diff options
author | Mike Auty <ikelos@gentoo.org> | 2007-04-12 10:36:05 +0000 |
---|---|---|
committer | Mike Auty <ikelos@gentoo.org> | 2007-04-12 10:36:05 +0000 |
commit | b1bef5d12ab4cef0ff5d0063076a93230c51b472 (patch) | |
tree | 7af64b59f7fe59ebc64b22c8921d7fbc881e6626 /sys-fs/cryptsetup-luks | |
parent | stable x86, security bug 174206 (diff) | |
download | historical-b1bef5d12ab4cef0ff5d0063076a93230c51b472.tar.gz historical-b1bef5d12ab4cef0ff5d0063076a93230c51b472.tar.bz2 historical-b1bef5d12ab4cef0ff5d0063076a93230c51b472.zip |
Version bump to fix bug 174256 (thanks to UberLord and zzam) and removing old version.
Package-Manager: portage-2.1.2.3
Diffstat (limited to 'sys-fs/cryptsetup-luks')
-rw-r--r-- | sys-fs/cryptsetup-luks/ChangeLog | 10 | ||||
-rw-r--r-- | sys-fs/cryptsetup-luks/Manifest | 44 | ||||
-rw-r--r-- | sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild (renamed from sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild) | 2 | ||||
-rw-r--r-- | sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh | 3 | ||||
-rw-r--r-- | sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r3 (renamed from sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r2) | 0 | ||||
-rw-r--r-- | sys-fs/cryptsetup-luks/files/dm-crypt-start.sh | 229 |
6 files changed, 193 insertions, 95 deletions
diff --git a/sys-fs/cryptsetup-luks/ChangeLog b/sys-fs/cryptsetup-luks/ChangeLog index d3bc21414f83..b5389c128fd0 100644 --- a/sys-fs/cryptsetup-luks/ChangeLog +++ b/sys-fs/cryptsetup-luks/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-fs/cryptsetup-luks # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/ChangeLog,v 1.49 2007/04/11 15:27:55 ikelos Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/ChangeLog,v 1.50 2007/04/12 10:36:05 ikelos Exp $ + +*cryptsetup-luks-1.0.4-r3 (12 Apr 2007) + + 12 Apr 2007; Mike Auty <ikelos@gentoo.org> files/1.0.4-dm-crypt-start.sh, + files/dm-crypt-start.sh, -cryptsetup-luks-1.0.4-r2.ebuild, + +cryptsetup-luks-1.0.4-r3.ebuild: + Version bump to fix bug 174256 (thanks to UberLord and zzam) and removing + old version. *cryptsetup-luks-1.0.4-r2 (11 Apr 2007) diff --git a/sys-fs/cryptsetup-luks/Manifest b/sys-fs/cryptsetup-luks/Manifest index 4cc34bd98314..b73b6906947c 100644 --- a/sys-fs/cryptsetup-luks/Manifest +++ b/sys-fs/cryptsetup-luks/Manifest @@ -13,10 +13,10 @@ AUX 1.0.3-dm-crypt-stop.sh 1021 RMD160 4b4537e0cadf447c1efed6ca8a4478b058e99aad MD5 341064815588da90206d883ed5dc42df files/1.0.3-dm-crypt-stop.sh 1021 RMD160 4b4537e0cadf447c1efed6ca8a4478b058e99aad files/1.0.3-dm-crypt-stop.sh 1021 SHA256 fd8856130104aa37d6941168b299389a47e6760077a9e6d3f86f3301385a4973 files/1.0.3-dm-crypt-stop.sh 1021 -AUX 1.0.4-dm-crypt-start.sh 7274 RMD160 22e364fb7887ed016c02241c078c79c41c373289 SHA1 84ae6918301b9f6f8761d4f500936d390eaeb180 SHA256 a191aa680814eae2f2d5de7694eae4756d44ab78fbcdd254bef05c3d3653a147 -MD5 df7af1ac103b488312891f0e123b4bfb files/1.0.4-dm-crypt-start.sh 7274 -RMD160 22e364fb7887ed016c02241c078c79c41c373289 files/1.0.4-dm-crypt-start.sh 7274 -SHA256 a191aa680814eae2f2d5de7694eae4756d44ab78fbcdd254bef05c3d3653a147 files/1.0.4-dm-crypt-start.sh 7274 +AUX 1.0.4-dm-crypt-start.sh 7363 RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 SHA1 8e872c7a6a7c0cb19518bfc97eddd262565ef5c7 SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f +MD5 d9bb83f14d9e3bc1f2e2ba81c225ce96 files/1.0.4-dm-crypt-start.sh 