Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Sorry for the long delay. You can now install cryptsetup-modified-functions in beowulf to correct the problem. The package is now in beowulf-proposed-updates.
- Download and install the package:
- https://pkgmaster.devuan.org/devuan/poo … n1_all.deb
- Or add beowulf-proposed-updates to sources.list:
- deb http://deb.devuan.org/merged beowulf-proposed-updates main
- #
- # This file is for inclusion with
- # . /lib/cryptsetup/cryptdisks-functions
- # and should not be executed directly.
- PATH="/usr/sbin:/usr/bin:/sbin:/bin"
- CRYPTDISKS_ENABLE="Yes"
- #set -x
- # Sanity check #1
- [ -x /sbin/cryptsetup ] || exit 0
- . /lib/lsb/init-functions
- . /lib/cryptsetup/functions
- if [ -r /etc/default/cryptdisks ]; then
- . /etc/default/cryptdisks
- fi
- MOUNT="$CRYPTDISKS_MOUNT"
- # do_start()
- # Unlock all devices in the crypttab(5)
- do_start() {
- [ -s "$TABFILE" ] || return 0
- # Create locking directory before invoking cryptsetup(8) to avoid warnings
- mkdir -pm0700 /run/cryptsetup
- modprobe -qb dm-mod || true
- modprobe -qb dm-crypt || true
- dmsetup mknodes >/dev/null 2>&1 || true
- if [ "$INITSTATE" != "init" ]; then
- log_action_begin_msg "Starting $INITSTATE crypto disks"
- fi
- mount_fs
- crypttab_foreach_entry _do_start_callback
- umount_fs
- log_action_end_msg 0
- }
- _do_start_callback() {
- setup_mapping || log_action_end_msg $?
- }
- # mount_fs()
- # Premounts file systems
- mount_fs() {
- local point
- MOUNTED=""
- for point in $MOUNT; do
- if mount "$point" >/dev/null; then
- MOUNTED="$MOUNTED $point"
- fi
- done
- }
- # Postunmounts file systems
- umount_fs() {
- local point
- for point in $MOUNTED; do
- umount "$point" >/dev/null
- done
- }
- # setup_mapping()
- # Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
- # $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
- setup_mapping() {
- if dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then
- device_msg "running"
- return 0
- fi
- local loud="${DEFAULT_LOUD:-}"
- crypttab_parse_options --export --missing-path=fail || return 1
- if [ -n "${CRYPTTAB_OPTION_quiet+x}" ]; then
- loud="no"
- elif [ -n "${CRYPTTAB_OPTION_loud+x}" ]; then
- loud="yes"
- fi
- if [ -n "${CRYPTTAB_OPTION_noearly+x}" ] && [ "$INITSTATE" = "early" ]; then
- [ -z "${FORCE_START-}" ] || device_msg "ignored"
- return 0
- fi
- if [ -n "${CRYPTTAB_OPTION_noauto+x}" ] && [ "$INITSTATE" != "manual" ]; then
- [ -z "${FORCE_START-}" ] || device_msg "ignored"
- return 0
- fi
- if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
- if ! crypttab_key_check; then
- device_msg "invalid key"
- return 1
- fi
- CRYPTTAB_OPTION_tries=1
- fi
- if ! crypttab_resolve_source; then
- if [ "$loud" = "yes" ]; then
- device_msg "skipped, device $CRYPTTAB_SOURCE does not exist"
- fi
- return 1
- fi
- device_msg "starting"
- local out tmpdev
- get_crypt_type # set CRYPTTAB_TYPE to the type of crypt device
- if [ "$CRYPTTAB_TYPE" != "luks" ]; then
- if ! out="$(/lib/cryptsetup/checks/un_blkid "$CRYPTTAB_SOURCE" 2>/dev/null)" &&
- ! /lib/cryptsetup/checks/blkid "$CRYPTTAB_SOURCE" swap >/dev/null; then
- # fail if the device has a filesystem; unless it's swap,
- # otherwise people can't easily convert an existing
- # plainttext swap partition to an encrypted one
- log_warning_msg "$CRYPTTAB_NAME: the precheck for '$CRYPTTAB_SOURCE' failed: $out"
- return 1
- fi
- fi
- local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype rv
- local target="$CRYPTTAB_NAME"
- CRYPTTAB_NAME="${CRYPTTAB_NAME}_unformatted" # XXX potential conflict
- while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
- if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
- # unlock via keyfile
- unlock_mapping "$CRYPTTAB_KEY"
- else
- # unlock interactively or via keyscript
- CRYPTTAB_NAME="$target" run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping
- fi
- rv=$?
