Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- PREREQ="cryptroot-prepare"
- #
- # Standard initramfs preamble
- #
- prereqs()
- {
- # Make sure that cryptroot is run last in local-top
- for req in $(dirname $0)/*; do
- script=${req##*/}
- if [ $script != cryptroot ]; then
- echo $script
- fi
- done
- }
- case $1 in
- prereqs)
- prereqs
- exit 0
- ;;
- esac
- # source for log_*_msg() functions, see LP: #272301
- . /scripts/functions
- #
- # Helper functions
- #
- message()
- {
- if [ -x /bin/plymouth ] && plymouth --ping; then
- plymouth message --text="$@"
- else
- echo "$@" >&2
- fi
- return 0
- }
- udev_settle()
- {
- # Wait for udev to be ready, see https://launchpad.net/bugs/85640
- if command -v udevadm >/dev/null 2>&1; then
- udevadm settle --timeout=30
- elif command -v udevsettle >/dev/null 2>&1; then
- udevsettle --timeout=30
- fi
- return 0
- }
- parse_options()
- {
- local cryptopts
- cryptopts="$1"
- if [ -z "$cryptopts" ]; then
- return 1
- fi
- # Defaults
- cryptcipher=aes-cbc-essiv:sha256
- cryptsize=256
- crypthash=ripemd160
- crypttarget=cryptroot
- cryptsource=""
- cryptlvm=""
- cryptkeyscript=""
- cryptkey="" # This is only used as an argument to an eventual keyscript
- crypttries=3
- cryptrootdev=""
- cryptdiscard=""
- CRYPTTAB_OPTIONS=""
- local IFS=" ,"
- for x in $cryptopts; do
- case $x in
- hash=*)
- crypthash=${x#hash=}
- ;;
- size=*)
- cryptsize=${x#size=}
- ;;
- cipher=*)
- cryptcipher=${x#cipher=}
- ;;
- target=*)
- crypttarget=${x#target=}
- export CRYPTTAB_NAME="$crypttarget"
- ;;
- source=*)
- cryptsource=${x#source=}
- if [ ${cryptsource#UUID=} != $cryptsource ]; then
- cryptsource="/dev/disk/by-uuid/${cryptsource#UUID=}"
- elif [ ${cryptsource#LABEL=} != $cryptsource ]; then
- cryptsource="/dev/disk/by-label/${cryptsource#LABEL=}"
- fi
- export CRYPTTAB_SOURCE="$cryptsource"
- ;;
- lvm=*)
- cryptlvm=${x#lvm=}
- ;;
- keyscript=*)
- cryptkeyscript=${x#keyscript=}
- ;;
- key=*)
- if [ "${x#key=}" != "none" ]; then
- cryptkey=${x#key=}
- fi
- export CRYPTTAB_KEY="$cryptkey"
- ;;
- tries=*)
- crypttries="${x#tries=}"
- case "$crypttries" in
- *[![:digit:].]*)
- crypttries=3
- ;;
- esac
- ;;
- rootdev)
- cryptrootdev="yes"
- ;;
- discard)
- cryptdiscard="yes"
- ;;
- esac
- PARAM="${x%=*}"
- if [ "$PARAM" = "$x" ]; then
- VALUE="yes"
- else
- VALUE="${x#*=}"
- fi
- CRYPTTAB_OPTIONS="$CRYPTTAB_OPTIONS $PARAM"
- eval export CRYPTTAB_OPTION_$PARAM="\"$VALUE\""
- done
- export CRYPTTAB_OPTIONS
- if [ -z "$cryptsource" ]; then
- message "cryptsetup: source parameter missing"
- return 1
- fi
- return 0
- }
- activate_vg()
- {
- # Sanity checks
- if [ ! -x /sbin/lvm ]; then
- message "cryptsetup: lvm is not available"
- return 1
- fi
- # Detect and activate available volume groups
- /sbin/lvm vgscan
- /sbin/lvm vgchange -a y --sysinit
- return $?
- }
- activate_evms()
- {
- local dev module
- # Sanity checks
- if [ ! -x /sbin/evms_activate ]; then
- message "cryptsetup: evms_activate is not available"
- return 1
- fi
- # Load modules used by evms
- for module in dm-mod linear raid0 raid1 raid10 raid5 raid6; do
- modprobe -q $module
- done
- # Activate it
- /sbin/evms_activate
- return $?
- }
- setup_mapping()
- {
- local opts count cryptcreate cryptremove NEWROOT
- opts="$1"
- if [ -z "$opts" ]; then
- return 0
- fi
- parse_options "$opts" || return 1
- if [ -n "$cryptkeyscript" ] && ! type "$cryptkeyscript" >/dev/null; then
- message "cryptsetup: error - script \"$cryptkeyscript\" missing"
- return 1
- fi
- # The same target can be specified multiple times
- # e.g. root and resume lvs-on-lvm-on-crypto
- if [ -e "/dev/mapper/$crypttarget" ]; then
- return 0
- fi
- modprobe -q dm_crypt
- # Make sure the cryptsource device is available
- if [ ! -e $cryptsource ]; then
- activate_vg
- activate_evms
- fi
- # If the encrypted source device hasn't shown up yet, give it a
- # little while to deal with removable devices
- # the following lines below have been taken from
- # /usr/share/initramfs-tools/scripts/local, as suggested per
- # https://launchpad.net/bugs/164044
- if [ ! -e "$cryptsource" ]; then
- log_begin_msg "Waiting for encrypted source device..."