7363 +RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 files/1.0.4-dm-crypt-start.sh 7363 +SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f files/1.0.4-dm-crypt-start.sh 7363 AUX cryptfs.confd 1548 RMD160 a009482d77e0c467fc9b26bbf7cd0a46ed5eb26e SHA1 a51fd66f741436626706f6221be4709f5b6870ad SHA256 7e6d165edb4e3971d949847629e56849c0839c73f43de07822b4c942171dc16a MD5 6d86b15e07cd0cdf96d8a363b1d778cd files/cryptfs.confd 1548 RMD160 a009482d77e0c467fc9b26bbf7cd0a46ed5eb26e files/cryptfs.confd 1548 @@ -33,10 +33,10 @@ AUX cryptsetup-luks-1.0.3-selinux.patch 418 RMD160 2f0d805d378ce0629e81abf84929b MD5 8e76b60d4e94130170c49c7f32bb2ee6 files/cryptsetup-luks-1.0.3-selinux.patch 418 RMD160 2f0d805d378ce0629e81abf84929bb54a1324e45 files/cryptsetup-luks-1.0.3-selinux.patch 418 SHA256 8203c3c77c5c091103d329f48bba51bfc7e5d6feb8c51348e7b192d2872ac9b3 files/cryptsetup-luks-1.0.3-selinux.patch 418 -AUX dm-crypt-start.sh 4306 RMD160 558705676a62acdaacb1362ad5459c1719f5b247 SHA1 07c4aafe6e0a3defc654215796e22165fbad777e SHA256 48669629db92c204f208406cf5ca78acce9088568e0bc03bba511b38a668b0fc -MD5 c653a0b4ace27569ccc659b7cb43b4a9 files/dm-crypt-start.sh 4306 -RMD160 558705676a62acdaacb1362ad5459c1719f5b247 files/dm-crypt-start.sh 4306 -SHA256 48669629db92c204f208406cf5ca78acce9088568e0bc03bba511b38a668b0fc files/dm-crypt-start.sh 4306 +AUX dm-crypt-start.sh 7363 RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 SHA1 8e872c7a6a7c0cb19518bfc97eddd262565ef5c7 SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f +MD5 d9bb83f14d9e3bc1f2e2ba81c225ce96 files/dm-crypt-start.sh 7363 +RMD160 60b648cbac1f862926b246736bdf497ac99b0eb1 files/dm-crypt-start.sh 7363 +SHA256 fb98766e623233814734c68e89669e5b92461980263d717388d822ce1bfd607f files/dm-crypt-start.sh 7363 AUX dm-crypt-stop.sh 1297 RMD160 aae23fdb24788b31992f61afd750d0be270a586b SHA1 185ac9098155cc4e070a277baca7b29976d68618 SHA256 c160c65b947af563e5e5ee0b090f3d2a4f4097361b1088be05cba3f3461907b7 MD5 a3bb6598f67c8922ccb6576ff256ced0 files/dm-crypt-stop.sh 1297 RMD160 aae23fdb24788b31992f61afd750d0be270a586b files/dm-crypt-stop.sh 1297 @@ -64,18 +64,18 @@ EBUILD cryptsetup-luks-1.0.4-r1.ebuild 2605 RMD160 2e37b32c41ee15c9120f154fab0fc MD5 f36c87aa5faa82b33e8e51c9b1773d0b cryptsetup-luks-1.0.4-r1.ebuild 2605 RMD160 2e37b32c41ee15c9120f154fab0fca5fbc048f91 cryptsetup-luks-1.0.4-r1.ebuild 2605 SHA256 20880e9fd0faeadb1ac41678487a74037ae9542de70fb489a2ef44e574c31f18 cryptsetup-luks-1.0.4-r1.ebuild 2605 -EBUILD cryptsetup-luks-1.0.4-r2.ebuild 2603 RMD160 4909e9f2a36056b9ae31afa286321f64924e5cbf SHA1 7951b5578c1ecd49a9e1cc37cdbb545b244143db SHA256 622ed75b3faf622d0e577a4fe1ad724e8e6f5d6d065052ab5ad6df208699082f -MD5 971f19c2fdc7c7ecdbb190691a8d6344 cryptsetup-luks-1.0.4-r2.ebuild 2603 -RMD160 4909e9f2a36056b9ae31afa286321f64924e5cbf cryptsetup-luks-1.0.4-r2.ebuild 2603 -SHA256 622ed75b3faf622d0e577a4fe1ad724e8e6f5d6d065052ab5ad6df208699082f cryptsetup-luks-1.0.4-r2.ebuild 2603 +EBUILD cryptsetup-luks-1.0.4-r3.ebuild 2603 RMD160 7da653c7523729027d5b744df5eb62e286af8d5e SHA1 71fbdd5090f7f528556e4f85615adc9baa14e078 SHA256 52c9c9845eb9b16ad3033cb20fb46f5dd019ab018ce677399055bfd0874c1830 +MD5 9315dbe340003e48d036ae1ff102a2be cryptsetup-luks-1.0.4-r3.ebuild 2603 +RMD160 7da653c7523729027d5b744df5eb62e286af8d5e cryptsetup-luks-1.0.4-r3.ebuild 2603 +SHA256 52c9c9845eb9b16ad3033cb20fb46f5dd019ab018ce677399055bfd0874c1830 cryptsetup-luks-1.0.4-r3.ebuild 2603 EBUILD cryptsetup-luks-1.0.4.ebuild 2557 RMD160 f0852837246003218baa1a691eb0d0fd7ff451f0 SHA1 23e3159c6c156b004f8611a7eb96413c2e2a03f3 SHA256 9d20d95029a8123d9dc20b05d028103205440aa972cebb39742395ba3a169df4 MD5 8aa10f77a53fabd16359c10bfe57f980 cryptsetup-luks-1.0.4.ebuild 2557 RMD160 f0852837246003218baa1a691eb0d0fd7ff451f0 cryptsetup-luks-1.0.4.ebuild 2557 SHA256 9d20d95029a8123d9dc20b05d028103205440aa972cebb39742395ba3a169df4 cryptsetup-luks-1.0.4.ebuild 2557 -MISC ChangeLog 6993 RMD160 fb739be4733968cdfe99016386866d756262df2e SHA1 6fc7b89c62715a781e6377e00a303267676e4d10 SHA256 28fbef8cc6c6d11f00f50ced77a96328fb0a5b7b8bf92e9ce63267628019639d -MD5 4c5d1e21e66f1aef0724a63da4a317c2 ChangeLog 6993 -RMD160 fb739be4733968cdfe99016386866d756262df2e ChangeLog 6993 -SHA256 28fbef8cc6c6d11f00f50ced77a96328fb0a5b7b8bf92e9ce63267628019639d ChangeLog 6993 +MISC ChangeLog 7299 RMD160 a509cf21ed1bb7e1f33c7458293948ee7f6f3965 SHA1 224cbd8c91566bd247f44e43a73a910c67bbabcb SHA256 6b5be9032bc0d230db543c2f3977d74815f3c9a984463f271969e223a6a7f80b +MD5 1356f68e1b763cf41ae9cb9a1fae85e8 ChangeLog 7299 +RMD160 a509cf21ed1bb7e1f33c7458293948ee7f6f3965 ChangeLog 7299 +SHA256 6b5be9032bc0d230db543c2f3977d74815f3c9a984463f271969e223a6a7f80b ChangeLog 7299 MISC metadata.xml 228 RMD160 4ecb17bc29c5805c7d009098d379f85807f0ff9a SHA1 0f7be0d47f13ff42c97b3787385fe6e1cd9cbfc0 SHA256 157fd3642e30749762584d579cbeb8095379a572897d3f60dc30414cfd0f5c34 MD5 6c788beeca78bd11e5cd6e759e52fadc metadata.xml 228 RMD160 4ecb17bc29c5805c7d009098d379f85807f0ff9a metadata.xml 228 @@ -98,13 +98,13 @@ SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/di MD5 99aa86b96620381c73335d1bc21ddf77 files/digest-cryptsetup-luks-1.0.4-r1 268 RMD160 ba93465625d521cc777c1fbc352c3aec11786eff files/digest-cryptsetup-luks-1.0.4-r1 268 SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/digest-cryptsetup-luks-1.0.4-r1 268 -MD5 99aa86b96620381c73335d1bc21ddf77 files/digest-cryptsetup-luks-1.0.4-r2 268 -RMD160 ba93465625d521cc777c1fbc352c3aec11786eff files/digest-cryptsetup-luks-1.0.4-r2 268 -SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/digest-cryptsetup-luks-1.0.4-r2 268 +MD5 99aa86b96620381c73335d1bc21ddf77 files/digest-cryptsetup-luks-1.0.4-r3 268 +RMD160 ba93465625d521cc777c1fbc352c3aec11786eff files/digest-cryptsetup-luks-1.0.4-r3 268 +SHA256 9c5d89e73392ea18152a5a4d7b1804ed6a57bb5309abfe23e4605210737f6ec9 files/digest-cryptsetup-luks-1.0.4-r3 268 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) -iD8DBQFGHP6Ku7rWomwgFXoRAnQ9AKCD41ZMYae2Kso+OdmZYXznz4YbdQCgskaV -Zik4w0g1KvbbtcsxWvb7BmU= -=cCJ1 +iD8DBQFGHguiu7rWomwgFXoRAvGsAJ96icLsxnlydAtb6Dxi+8XNeQFDyACfR+T3 +9LKzmV6+BbiT/1SXZtzguZ4= +=EnBK -----END PGP SIGNATURE----- diff --git a/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild b/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild index 32e36e709692..77b9fd7c9fa2 100644 --- a/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild +++ b/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r2.ebuild,v 1.1 2007/04/11 15:27:55 ikelos Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/cryptsetup-luks-1.0.4-r3.ebuild,v 1.1 2007/04/12 10:36:05 ikelos Exp $ inherit linux-info eutils flag-o-matic multilib diff --git a/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh b/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh index 01ff7905a076..a1887da8aee6 100644 --- a/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh +++ b/sys-fs/cryptsetup-luks/files/1.0.4-dm-crypt-start.sh @@ -197,6 +197,9 @@ local gpg_options key loop_file target targetline options pre_mount post_mount s if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /bin/cryptsetup ]] ; then ebegin "Setting up dm-crypt mappings" + # Fix for baselayout-1.12.10 (bug 174256) + [ -z ${SVCNAME} ] && SVCNAME="${myservice}" + while read targetline ; do # skip comments and blank lines [[ ${targetline}\# == \#* ]] && continue diff --git a/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r2 b/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r3 index 5941fa96ba5e..5941fa96ba5e 100644 --- a/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r2 +++ b/sys-fs/cryptsetup-luks/files/digest-cryptsetup-luks-1.0.4-r3 diff --git a/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh b/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh index 3d22c95d0def..a1887da8aee6 100644 --- a/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh +++ b/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh @@ -1,67 +1,156 @@ # /lib/rcscripts/addons/dm-crypt-start.sh -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup-luks/files/dm-crypt-start.sh,v 1.2 2005/06/15 09:53:25 strerror Exp $ -# Setup mappings for an individual mount/swap -# -# Note: This relies on variables localized in the main body below. -dm-crypt-execute-checkfs() { - local dev target ret - - if [[ -n ${loop_file} ]] ; then - dev="/dev/mapper/${target}" - ebegin " Setting up loop device ${source}" - /sbin/losetup ${source} ${loop_file} - fi +# For backwards compatability with baselayout < 1.13.0 +dm_crypt_execute_checkfs() { + dm_crypt_execute_volumes +} - if [[ -n ${mount} ]] ; then - target=${mount} - : ${options:='-c aes -h sha1'} - [[ -n ${key} ]] && : ${gpg_options:='-q -d'} - elif [[ -n ${swap} ]] ; then +# Setup mappings for an individual target/swap +# Note: This relies on variables localized in the main body below. +dm_crypt_execute_volumes() { + local dev ret mode + # some colors + local red='\x1b[31;01m' green='\x1b[32;01m' off='\x1b[0;0m' + + if [ -n "$target" ]; then + # let user set options, otherwise leave empty + : ${options:=' '} + elif [ -n "$swap" ]; then target=${swap} + # swap contents do not need to be preserved between boots, luks not required. + # suspend2 users should have initramfs's init handling their swap partition either way. : ${options:='-c aes -h sha1 -d /dev/urandom'} : ${pre_mount:='mkswap ${dev}'} else return fi + if [ -z "$source" ] && [ ! -e "$source" ]; then + ewarn "source \"${source}\" for ${target} missing, skipping..." + return + fi + + if [[ -n ${loop_file} ]] ; then + dev="/dev/mapper/${target}" + ebegin " Setting up loop device ${source}" + /sbin/losetup ${source} ${loop_file} + fi + + # cryptsetup: + # luksOpen <device> <name> # <device> is $source + # create <name> <device> # <name> is $target + local arg1="create" arg2="$target" arg3="$source" luks=0 + + cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="$source"; arg3="$target"; luks=1; } if /bin/cryptsetup status ${target} | egrep -q '\<active:' ; then einfo "dm-crypt mapping ${target} is already configured" return fi - - splash svc_input_begin checkfs + # Handle keys + if [ -n "$key" ]; then + # Notes: sed not used to avoid case where /usr partition is encrypted. + mode=${key/*:/} && ( [ "$mode" == "$key" ] || [ -z "$mode" ] ) && mode=reg + key=${key/:*/} + case "$mode" in + gpg|reg) + # handle key on removable device + if [ -n "$remdev" ]; then + # temp directory to mount removable device + local mntrem=/mnt/remdev + local c=0 ans + for (( i = 0 ; i < 10 ; i++ )) + do + [ ! -d "$mntrem" ] && mkdir -p ${mntrem} 2>/dev/null >/dev/null + if mount -n -o ro ${remdev} ${mntrem} 2>/dev/null >/dev/null ; then + sleep 2 + # keyfile exists? + if [ ! -e "${mntrem}${key}" ]; then + umount -n ${mntrem} 2>/dev/null >/dev/null + rmdir ${mntrem} 2>/dev/null >/dev/null + einfo "Cannot find ${key} on removable media." + echo -n -e " ${green}*${off} Abort?(${red}yes${off}/${green}no${off})" >/dev/console + read ans </dev/console + echo >/dev/console + [ "$ans" != "yes" ] && { i=0; c=0; } || return + else + key="${mntrem}${key}" + break + fi + else + [ "$c" -eq 0 ] && einfo "Please insert removable device for ${target}" + c=1 + sleep 2 + # let user abort + if [ "$i" -eq 9 ]; then + rmdir ${mntrem} 2>/dev/null >/dev/null + einfo "Removable device for ${target} not present." + echo -n -e " ${green}*${off} Abort?(${red}yes${off}/${green}no${off})" >/dev/console + read ans </dev/console + echo >/dev/console + [ "$ans" != "yes" ] && { i=0; c=0; } || return + fi + fi + done + else # keyfile ! on removable device + if [ ! -e "$key" ]; then + ewarn "${source} will not be decrypted ..." + einfo "Reason: keyfile ${key} does not exist." + return + fi + fi + ;; + *) + ewarn "${source} will not be decrypted ..." + einfo "Reason: mode ${mode} is invalid." + return + ;; + esac + else + mode=none + fi + splash svc_input_begin ${SVCNAME} >/dev/null 2>&1 ebegin "dm-crypt map ${target}" - if [[ -z ${key} ]] && [[ -z ${type} ]] ; then - /bin/cryptsetup ${options} create ${target} ${source} >/dev/console </dev/console - ret=$? - eend ${ret} "failure running cryptsetup" - elif [[ -n ${type} ]] ; then - einfo "/bin/cryptsetup ${options} luksOpen ${source} ${target}" - /bin/cryptsetup ${options} luksOpen ${source} ${target} >/dev/console </dev/console - #/bin/cryptsetup ${options} luksOpen ${source} ${target} - ret=$? - eend ${ret} "failure running cryptsetup-luks" - elif [[ -n ${key} ]] ; then + einfo "cryptsetup will be called with : ${options} ${arg1} ${arg2} ${arg3}" + if [ "$mode" == "gpg" ]; then + : ${gpg_options:='-q -d'} + # gpg available ? if type -p gpg >/dev/null ; then - ret=1 - while [[ ${ret} -gt 0 ]] ; do - keystring=$(gpg ${gpg_options} ${key} 2>/dev/null </dev/console) - if [[ -z ${keystring} ]] ; then - ret=5 - else - echo ${keystring} | /bin/cryptsetup ${options} create ${target} ${source} - ret=$? - fi + for (( i = 0 ; i < 3 ; i++ )) + do + # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. + # save stdin stdout stderr "values" + exec 3>&0 4>&1 6>&2 # ABS says fd 5 is reserved + exec &>/dev/console </dev/console + gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3} + ret="$?" + # restore values and close file descriptors + exec 0>&3 1>&4 2>&6 + exec 3>&- 4>&- 6>&- + [ "$ret" -eq 0 ] && break done - eend ${ret} + eend "${ret}" "failure running cryptsetup" + else + ewarn "${source} will not be decrypted ..." + einfo "Reason: cannot find gpg application." + einfo "You have to install app-crypt/gnupg first." + einfo "If you have /usr on its own partition, try copying gpg to /bin ." + fi + else + if [ "$mode" == "reg" ]; then + cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} >/dev/console </dev/console + ret="$?" + eend "${ret}" "failure running cryptsetup" else - einfo "You have to install app-crypt/gnupg first" + cryptsetup ${options} ${arg1} ${arg2} ${arg3} >/dev/console </dev/console + ret="$?" + eend "${ret}" "failure running cryptsetup" fi fi - splash svc_input_end checkfs + if [ -d "$mntrem" ]; then + umount -n ${mntrem} 2>/dev/null >/dev/null + rmdir ${mntrem} 2>/dev/null >/dev/null + fi + splash svc_input_end ${SVCNAME} >/dev/null 2>&1 if [[ ${ret} != 0 ]] ; then cryptfs_status=1 @@ -78,14 +167,10 @@ dm-crypt-execute-checkfs() { # Run any post_mount commands for an individual mount # # Note: This relies on variables localized in the main body below. -dm-crypt-execute-localmount() { - local mount_point target +dm_crypt_execute_localmount() { + local mount_point - if [[ -n ${mount} && -n ${post_mount} ]] ; then - target=${mount} - else - return - fi + [ -z "$target" ] && [ -z "$post_mount" ] && return if ! /bin/cryptsetup status ${target} | egrep -q '\<active:' ; then ewarn "Skipping unmapped target ${target}" @@ -106,47 +191,49 @@ dm-crypt-execute-localmount() { fi } -local cryptfs_status=0 -local gpg_options key loop_file mount mountline options pre_mount post_mount source swap type +local cryptfs_status=0 +local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev if [[ -f /etc/conf.d/cryptfs ]] && [[ -x /bin/cryptsetup ]] ; then ebegin "Setting up dm-crypt mappings" - while read mountline ; do + # Fix for baselayout-1.12.10 (bug 174256) + [ -z ${SVCNAME} ] && SVCNAME="${myservice}" + + while read targetline ; do # skip comments and blank lines - [[ ${mountline}\# == \#* ]] && continue + [[ ${targetline}\# == \#* ]] && continue - # check for the start of a new mount/swap - case ${mountline} in - mount=*|swap=*) - # If we have a mount queued up, then execute it - dm-crypt-execute-${myservice} + # check for the start of a new target/swap + case ${targetline} in + target=*|swap=*) + # If we have a target queued up, then execute it + dm_crypt_execute_${SVCNAME} - # Prepare for the next mount/swap by resetting variables - unset gpg_options key loop_file mount options pre_mount post_mount source swap type + # Prepare for the next target/swap by resetting variables + unset gpg_options key loop_file target options pre_mount post_mount source swap remdev ;; - gpg_options=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*|type=*) - if [[ -z ${mount} && -z ${swap} ]] ; then - ewarn "Ignoring setting outside mount/swap section: ${mountline}" + gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) + if [[ -z ${target} && -z ${swap} ]] ; then + ewarn "Ignoring setting outside target/swap section: ${targetline}" continue fi ;; *) - ewarn "Skipping invalid line in /etc/conf.d/cryptfs: ${mountline}" + ewarn "Skipping invalid line in /etc/conf.d/cryptfs: ${targetline}" ;; esac - # Queue this setting for the next call to dm-crypt-execute-${myservice} - eval "${mountline}" + # Queue this setting for the next call to dm_crypt_execute_${SVCNAME} + eval "${targetline}" done < /etc/conf.d/cryptfs - # If we have a mount queued up, then execute it - dm-crypt-execute-${myservice} + # If we have a target queued up, then execute it + dm_crypt_execute_${SVCNAME} ewend ${cryptfs_status} "Failed to setup dm-crypt devices" fi - # vim:ts=4 |