2 # cryptsetup functions for rc-scripts
3 # if invoked standalone, processes /etc/cryptab like on boot/shutdown
6 [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" -o "$1" = "/dev/random" ]
9 # Because of a chicken/egg problem, init_crypto must be run twice. /var may be
10 # encrypted but /var/lib/random-seed is needed to initialize swap.
12 local have_random dst src key opt mode owner params makeswap skip arg
13 local param value rc ret mke2fs mdir
15 # call mknodes as the dm node could be missing if device was opened from
17 # XXX: shouldn't udev handle the nodes creation here?
22 while read dst src key opt; do
23 [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
24 [ -b "/dev/mapper/$dst" ] && continue;
25 if [ "$have_random" = 0 ] && key_is_random "$key"; then
28 if [ -n "$key" -a "x$key" != "xnone" ]; then
29 if test -e "$key" ; then
30 mode=$(ls -l "$key" | cut -c 5-10)
31 owner=$(ls -l $key | awk '{ print $3 }')
32 if [ "$mode" != "------" ] && ! key_is_random "$key"; then
33 nls "INSECURE MODE FOR %s" "$key"
36 if [ "$owner" != root ]; then
37 nls "INSECURE OWNER FOR %s" "$key"
41 nls "Key file for %s not found, skipping" "$dst"
51 # Parse the options field, convert to cryptsetup parameters
52 # and contruct the command line
53 while [ -n "$opt" ]; do
62 params="$params -c $value"
63 if [ -z "$value" ]; then
64 nls "%s: no value for cipher option, skipping" "$dst"
69 params="$params -s $value"
70 if [ -z "$value" ]; then
71 nls "%s: no value for size option, skipping" "$dst"
76 params="$params -h $value"
77 if [ -z "$value" ]; then
78 nls "%s: no value for hash option, skipping" "$dst"
93 if [ "$skip" = "yes" ]; then
98 if [ ! -b "$src" ]; then
99 nls "$src: No such device"
104 if /sbin/cryptsetup isLuks "$src" 2>/dev/null; then
105 if key_is_random "$key"; then
106 nls "%s: LUKS requires non-random key, skipping" "$dst"
110 if [ -n "$params" ]; then
111 nls "%s: options are invalid for LUKS partitions, ignoring them" "$dst"
113 /sbin/cryptsetup ${key:+-d $key} luksOpen "$src" "$dst" <&1
115 /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null
118 if [ $rc -ne 0 ]; then
122 if [ -b "/dev/mapper/$dst" ]; then
123 if [ "$makeswap" = "yes" ]; then
124 mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null
126 if [ "$mke2fs" = "yes" ]; then
127 if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \
128 && mdir=$(mktemp -d /tmp/mountXXXXXX); then
129 mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir"
140 local fnval=0 dst src key
141 while read dst src key; do
142 [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
143 if [ -b "/dev/mapper/$dst" ]; then
144 if LC_ALL=C /sbin/dmsetup info "$dst" | grep -q '^Open count: *0$'; then
145 /sbin/cryptsetup remove "$dst"
154 [ -f /etc/crypttab ] || return
156 # if not invoked directly, return to caller
157 case "$0" in *cryptsetup);; *) return;; esac
159 . /etc/rc.d/init.d/functions
162 # See how we were called.
165 show "Starting disk encryption"; started
166 init_crypto 1 && deltext; ok
169 show "Stopping disk encryption"; started
170 halt_crypto && deltext; ok
173 # this is way overkill, but at least we have some status output...
174 if grep -qF dm_crypt /proc/modules; then
175 nls "dm-crypt module is loaded"
177 nls "dm-crypt module is not loaded"
181 msg_usage "$0 {start|stop|status}"
TLD / rc-scripts.git / blob