%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/cryptsetup/
Upload File :
Create Path :
Current File : //lib/cryptsetup/cryptdisks-functions

#
# This file is for inclusion with
#    . /lib/cryptsetup/cryptdisks-functions
# and should not be executed directly.

PATH="/usr/sbin:/usr/bin:/sbin:/bin"
CRYPTDISKS_ENABLE="Yes"

#set -x

# Sanity check #1
[ -x /sbin/cryptsetup ] || exit 0

. /lib/lsb/init-functions
. /lib/cryptsetup/functions

if [ -r /etc/default/cryptdisks ]; then
    . /etc/default/cryptdisks
fi

MOUNT="$CRYPTDISKS_MOUNT"


# do_start()
#   Unlock all devices in the crypttab(5)
do_start() {
    [ -s "$TABFILE" ] || return 0

    # Create locking directory before invoking cryptsetup(8) to avoid warnings
    mkdir -pm0700 /run/cryptsetup
    modprobe -qb dm-mod || true
    modprobe -qb dm-crypt || true
    dmsetup mknodes >/dev/null 2>&1 || true

    if [ "$INITSTATE" != "init" ]; then
        log_action_begin_msg "Starting $INITSTATE crypto disks"
    fi
    mount_fs

    crypttab_foreach_entry _do_start_callback

    umount_fs
    log_action_end_msg 0
}
_do_start_callback() {
    setup_mapping || log_action_end_msg $?
}

# mount_fs()
#   Premounts file systems
mount_fs() {
    local point
    MOUNTED=""

    for point in $MOUNT; do
        if mount "$point" >/dev/null; then
            MOUNTED="$MOUNTED $point"
        fi
    done
}

# Postunmounts file systems
umount_fs() {
    local point

    for point in $MOUNTED; do
        umount "$point" >/dev/null
    done
}

# setup_mapping()
#   Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
#   $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
setup_mapping() {
    if dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then
        device_msg "running"
        return 0
    fi

    local loud="${DEFAULT_LOUD:-}"
    crypttab_parse_options --export --missing-path=fail || return 1
    if [ -n "${CRYPTTAB_OPTION_quiet+x}" ]; then
        loud="no"
    elif [ -n "${CRYPTTAB_OPTION_loud+x}" ]; then
        loud="yes"
    fi

    if [ -z "${FORCE_START-}" ]; then
        if [ "$INITSTATE" = "early" -a -n "${CRYPTTAB_OPTION_noearly+x}" ] ||
                [ "$INITSTATE" != "manual" -a -n "${CRYPTTAB_OPTION_noauto+x}" ]; then
            device_msg "ignored"
            return 0
        fi
    fi

    if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
        if ! crypttab_key_check; then
            device_msg "invalid key"
            return 1
        fi
        CRYPTTAB_OPTION_tries=1
    fi

    if ! crypttab_resolve_source; then
        if [ "$loud" = "yes" ]; then
            device_msg "skipped, device $CRYPTTAB_SOURCE does not exist"
        fi
        return 1
    fi
    device_msg "starting"

    local offset_bytes=""
    if [ -n "${CRYPTTAB_OPTION_offset+x}" ] && [ ${#CRYPTTAB_OPTION_offset} -le 7 ] && [ $CRYPTTAB_OPTION_offset -lt 4194304 ]; then
        # silently ignore large offset values which might cause the multiplication to overflow...
        offset_bytes=$((CRYPTTAB_OPTION_offset * 512))
    fi

    local out tmpdev
    if [ "$CRYPTTAB_TYPE" != "luks" ] && [ "$CRYPTTAB_TYPE" != "bitlk" ]; then
        # fail if the device has a filesystem and the disk encryption format doesn't
        # verify the key digest (unlike LUKS); unless it's swap, otherwise people can't
        # easily convert an existing plainttext swap partition to an encrypted one
        if ! out="$(/lib/cryptsetup/checks/un_blkid "$CRYPTTAB_SOURCE" "" ${CRYPTTAB_OPTION_offset+"$offset_bytes"} 2>/dev/null)" &&
                ! /lib/cryptsetup/checks/blkid "$CRYPTTAB_SOURCE" swap ${CRYPTTAB_OPTION_offset+"$offset_bytes"} >/dev/null; then
            log_warning_msg "$CRYPTTAB_NAME: the precheck for '$CRYPTTAB_SOURCE' failed: $out"
            return 1
        fi
    fi

    local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype rv
    local target="$CRYPTTAB_NAME"
    CRYPTTAB_NAME="${CRYPTTAB_NAME}_unformatted" # XXX potential conflict
    while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
        if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
            # unlock via keyfile
            unlock_mapping "$CRYPTTAB_KEY"
        else
            # unlock interactively or via keyscript
            CRYPTTAB_NAME="$target" run_keyscript "$count" | unlock_mapping
        fi
        rv=$?
        count=$(( $count + 1 ))

        if [ $rv -ne 0 ] || ! tmpdev="$(dm_blkdevname "$CRYPTTAB_NAME")"; then
            continue
        fi
        if [ -n "${CRYPTTAB_OPTION_check+x}" ] && \
                ! "$CRYPTTAB_OPTION_check" "$tmpdev" ${CRYPTTAB_OPTION_checkargs+"$CRYPTTAB_OPTION_checkargs"}; then
            log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed"
            cryptsetup remove -- "$CRYPTTAB_NAME"
            continue
        fi
        if [ "${CRYPTTAB_OPTION_swap+x}" ]; then
            if out="$(/lib/cryptsetup/checks/un_blkid "$tmpdev" "" ${CRYPTTAB_OPTION_offset+"$offset_bytes"} 2>/dev/null)" ||
                    /lib/cryptsetup/checks/blkid "$tmpdev" swap ${CRYPTTAB_OPTION_offset+"$offset_bytes"} >/dev/null 2>&1; then
                mkswap "$tmpdev" >/dev/null 2>&1
            else
                log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed. $CRYPTTAB_NAME contains data: $out"
                cryptsetup remove -- "$CRYPTTAB_NAME"
                return 1
            fi
        elif [ "${CRYPTTAB_OPTION_tmp+x}" ]; then
            local tmpdir="$(mktemp --tmpdir="/run/cryptsetup" --directory)" rv=0
            if ! mkfs -t "$CRYPTTAB_OPTION_tmp" -q "$tmpdev" >/dev/null 2>&1 ||
                    ! mount -t "$CRYPTTAB_OPTION_tmp" "$tmpdev" "$tmpdir" ||
                    ! chmod 1777 "$tmpdir"; then
                rv=1
            fi
            umount "$tmpdir" || true
            rmdir "$tmpdir" || true
            [ $rv -eq 0 ] || return $rv
        fi
        if command -v udevadm >/dev/null 2>&1; then
            udevadm settle
        fi
        dmsetup rename -- "$CRYPTTAB_NAME" "$target"
        device_msg "$target" "started"
        return 0
    done
    device_msg "$target" "failed"
    return 1
}

# Removes all mappings in crypttab, except the ones holding the root
# file system or /usr
do_stop() {
    local devno_rootfs devno_usr
    dmsetup mknodes
    log_action_begin_msg "Stopping $INITSTATE crypto disks"

    devno_rootfs="$(get_mnt_devno /)" || devno_rootfs=""
    devno_usr="$(get_mnt_devno /usr)" || devno_usr=""

    crypttab_foreach_entry _do_stop_callback
    log_action_end_msg 0
}
_do_stop_callback() {
    local i rv=0 skip="n"

    # traverse the device tree for each crypttab(5) entry, that's
    # suboptimal but we can't use mapped device names as they might
    # contain any character other than NUL.  shouldn't be much overhead
    # anyway as the device tree is likely not that long
    foreach_cryptdev _do_stop_skipped $devno_rootfs $devno_usr

    if [ "$skip" = "n" ]; then
        for i in 1 2 4 8 16 32; do
            remove_mapping "$CRYPTTAB_NAME" 3<&- && break || rv=$?
            if [ $rv -eq 1 ] || [ $rv -eq 2 -a $i -gt 16 ]; then
                log_action_end_msg $rv
                break
            fi
            log_action_cont_msg "$CRYPTTAB_NAME busy..."
            sleep $i
        done
    fi
}
_do_stop_skipped() {
    if [ "$1" = "$CRYPTTAB_NAME" ]; then
        skip="y"
    fi
}

# device_msg([$name], $message)
#   Convenience function to handle $VERBOSE
device_msg() {
    local name message
    if [ $# -eq 1 ]; then
        name="$CRYPTTAB_NAME"
        message="$1"
    else
        name="$1"
        message="$2"
    fi

    if [ "$VERBOSE" != "no" ]; then
        log_action_cont_msg "$name ($message)"
    fi
}

# remove_mapping($target)
#   Remove mapping $target
remove_mapping() {
    local CRYPTTAB_NAME="$1"

    if ! dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then
        device_msg "stopped"
        return 0
    fi

    if [ "$(dmsetup info --noheadings -c -o subsystem -- "$CRYPTTAB_NAME")" != "CRYPT" ]; then
        device_msg "error"
        return 1
    fi

    local opencount="$(dmsetup info -c --noheadings -o open -- "$CRYPTTAB_NAME" 2>/dev/null || true)"
    if [ -z "$opencount" ]; then
        device_msg "error"
        return 1
    elif [ "$opencount" != "0" ]; then
        device_msg "busy"
        if [ "$INITSTATE" = "early" ] || [ "$INITSTATE" = "manual" ]; then
            return 1
        elif [ "$INITSTATE" = "remaining" ]; then
            return 2
        fi
        return 0
    fi

    if cryptsetup remove -- "$CRYPTTAB_NAME"; then
        device_msg "stopping"
        return 0
    else
        device_msg "error"
        return 1
    fi
}

# vim: set filetype=sh :

Zerion Mini Shell 1.0