Untitled

#! /bin/bash

#. /etc/rc.conf


#. /etc/rc.d/functions
#=====================================================================================
#!/bin/bash
# initscripts functions
#

# sanitize PATH (will be overridden later when /etc/profile is sourced but is useful for udev)
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# clear the TZ envvar, so daemons always respect /etc/localtime
unset TZ

. /etc/profile.d/locale.sh

if [[ $1 == "start" ]]; then
	if [[ $STARTING ]]; then
		echo "A daemon is starting another daemon; this is unlikely to work as intended."
	else
		export STARTING=1
	fi
fi

# width:
calc_columns () {
	STAT_COL=80
	if [[ ! -t 1 ]]; then
		USECOLOR=""
	elif [[ -t 0 ]]; then
		# stty will fail when stdin isn't a terminal
		STAT_COL=$(stty size)
		# stty gives "rows cols"; strip the rows number, we just want columns
		STAT_COL=${STAT_COL##* }
	elif tput cols &>/dev/null; then
		# is /usr/share/terminfo already mounted, and TERM recognized?
		STAT_COL=$(tput cols)
	fi
	if (( STAT_COL == 0 )); then
		# if output was 0 (serial console), set default width to 80
		STAT_COL=80
		USECOLOR=""
	fi

	# we use 13 characters for our own stuff
	STAT_COL=$(( STAT_COL - 13 ))

	if [[ -t 1 ]]; then
		SAVE_POSITION="\e[s"
		RESTORE_POSITION="\e[u"
		DEL_TEXT="\e[$(( STAT_COL + 4 ))G"
	else
		SAVE_POSITION=""
		RESTORE_POSITION=""
		DEL_TEXT=""
	fi
}

calc_columns

# disable colors on broken terminals
TERM_COLORS=$(tput colors 2>/dev/null)
if (( $? != 3 )); then
	case $TERM_COLORS in
		*[!0-9]*) USECOLOR="";;
		[0-7])    USECOLOR="";;
		'')       USECOLOR="";;
	esac
fi
unset TERM_COLORS

unquote() {
	local -r quotes=$'[\'"]'

	if [[ ${1:0:1} = $quotes && ${1:(-1)} = "${1:0:1}" ]]; then
		printf '%s' "${1:1:(-1)}"
	else
		printf '%s' "$1"
	fi
}

parse_envfile() {
	local file=$1 validkeys=("${@:2}") ret=0 lineno=0 key= val=
	local -r comments=$'[;#]*'

	if [[ -z $file ]]; then
		printf "error: no environment file specified\n"
		return 1
	fi

	if [[ ! -f $file ]]; then
		printf "error: cannot parse \`%s': No such file or directory\n" "$file"
		return 1
	fi

	if [[ ! -r $file ]]; then
		printf "error: cannot read \`%s': Permission denied\n" "$file"
		return 1
	fi

	while IFS='=' read -r key val; do
		(( ++lineno ))

		# trim whitespace, avoiding usage of a tempfile
		key=$(echo "$key" | { read -r key; echo "$key"; })

		# key must exist and line must not be a comment
		[[ -z $key || ${key:0:1} = $comments ]] && continue

		# trim whitespace, strip matching quotes
		val=$(echo "$val" | { read -r val; unquote "$val"; })

		if [[ -z $val ]]; then
			printf "error: found key \`%s' without value on line %s of %s\n" \
					"$key" "$lineno" "$file"
			(( ++ret ))
			continue
		fi

