2 # cryptsetup functions for rc-scripts
3 # if invoked standalone, processes /etc/cryptab like on boot/shutdown
6 [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" -o "$1" = "/dev/random" ]
9 # Because of a chicken/egg problem, init_crypto must be run twice. /var may be
10 # encrypted but /var/lib/random-seed is needed to initialize swap.
12 local have_random dst src key opt mode owner params makeswap skip arg
13 local param value rc ret mke2fs mdir
15 # call mknodes as the dm node could be missing if device was opened from
17 # XXX: shouldn't udev handle the nodes creation here?
22 while read dst src key opt; do
23 [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
24 [ -b "/dev/mapper/$dst" ] && continue;
25 if [ "$have_random" = 0 ] && key_is_random "$key"; then
28 if [ -n "$key" -a "x$key" != "xnone" ]; then
29 if test -e "$key" ; then
30 mode=$(ls -l "$key" | cut -c 5-10)
31 owner=$(ls -l $key | awk '{ print $3 }')
32 if [ "$mode" != "------" ] && ! key_is_random "$key"; then
33 nls "INSECURE MODE FOR %s" "$key"
36 if [ "$owner" != root ]; then
37 nls "INSECURE OWNER FOR %s" "$key"
41 nls "Key file for %s not found, skipping" "$dst"
51 # Parse the options field, convert to cryptsetup parameters
52 # and contruct the command line
53 while [ -n "$opt" ]; do
62 params="$params -c $value"
63 if [ -z "$value" ]; then
64 nls "%s: no value for cipher option, skipping" "$dst"
69 params="$params -s $value"
70 if [ -z "$value" ]; then
71 nls "%s: no value for size option, skipping" "$dst"
76 params="$params -h $value"
77 if [ -z "$value" ]; then
78 nls "%s: no value for hash option, skipping" "$dst"
93 if [ "$skip" = "yes" ]; then
98 if echo "$src" | grep -q -E "^UUID=" ; then
99 src="/dev/disk/by-uuid/${src##UUID=}"
102 if [ ! -b "$src" ]; then
103 nls "$src: No such device"
108 if /sbin/cryptsetup isLuks "$src" 2>/dev/null; then
109 if key_is_random "$key"; then
110 nls "%s: LUKS requires non-random key, skipping" "$dst"
114 if [ -n "$params" ]; then
115 nls "%s: options are invalid for LUKS partitions, ignoring them" "$dst"
117 /sbin/cryptsetup ${key:+-d $key} luksOpen "$src" "$dst" <&1
119 /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null
122 if [ $rc -ne 0 ]; then
126 if [ -b "/dev/mapper/$dst" ]; then
127 if [ "$makeswap" = "yes" ]; then
128 mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null
130 if [ "$mke2fs" = "yes" ]; then
131 if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \
132 && mdir=$(mktemp -d /tmp/mountXXXXXX); then
133 mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir"
144 local fnval=0 dst src key
145 while read dst src key; do
146 [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
147 if [ -b "/dev/mapper/$dst" ]; then
148 if LC_ALL=C /sbin/dmsetup info "$dst" | grep -q '^Open count: *0$'; then
149 /sbin/cryptsetup remove "$dst"
158 [ -f /etc/crypttab ] || return
160 # if not invoked directly, return to caller
161 case "$0" in *cryptsetup);; *) return;; esac
163 . /etc/rc.d/init.d/functions
166 # See how we were called.
169 show "Starting disk encryption"; started
170 init_crypto 1 && deltext; ok
173 show "Stopping disk encryption"; started
174 halt_crypto && deltext; ok
177 # this is way overkill, but at least we have some status output...
178 if grep -qF dm_crypt /proc/modules; then
179 nls "dm-crypt module is loaded"
181 nls "dm-crypt module is not loaded"
185 msg_usage "$0 {start|stop|status}"
TLD / rc-scripts.git / blob