- count=$(( $count + 1 ))
- if [ $rv -ne 0 ] || ! tmpdev="$(dm_blkdevname "$CRYPTTAB_NAME")"; then
- continue
- fi
- if [ -n "${CRYPTTAB_OPTION_check+x}" ] && \
- ! "$CRYPTTAB_OPTION_check" "$tmpdev" $CRYPTTAB_OPTION_checkargs ; then
- log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed"
- cryptsetup remove -- "$CRYPTTAB_NAME"
- continue
- fi
- if [ "${CRYPTTAB_OPTION_swap+x}" ]; then
- if out="$(/lib/cryptsetup/checks/un_blkid "$tmpdev" 2>/dev/null)" ||
- /lib/cryptsetup/checks/blkid "$tmpdev" swap >/dev/null 2>&1; then
- mkswap "$tmpdev" >/dev/null 2>&1
- else
- log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed. $CRYPTTAB_NAME contains data: $out"
- cryptsetup remove -- "$CRYPTTAB_NAME"
- return 1
- fi
- elif [ "${CRYPTTAB_OPTION_tmp+x}" ]; then
- local tmpdir="$(mktemp --tmpdir="/run/cryptsetup" --directory)" rv=0
- if ! mkfs -t "$CRYPTTAB_OPTION_tmp" -q "$tmpdev" >/dev/null 2>&1 ||
- ! mount -t "$CRYPTTAB_OPTION_tmp" "$tmpdev" "$tmpdir" ||
- ! chmod 1777 "$tmpdir"; then
- rv=1
- fi
- umount "$tmpdir" || true
- rmdir "$tmpdir" || true
- [ $rv -eq 0 ] || return $rv
- fi
- if command -v udevadm >/dev/null 2>&1; then
- udevadm settle
- fi
- dmsetup rename -- "$CRYPTTAB_NAME" "$target"
- device_msg "$target" "started"
- return 0
- done
- device_msg "$target" "failed"
- return 1
- }
- # Removes all mappings in crypttab
- do_stop() {
- local vgs vg
- dmsetup mknodes
- if [ -x /sbin/lvm ]; then
- vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
- if [ -n "${vgs}" ]; then
- for vg in ${vgs}; do
- /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
- done
- fi
- fi
- log_action_begin_msg "Stopping $INITSTATE crypto disks"
- crypttab_foreach_entry _do_stop_callback
- log_action_end_msg 0
- }
- _do_stop_callback() {
- local rv=0
- remove_mapping "$CRYPTTAB_NAME" 3<&- && break || rv=$?
- log_action_cont_msg "$CRYPTTAB_NAME busy: $rv"
- }
- # device_msg([$name], $message)
- # Convenience function to handle $VERBOSE
- device_msg() {
- local name message
- if [ $# -eq 1 ]; then
- name="$CRYPTTAB_NAME"
- message="$1"
- else
- name="$1"
- message="$2"
- fi
- if [ "$VERBOSE" != "no" ]; then
- log_action_cont_msg "$name ($message)"
- fi
- }
- # remove_mapping($target)
- # Remove mapping $target
- remove_mapping() {
- local CRYPTTAB_NAME="$1"
- if ! dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then
- device_msg "stopped"
- return 0
- fi
- if [ "$(dmsetup info --noheadings -c -o subsystem -- "$CRYPTTAB_NAME")" != "CRYPT" ]; then
- device_msg "error"
- return 1
- fi
- local opencount="$(dmsetup info -c --noheadings -o open -- "$CRYPTTAB_NAME" 2>/dev/null || true)"
- if [ -z "$opencount" ]; then
- device_msg "error"
- return 1
- elif [ "$opencount" != "0" ]; then
- device_msg "busy"
- if [ "$INITSTATE" = "early" ] || [ "$INITSTATE" = "manual" ]; then
- return 1
- elif [ "$INITSTATE" = "remaining" ]; then
- return 2
- fi
- return 0
- fi
- if cryptsetup remove -- "$CRYPTTAB_NAME"; then
- device_msg "stopping"
- return 0
- else
- device_msg "error"
- return 1
- fi
- }
- # vim: set filetype=sh :
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement