Fixing slow shutdown because of cryptsetup

1. Sorry for the long delay. You can now install cryptsetup-modified-functions in beowulf to correct the problem. The package is now in beowulf-proposed-updates.
2.  
3. Download and install the package:
4. https://pkgmaster.devuan.org/devuan/poo … n1_all.deb
5.  
6. Or add beowulf-proposed-updates to sources.list:
7.  
8. deb http://deb.devuan.org/merged beowulf-proposed-updates main
9.  
10. #
11. # This file is for inclusion with
12. # . /lib/cryptsetup/cryptdisks-functions
13. # and should not be executed directly.
14.  
15. PATH="/usr/sbin:/usr/bin:/sbin:/bin"
16. CRYPTDISKS_ENABLE="Yes"
17.  
18. #set -x
19.  
20. # Sanity check #1
21. [ -x /sbin/cryptsetup ] || exit 0
22.  
23. . /lib/lsb/init-functions
24. . /lib/cryptsetup/functions
25.  
26. if [ -r /etc/default/cryptdisks ]; then
27. . /etc/default/cryptdisks
28. fi
29.  
30. MOUNT="$CRYPTDISKS_MOUNT"
31.  
32.  
33. # do_start()
34. # Unlock all devices in the crypttab(5)
35. do_start() {
36. [ -s "$TABFILE" ] || return 0
37.  
38. # Create locking directory before invoking cryptsetup(8) to avoid warnings
39. mkdir -pm0700 /run/cryptsetup
40. modprobe -qb dm-mod || true
41. modprobe -qb dm-crypt || true
42. dmsetup mknodes >/dev/null 2>&1 || true
43.  
44. if [ "$INITSTATE" != "init" ]; then
45. log_action_begin_msg "Starting $INITSTATE crypto disks"
46. fi
47. mount_fs
48.  
49. crypttab_foreach_entry _do_start_callback
50.  
51. umount_fs
52. log_action_end_msg 0
53. }
54. _do_start_callback() {
55. setup_mapping || log_action_end_msg $?
56. }
57.  
58. # mount_fs()
59. # Premounts file systems
60. mount_fs() {
61. local point
62. MOUNTED=""
63.  
64. for point in $MOUNT; do
65. if mount "$point" >/dev/null; then
66. MOUNTED="$MOUNTED $point"
67. fi
68. done
69. }
70.  
71. # Postunmounts file systems
72. umount_fs() {
73. local point
74.  
75. for point in $MOUNTED; do
76. umount "$point" >/dev/null
77. done
78. }
79.  
80. # setup_mapping()
81. # Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
82. # $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
83. setup_mapping() {
84. if dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then
85. device_msg "running"
86. return 0
87. fi
88.  
89. local loud="${DEFAULT_LOUD:-}"
90. crypttab_parse_options --export --missing-path=fail || return 1
91. if [ -n "${CRYPTTAB_OPTION_quiet+x}" ]; then
92. loud="no"
93. elif [ -n "${CRYPTTAB_OPTION_loud+x}" ]; then
94. loud="yes"
95. fi
96.  
97. if [ -n "${CRYPTTAB_OPTION_noearly+x}" ] && [ "$INITSTATE" = "early" ]; then
98. [ -z "${FORCE_START-}" ] || device_msg "ignored"
99. return 0
100. fi
101. if [ -n "${CRYPTTAB_OPTION_noauto+x}" ] && [ "$INITSTATE" != "manual" ]; then
102. [ -z "${FORCE_START-}" ] || device_msg "ignored"
103. return 0
104. fi
105.  
106. if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
107. if ! crypttab_key_check; then
108. device_msg "invalid key"
109. return 1
110. fi
111. CRYPTTAB_OPTION_tries=1
112. fi
113.  
114. if ! crypttab_resolve_source; then
115. if [ "$loud" = "yes" ]; then
116. device_msg "skipped, device $CRYPTTAB_SOURCE does not exist"
117. fi
118. return 1
119. fi
120. device_msg "starting"
121.  
122. local out tmpdev
123. get_crypt_type # set CRYPTTAB_TYPE to the type of crypt device
124. if [ "$CRYPTTAB_TYPE" != "luks" ]; then
125. if ! out="$(/lib/cryptsetup/checks/un_blkid "$CRYPTTAB_SOURCE" 2>/dev/null)" &&
126. ! /lib/cryptsetup/checks/blkid "$CRYPTTAB_SOURCE" swap >/dev/null; then
127. # fail if the device has a filesystem; unless it's swap,
128. # otherwise people can't easily convert an existing
129. # plainttext swap partition to an encrypted one
130. log_warning_msg "$CRYPTTAB_NAME: the precheck for '$CRYPTTAB_SOURCE' failed: $out"
131. return 1
132. fi
133. fi
134.  
135. local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype rv
136. local target="$CRYPTTAB_NAME"
137. CRYPTTAB_NAME="${CRYPTTAB_NAME}_unformatted" # XXX potential conflict
138. while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
139. if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
140. # unlock via keyfile
141. unlock_mapping "$CRYPTTAB_KEY"
142. else
143. # unlock interactively or via keyscript
144. CRYPTTAB_NAME="$target" run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping
145. fi
146. rv=$?
147. count=$(( $count + 1 ))
148.  
149. if [ $rv -ne 0 ] || ! tmpdev="$(dm_blkdevname "$CRYPTTAB_NAME")"; then
150. continue
151. fi
152. if [ -n "${CRYPTTAB_OPTION_check+x}" ] && \
153. ! "$CRYPTTAB_OPTION_check" "$tmpdev" $CRYPTTAB_OPTION_checkargs ; then
154. log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed"
155. cryptsetup remove -- "$CRYPTTAB_NAME"
156. continue
157. fi
158. if [ "${CRYPTTAB_OPTION_swap+x}" ]; then
159. if out="$(/lib/cryptsetup/checks/un_blkid "$tmpdev" 2>/dev/null)" ||
160. /lib/cryptsetup/checks/blkid "$tmpdev" swap >/dev/null 2>&1; then
161. mkswap "$tmpdev" >/dev/null 2>&1
162. else
163. log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed. $CRYPTTAB_NAME contains data: $out"
164. cryptsetup remove -- "$CRYPTTAB_NAME"
165. return 1
166. fi
167. elif [ "${CRYPTTAB_OPTION_tmp+x}" ]; then
168. local tmpdir="$(mktemp --tmpdir="/run/cryptsetup" --directory)" rv=0
169. if ! mkfs -t "$CRYPTTAB_OPTION_tmp" -q "$tmpdev" >/dev/null 2>&1 ||
170. ! mount -t "$CRYPTTAB_OPTION_tmp" "$tmpdev" "$tmpdir" ||
171. ! chmod 1777 "$tmpdir"; then
172. rv=1
173. fi
174. umount "$tmpdir" || true
175. rmdir "$tmpdir" || true
176. [ $rv -eq 0 ] || return $rv
177. fi
178. if command -v udevadm >/dev/null 2>&1; then
179. udevadm settle
180. fi
181. dmsetup rename -- "$CRYPTTAB_NAME" "$target"
182. device_msg "$target" "started"
183. return 0
184. done
185. device_msg "$target" "failed"
186. return 1
187. }
188.  
189. # Removes all mappings in crypttab
190. do_stop() {
191. local vgs vg
192. dmsetup mknodes
193. if [ -x /sbin/lvm ]; then
194. vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
195. if [ -n "${vgs}" ]; then
196. for vg in ${vgs}; do
197. /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
198. done
199. fi
200. fi
201. log_action_begin_msg "Stopping $INITSTATE crypto disks"
202.  
203. crypttab_foreach_entry _do_stop_callback
204. log_action_end_msg 0
205. }
206.  
207. _do_stop_callback() {
208. local rv=0
209. remove_mapping "$CRYPTTAB_NAME" 3<&- && break || rv=$?
210. log_action_cont_msg "$CRYPTTAB_NAME busy: $rv"
211. }
212.  
213. # device_msg([$name], $message)
214. # Convenience function to handle $VERBOSE
215. device_msg() {
216. local name message
217. if [ $# -eq 1 ]; then
218. name="$CRYPTTAB_NAME"
219. message="$1"
220. else
221. name="$1"
222. message="$2"
223. fi
224.  
225. if [ "$VERBOSE" != "no" ]; then
226. log_action_cont_msg "$name ($message)"
227. fi
228. }
229.  
230. # remove_mapping($target)
231. # Remove mapping $target
232. remove_mapping() {
233. local CRYPTTAB_NAME="$1"
234.  
235. if ! dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then
236. device_msg "stopped"
237. return 0
238. fi
239.  
240. if [ "$(dmsetup info --noheadings -c -o subsystem -- "$CRYPTTAB_NAME")" != "CRYPT" ]; then
241. device_msg "error"
242. return 1
243. fi
244.  
245. local opencount="$(dmsetup info -c --noheadings -o open -- "$CRYPTTAB_NAME" 2>/dev/null || true)"
246. if [ -z "$opencount" ]; then
247. device_msg "error"
248. return 1
249. elif [ "$opencount" != "0" ]; then
250. device_msg "busy"
251. if [ "$INITSTATE" = "early" ] || [ "$INITSTATE" = "manual" ]; then
252. return 1
253. elif [ "$INITSTATE" = "remaining" ]; then
254. return 2
255. fi
256. return 0
257. fi
258.  
259. if cryptsetup remove -- "$CRYPTTAB_NAME"; then
260. device_msg "stopping"
261. return 0
262. else
263. device_msg "error"
264. return 1
265. fi
266. }
267.  
268. # vim: set filetype=sh :
269.