypt mappings"
- while read mountline ; do
+ # Fix for baselayout-1.12.10 (bug 174256)
+ [ -z ${SVCNAME} ] && SVCNAME="${myservice}"
+
+ while read targetline ; do
# skip comments and blank lines
- [[ ${mountline}\# == \#* ]] && continue
+ [[ ${targetline}\# == \#* ]] && continue
- # check for the start of a new mount/swap
- case ${mountline} in
- mount=*|swap=*)
- # If we have a mount queued up, then execute it
- dm-crypt-execute-${myservice}
+ # check for the start of a new target/swap
+ case ${targetline} in
+ target=*|swap=*)
+ # If we have a target queued up, then execute it
+ dm_crypt_execute_${SVCNAME}
- # Prepare for the next mount/swap by resetting variables
- unset gpg_options key loop_file mount options pre_mount post_mount source swap type
+ # Prepare for the next target/swap by resetting variables
+ unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
;;
- gpg_options=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*|type=*)
- if [[ -z ${mount} && -z ${swap} ]] ; then
- ewarn "Ignoring setting outside mount/swap section: ${mountline}"
+ gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)
+ if [[ -z ${target} && -z ${swap} ]] ; then
+ ewarn "Ignoring setting outside target/swap section: ${targetline}"
continue
fi
;;
*)
- ewarn "Skipping invalid line in /etc/conf.d/cryptfs: ${mountline}"
+ ewarn "Skipping invalid line in /etc/conf.d/cryptfs: ${targetline}"
;;
esac
- # Queue this setting for the next call to dm-crypt-execute-${myservice}
- eval "${mountline}"
+ # Queue this setting for the next call to dm_crypt_execute_${SVCNAME}
+ eval "${targetline}"
done < /etc/conf.d/cryptfs
- # If we have a mount queued up, then execute it
- dm-crypt-execute-${myservice}
+ # If we have a target queued up, then execute it
+ dm_crypt_execute_${SVCNAME}
ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
fi
-
# vim:ts=4