- # Default delay is 180s
- if [ -z "${ROOTDELAY}" ]; then
- slumber=180
- else
- slumber=${ROOTDELAY}
- fi
- slumber=$(( ${slumber} * 10 ))
- while [ ! -e "$cryptsource" ]; do
- /bin/sleep 0.1
- slumber=$(( ${slumber} - 1 ))
- [ ${slumber} -gt 0 ] || break
- done
- if [ ${slumber} -gt 0 ]; then
- log_end_msg 0
- else
- log_end_msg 1 || true
- fi
- fi
- udev_settle
- # We've given up, but we'll let the user fix matters if they can
- while [ ! -e "${cryptsource}" ]; do
- echo " Check cryptopts=source= bootarg: cat /proc/cmdline"
- echo " or missing modules, devices: cat /proc/modules; ls /dev"
- panic -r "ALERT! ${cryptsource} does not exist. Dropping to a shell!"
- done
- # Prepare commands
- cryptcreate="/sbin/cryptsetup -T 1"
- if [ "$cryptdiscard" = "yes" ]; then
- cryptcreate="$cryptcreate --allow-discards"
- fi
- if /sbin/cryptsetup isLuks $cryptsource >/dev/null 2>&1; then
- cryptcreate="$cryptcreate luksOpen $cryptsource $crypttarget"
- else
- cryptcreate="$cryptcreate -c $cryptcipher -s $cryptsize -h $crypthash create $crypttarget $cryptsource"
- fi
- cryptremove="/sbin/cryptsetup remove $crypttarget"
- NEWROOT="/dev/mapper/$crypttarget"
- # Try to get a satisfactory password $crypttries times
- count=0
- while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do
- count=$(( $count + 1 ))
- if [ $count -gt 1 ]; then
- /bin/sleep 3
- fi
- if [ -z "$cryptkeyscript" ]; then
- cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
- if [ -x /bin/plymouth ] && plymouth --ping; then
- cryptkeyscript="plymouth ask-for-password --prompt"
- cryptkey=$(printf "$cryptkey")
- else
- cryptkeyscript="/lib/cryptsetup/askpass"
- fi
- fi
- if [ ! -e "$NEWROOT" ]; then
- if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \
- $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then
- message "cryptsetup: cryptsetup failed, bad password or options?"
- continue
- fi
- fi
- if [ ! -e "$NEWROOT" ]; then
- message "cryptsetup: unknown error setting up device mapping"
- return 1
- fi
- #FSTYPE=''
- #eval $(fstype < "$NEWROOT")
- FSTYPE="$(blkid -s TYPE -o value "$NEWROOT")"
- # See if we need to setup lvm on the crypto device
- #if [ "$FSTYPE" = "lvm" ] || [ "$FSTYPE" = "lvm2" ]; then
- if [ "$FSTYPE" = "LVM_member" ] || [ "$FSTYPE" = "LVM2_member" ]; then
- if [ -z "$cryptlvm" ]; then
- message "cryptsetup: lvm fs found but no lvm configured"
- return 1
- elif ! activate_vg; then
- # disable error message, LP: #151532
- #message "cryptsetup: failed to setup lvm device"
- return 1
- fi
- NEWROOT=${cmdline_root:-/dev/mapper/$cryptlvm}
- if [ "$cryptrootdev" = "yes" ]; then
- # required for lilo to find the root device
- echo "ROOT=$NEWROOT" >>/conf/param.conf
- fi
- eval $(fstype < "$NEWROOT")
- fi
- #if [ -z "$FSTYPE" ] || [ "$FSTYPE" = "unknown" ]; then
- if [ -z "$FSTYPE" ]; then
- message "cryptsetup: unknown fstype, bad password or options?"
- udev_settle
- $cryptremove
- continue
- fi
- message "cryptsetup: $crypttarget set up successfully"
- break
- done
- if [ $crypttries -gt 0 ] && [ $count -gt $crypttries ]; then
- message "cryptsetup: maximum number of tries exceeded for $crypttarget"
- return 1
- fi
- udev_settle
- return 0
- }
- #
- # Begin real processing
- #
- # Do we have any kernel boot arguments?
- cmdline_cryptopts=''
- unset cmdline_root
- for opt in $(cat /proc/cmdline); do
- case $opt in
- cryptopts=*)
- opt="${opt#cryptopts=}"
- if [ -n "$opt" ]; then
- if [ -n "$cmdline_cryptopts" ]; then
- cmdline_cryptopts="$cmdline_cryptopts $opt"
- else
- cmdline_cryptopts="$opt"
- fi
- fi
- ;;
- root=*)
- opt="${opt#root=}"
- case $opt in
- /*) # Absolute path given. Not lilo major/minor number.
- cmdline_root=$opt
- ;;
- *) # lilo major/minor number (See #398957). Ignore
- esac
- ;;
- esac
- done
- if [ -n "$cmdline_cryptopts" ]; then
- # Call setup_mapping separately for each possible cryptopts= setting
- for cryptopt in $cmdline_cryptopts; do
- setup_mapping "$cryptopt"
- done
- exit 0
- fi
- # Do we have any settings from the /conf/conf.d/cryptroot file?
- if [ -r /conf/conf.d/cryptroot ]; then
- while read mapping <&3; do
- setup_mapping "$mapping" 3<&-
- done 3< /conf/conf.d/cryptroot
- fi
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement