#!/bin/sh
-LUKS_RCSID='$Revision$ $Date:: $'
-
# geninitrd mod: cryptsetup luks
USE_LUKS=${USE_LUKS:-yes}
have_luks=no
# device to use for name for cryptsetup luks
-LUKSDEV=""
+LUKSNAME=""
# setup geninitrd module
# @access public
return 1
fi
- if [ ! -e "$node" ]; then
- warn "is_luks(): node $node doesn't exist!"
- return 1
- fi
-
- local dev dm_status dm_name=${node#/dev/mapper/}
+ local dev dm_name=${node#/dev/mapper/}
if [ "$node" = "$dm_name" ]; then
- debug "is_luks: $node is not device mapper name"
+ verbose "is_luks: $node is not device mapper name"
return 1
fi
- dev=$(/sbin/cryptsetup status $dm_name 2>/dev/null | awk '/device:/{print $2}')
+ dev=$(awk -vdm_name="$dm_name" '$1 == dm_name { print $2 }' /etc/crypttab)
if [ "$dev" ]; then
/sbin/cryptsetup isLuks $dev
rc=$?
else
- # If luks partition was activated using old cryptsetup (at initrd level)
- # then "device:" report could be missing from cryptsetup status above.
- # Fallback to dmsetup report in such case.
- dm_status=$(/sbin/dmsetup status --target crypt $dm_name 2>/dev/null)
- if [ -n "$dm_status" ]; then
- rc=0
- else
- rc=1
- fi
+ rc=1
fi
if [ $rc = 0 ]; then
- debug "is_luks: $node is cryptsetup luks"
+ verbose "is_luks: $node is cryptsetup luks"
else
- debug "is_luks: $node is not cryptsetup luks"
+ verbose "is_luks: $node is not cryptsetup luks"
fi
return $rc
}
# @access public
find_modules_luks() {
local devpath="$1"
- local dev
-
- local name=${devpath#/dev/mapper/}
- LUKSDEV=$(/sbin/cryptsetup status $name 2>/dev/null | awk '/device:/{print $2}')
- if [ -z "$LUKSDEV" ]; then
- # could be initialized by old cryptsetup, we need some magic
- vars=$(dmsetup deps lolek_crypt | awk '/dependencies.*(.*)/ { left=index($0, "("); right=index($0, ")"); split(substr($0, left + 1, right - left - 1), A, " *, *") ; print "major=" A[1] "; minor=" A[2] }')
- eval "$vars"
- if [ -n "$major" -a -n "$minor" ] ; then
- LUKSDEV=$(awk "\$1 == $major && \$2 == $minor { print \"/dev/\" \$4 }" /proc/partitions)
- fi
+ local dev=""
- fi
- if [ -z "$LUKSDEV" ]; then
- die "Lost cryptsetup device meanwhile?"
- fi
+ LUKSNAME=${devpath#/dev/mapper/}
find_module "dm-crypt"
find_module "aes"
find_module "cbc"
- have_luks=yes
-
# recurse
- find_modules_for_devpath $LUKSDEV
+ dev=$(awk -vLUKSNAME="$LUKSNAME" '$1 == LUKSNAME { print $2 }' /etc/crypttab)
+ if [ -n "$dev" ]; then
+ find_modules_for_devpath $dev
+ have_luks=yes
+ else
+ die "Cannot find '$LUKSNAME' in /etc/crypttab"
+ fi
}
initrd_gen_devices
# TODO: 'udevadm settle' is called by lukssetup, is udev optional?
- debug "luks: process /etc/crypttab $LUKSDEV"
- luks_crypttab $LUKSDEV
+ verbose "luks: process /etc/crypttab $LUKSNAME"
+ luks_crypttab $LUKSNAME
}
# produce cryptsetup from $name from /etc/crypttab
luks_crypttab() {
- local LUKSDEV="$1"
+ local LUKSNAME="$1"
# copy from /etc/rc.d/init.d/cryptsetup
local dst src key opt mode owner
while read dst src key opt; do
- [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
- [ "$src" != "$LUKSDEV" ] && [ "$(readlink -f $src)" != "$LUKSDEV" ] && continue
+ [ "$dst" != "$LUKSNAME" ] && continue
if [ -n "$key" -a "x$key" != "xnone" ]; then
if test -e "$key" ; then
inst $key $keyfile
fi
- debug "+ cryptsetup ${keyfile:+-d $keyfile} luksOpen '$src' '$dst'"
+ verbose "+ cryptsetup ${keyfile:+-d $keyfile} luksOpen '$src' '$dst'"
add_linuxrc <<-EOF
+ debugshell
+
+ cryptsetup_opt=""
+ if [ "\$DEBUGINITRD" ]; then
+ cryptsetup_opt="--debug"
+ fi
# cryptsetup can be called twice and in case on crypt on lvm only second
# will succeed because there will be no src device in first cryptsetup call
# this can be called multiple times, before lvm and after lvm.
if [ \${luksdev##/dev/disk/by-uuid/} != \${luksdev} ]; then
src_uuid=\${luksdev##/dev/disk/by-uuid/}
while read x y z name; do
- found_uuid=\$(cryptsetup luksUUID /dev/\${name} 2>/dev/null)
+ found_uuid=\$(cryptsetup \$cryptsetup_opt luksUUID /dev/\${name} 2>/dev/null)
if [ "\$found_uuid" = "\$src_uuid" ]; then
luksdev=/dev/\$name
break
fi
if [ -e "\$luksdev" ]; then
- crypt_status=\$(cryptsetup status '$dst')
+ crypt_status=\$(cryptsetup \$cryptsetup_opt status '$dst')
if [ "\${crypt_status%%is inactive.}" != "\$crypt_status" ]; then
# is inactive
- cryptsetup ${keyfile:+-d $keyfile} luksOpen "\$luksdev" '$dst' <&1
+ cryptsetup \$cryptsetup_opt ${keyfile:+-d $keyfile} luksOpen "\$luksdev" '$dst' <&1
fi
fi