		# ignore invalid keys if we have a list of valid ones
		if (( ${#validkeys[*]} )) && ! in_array "$key" "${validkeys[@]}"; then
			continue
		fi

		export "$key=$val" || (( ++ret ))
	done <"$file"

	return $ret
}

# functions:

deltext() {
	printf "${DEL_TEXT}"
}

print_depr() {
	printf "${C_FAIL} ${1} is deprecated. See ${2} for details.${C_CLEAR} \n"
}

printhl() {
	printf "${C_OTHER}${PREFIX_HL} ${C_H1}${1}${C_CLEAR} \n"
}

printsep() {
	printf "\n${C_SEPARATOR}   ------------------------------\n"
}

stat_bkgd() {
	printf "${C_OTHER}${PREFIX_REG} ${C_MAIN}${1}${C_CLEAR} "
	deltext
	printf "   ${C_OTHER}[${C_BKGD}BKGD${C_OTHER}]${C_CLEAR} \n"
}

stat_busy() {
	printf "${C_OTHER}${PREFIX_REG} ${C_MAIN}${1}${C_CLEAR} "
	printf "${SAVE_POSITION}"
	deltext
	printf "   ${C_OTHER}[${C_BUSY}BUSY${C_OTHER}]${C_CLEAR} "
}

stat_append() {
	printf "${RESTORE_POSITION}"
	printf -- "${C_MAIN}${1}${C_CLEAR}"
	printf "${SAVE_POSITION}"
}

stat_done() {
	deltext
	printf "   ${C_OTHER}[${C_DONE}DONE${C_OTHER}]${C_CLEAR} \n"
}

stat_fail() {
	deltext
	printf "   ${C_OTHER}[${C_FAIL}FAIL${C_OTHER}]${C_CLEAR} \n"
}

stat_die() {
	stat_fail
	exit ${1:-1}
}

status() {
	local quiet
	case $1 in
		-q)
			quiet=1
			;;&
		-v)
			# NOOP: supported for backwards compat
			shift
			;;
	esac
	stat_busy "$1"
	shift
	if (( quiet )); then
		"$@" &>/dev/null
	else
		"$@"
	fi
	local ret=$?
	(( ret == 0 )) && stat_done || stat_fail
	return $ret
}

#  usage : in_array( $needle, $haystack )
# return : 0 - found
#          1 - not found
in_array() {
	local needle=$1; shift
	local item
	for item; do
		[[ $item = "${needle}" ]] && return 0
	done
	return 1 # Not Found
}

# daemons:

add_daemon() {
	[[ -d /run/daemons ]] || mkdir -p /run/daemons
	>| /run/daemons/"$1"
}

rm_daemon() {
	rm -f /run/daemons/"$1"
}

ck_daemon() {
	[[ ! -f /run/daemons/$1 ]]
}

# Check if $1 is a valid daemon name
have_daemon() {
	[[ -f /etc/rc.d/$1 && -x /etc/rc.d/$1 ]]
}

# Check if $1 is started at boot
ck_autostart() {
	local daemon
	for daemon in "${DAEMONS[@]}"; do
		[[ $1 = "${daemon#@}" ]] && return 1
	done
	return 0
}

start_daemon() {
	have_daemon "$1" && /etc/rc.d/"$1" start
}

start_daemon_bkgd() {
	stat_bkgd "Starting $1"
	(start_daemon "$1") >/dev/null &
}

stop_daemon() {
	have_daemon "$1" && /etc/rc.d/"$1" stop
}

# Status functions
status_started() {
	deltext
	echo -ne "$C_OTHER[${C_STRT}STARTED$C_OTHER]$C_CLEAR "
}

status_stopped() {
	deltext
	echo -ne "$C_OTHER[${C_STRT}STOPPED$C_OTHER]$C_CLEAR "
}

ck_status() {
	! ck_daemon "$1" && status_started || status_stopped
}

# Return PID of $1
get_pid() {
	pidof -o %PPID $1 || return 1
}

# Check if PID-file $1 is still the active PID-file for command $2
ck_pidfile() {
	if [[ -f $1 ]]; then
		local fpid ppid
		read -r fpid <"$1"
		ppid=$(get_pid "$2")
		[[ $fpid = "${ppid}" ]] && return 0
	fi
	return 1
}

# PIDs to be omitted by killall5
declare -a omit_pids

add_omit_pids() {
	omit_pids+=( $@ )
}

# Stop all daemons
# This function should *never* ever perform any other actions beside calling stop_daemon()!
# It might be used by a splash system etc. to get a list of daemons to be stopped.
stop_all_daemons() {
	# Find daemons NOT in the DAEMONS array. Shut these down first
	local daemon
	for daemon in /run/daemons/*; do
		[[ -f $daemon ]] || continue
		daemon=${daemon##*/}
		ck_autostart "$daemon" && stop_daemon "$daemon"
	done

	# Shutdown daemons in reverse order
	local i daemon
	for (( i=${#DAEMONS[@]}-1; i>=0; i-- )); do
		[[ ${DAEMONS[i]} = '!'* ]] && continue
		daemon=${DAEMONS[i]#@}
		ck_daemon "$daemon" || stop_daemon "$daemon"
	done
}

# $1 - signal
# $2 - iterations
kill_all_wait() {
	# Send SIGTERM/SIGKILL all processes and wait until killall5
	# reports all done or timeout.
	# Unfortunately killall5 does not support the 0 signal, so just
	# use SIGCONT for checking (which should be ignored).

	local i

	killall5 -${1} ${omit_pids[@]/#/-o } &>/dev/null

	for (( i=0; i<${2}; i++ )); do

		sleep .25 # 1/4 second

		# sending SIGCONT to processes to check if they are there
		killall5 -18 ${omit_pids[@]/#/-o } &>/dev/null

		if (( $? == 2 )); then
			return 0
		fi
	done

	return 1
}

kill_all() {
	stat_busy "Sending SIGTERM to processes"
		kill_all_wait 15 40
		if (( $? == 0 )); then
			stat_done
		else
			stat_fail
			status "Sending SIGKILL to processes" kill_all_wait 9 60
		fi
}

print_welcome() {
	# see os-release(5)
	. /etc/os-release

	echo " "
	printhl "${PRETTY_NAME}\n"
	printhl "${C_H2}${HOME_URL}"
	printsep
}

load_modules() {
	local rc=0

	if [[ $MODULES ]]; then
		print_depr "MODULES=" "rc.conf(5) and modules-load.d(5)"
		/usr/lib/systemd/arch-modules-load
		rc=$?
	fi

	/usr/lib/systemd/systemd-modules-load
	(( rc+=$? ))

	return $rc
}

# Start/trigger udev, load MODULES, and settle udev
udevd_modprobe() {
	# $1 = where we are being called from.
	# This is used to determine which hooks to run.
	status "Starting udev daemon" /usr/lib/systemd/systemd-udevd --daemon

	run_hook "$1_udevlaunched"

	stat_busy "Triggering udev uevents"
		udevadm trigger --action=add --type=subsystems
		udevadm trigger --action=add --type=devices
	stat_done

	# Load modules from the MODULES array and modules-load.d
	status "Loading user-specified modules" load_modules

	status "Waiting for udev uevents to be processed" \
		udevadm settle

	run_hook "$1_udevsettled"

	# in case loading a module changed the display mode
	calc_columns
}

activate_vgs() {
	[[ $USELVM = [yY][eE][sS] && -x $(type -P lvm) && -d /sys/block ]] || return 0
	stat_busy "Activating LVM2 groups"
		vgchange --sysinit -a y >/dev/null
	(( $? == 0 )) && stat_done || stat_fail
}

do_unlock_legacy() {
	# $1 = requested name
	# $2 = source device
	# $3 = password
	# $4 = options
	print_depr "The legacy crypttab format" "crypttab(5)"
	local open=create a=$1 b=$2 failed=0
	# Ordering of options is different if you are using LUKS vs. not.
	# Use ugly swizzling to deal with it.
	# isLuks only gives an exit code but no output to stdout or stderr.
	if cryptsetup isLuks "$2" 2>/dev/null; then
		open=luksOpen
		a=$2
		b=$1
	fi
	case $3 in
		SWAP)
			local _overwriteokay=0
			if [[ -b $2 && -r $2 ]]; then
				# This is DANGEROUS! If there is any known file system,
				# partition table, RAID, or LVM volume on the device,
				# we don't overwrite it.
				#
				# 'blkid' returns 2 if no valid signature has been found.
				# Only in this case should we allow overwriting the device.
				#
				# This sanity check _should_ be sufficient, but it might not.
				# This may cause data loss if it is not used carefully.
				blkid -p "$2" &>/dev/null
				(( $? == 2 )) && _overwriteokay=1
			fi
			if (( _overwriteokay == 0 )); then
				false
			elif cryptsetup -d /dev/urandom $4 $open "$a" "$b" >/dev/null; then
				printf "creating swapspace..\n"
				mkswap -f -L $1 /dev/mapper/$1 >/dev/null
			fi;;
		ASK)
			printf "\nOpening '$1' volume:\n"
			cryptsetup $4 $open "$a" "$b" < /dev/console;;
		/dev*)
			local ckdev=${3%%:*}
			local cka=${3#*:}
			local ckb=${cka#*:}
			local cka=${cka%:*}
			local ckfile=/dev/ckfile
			local ckdir=/dev/ckdir
			case ${cka} in
				*[!0-9]*)
					# Use a file on the device
					# cka is not numeric: cka=filesystem, ckb=path
					mkdir ${ckdir}
					mount -r -t ${cka} ${ckdev} ${ckdir}
					dd if=${ckdir}/${ckb} of=${ckfile} >/dev/null 2>&1
					umount ${ckdir}
					rmdir ${ckdir};;
				*)
					# Read raw data from the block device
					# cka is numeric: cka=offset, ckb=length
					dd if=${ckdev} of=${ckfile} bs=1 skip=${cka} count=${ckb} >/dev/null 2>&1;;
			esac
			cryptsetup -d ${ckfile} $4 $open "$a" "$b" >/dev/null
			dd if=/dev/urandom of=${ckfile} bs=1 count=$(stat -c %s ${ckfile}) conv=notrunc >/dev/null 2>&1
			rm ${ckfile};;
		/*)
			cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;;
		*)
			echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;;
	esac
	return $?
}

do_unlock_systemd() {
	local name=$1 device=$2 password=$3 options=$4 failed=0

	# lazily convert tags to udev symlinks
	case $device in
		UUID=*)
			device=/dev/disk/by-uuid/$(unquote "${device#UUID=}")
			;;
		PARTUUID=*)
			device=/dev/disk/by-partuuid/$(unquote "${device#PARTUUID=}")
			;;
	esac

	if ! /usr/lib/systemd/systemd-cryptsetup attach "$name" "$device" "$password" $options; then
		failed=1
	else
		options=${options//,/ }
		if in_array swap ${options[@]}; then
			# create swap on the device only if no fs signature exists
			blkid -p "$2" &>/dev/null
			if (( $? != 2 )) || ! mkswap -f /dev/mapper/$name >/dev/null; then
				failed=1
			fi
		elif in_array tmp ${options[@]}; then
			# create fs on the device only if no fs signature exists
			blkid -p "$2" &>/dev/null
			if (( $? != 2 )) || ! mke2fs /dev/mapper/$name >/dev/null; then
				failed=1
			fi
		fi
	fi
	return $failed
}

do_unlock() {
	local name=$1 device=$2 password=$3 options=$4

	printf "${C_MAIN}Unlocking $1${C_CLEAR}\n"

	if [[ ${options:0:2} =~ -. ]]; then
		do_unlock_legacy "$name" "$device" "$password" "$options"
		return $?
	fi

	case $password in
		ASK|SWAP)
			do_unlock_legacy "$name" "$device" "$password" "$options"
			;;
		/dev/*)
			if [[ ${password##*:} == $password ]]; then
				do_unlock_systemd "$name" "$device" "$password" "$options"
			else
				do_unlock_legacy "$name" "$device" "$password" "$options"
			fi
			;;
		/*|none|-|'')
			do_unlock_systemd "$name" "$device" "$password" "$options"
			;;
		*)
			do_unlock_legacy "$name" "$device" "$password" "$options"
			;;
	esac
	failed=$?
	if (( $failed )); then
		printf "${C_FAIL}Unlocking of $1 failed.${C_CLEAR}\n"
	fi
	return $?
}

do_lock() {
	status "Detaching encrypted device ${1}" /usr/lib/systemd/systemd-cryptsetup detach "$1" >/dev/null
}

read_crypttab() {
	# $1 = function to call with the split out line from the crypttab
	local line nspo failed=0
	while read line <&3; do
		[[ $line && $line != '#'* ]] || continue
		eval nspo=("${line%#*}")
		if $1 "${nspo[0]}" "${nspo[1]}" "${nspo[2]}" "${nspo[*]:3}"; then
			crypto_unlocked=1
		else
			failed=1
		fi
	done 3< /etc/crypttab
	return $failed
}

set_timezone() {
	local tz=$1 zonefile=/usr/share/zoneinfo/$1

	[[ $tz ]] || return 1

	if [[ ! -e $zonefile ]]; then
		printf "error: \`%s' is not a valid time zone\n" "$tz"
		return 1
	fi

	if [[ -L /etc/localtime && /etc/localtime -ef $zonefile ]]; then
		return 0
	else
		ln -sf "/usr/share/zoneinfo/$tz" /etc/localtime
	fi
}

# Filesystem functions
# These can be overridden/reused for customizations like shutdown/loop-fsck.
NETFS="nfs,nfs4,smbfs,cifs,codafs,ncpfs,shfs,fuse,fuseblk,glusterfs,davfs,fuse.glusterfs"

# Check local filesystems
fsck_all() {
	if [[ -f /forcefsck ]] || in_array forcefsck $(< /proc/cmdline); then
		FORCEFSCK="-f"
	elif [[ -f /fastboot ]] || in_array fastboot $(< /proc/cmdline); then
		return 0
	elif [[ -e /run/initramfs/root-fsck ]]; then
		IGNORE_MOUNTED="-M"
	fi

	fsck -A -T -C${FSCK_FD} -a -t no${NETFS//,/,no},noopts=_netdev ${IGNORE_MOUNTED} -- ${FORCEFSCK}
}

# Single-user login and/or automatic reboot after fsck (if needed)
fsck_reboot() {
	# $1 = exit code returned by fsck
	# Ignore conditions 'FS errors corrected' and 'Cancelled by the user'
	(( ($1 | 33) == 33 )) && return 0
	if (( $1 & 2 )); then
		echo
		echo "********************** REBOOT REQUIRED *********************"
		echo "*                                                          *"
		echo "* The system will be rebooted automatically in 15 seconds. *"
		echo "*                                                          *"
		echo "************************************************************"
		echo
		sleep 15
	else
		echo
		echo "*****************  FILESYSTEM CHECK FAILED  ****************"
		echo "*                                                          *"
		echo "*  Please repair manually and reboot. Note that the root   *"
		echo "*  file system is currently mounted read-only. To remount  *"
		echo "*  it read-write, type: mount -o remount,rw /              *"
		echo "*  When you exit the maintenance shell, the system will    *"
		echo "*  reboot automatically.                                   *"
		echo "*                                                          *"
		echo "************************************************************"
		echo
		sulogin -p
	fi
	echo "Automatic reboot in progress..."
	umount -a
	mount -o remount,ro /
	reboot -f
	exit 0
}

mount_all() {
	mount -a -t "no${NETFS//,/,no}" -O no_netdev
}

umount_all() {
	# $1: restrict to fstype

	findmnt -mrunRo TARGET,FSTYPE,OPTIONS / | {
		while read -r target fstype options; do
			# match only targeted fstypes
			if [[ $1 && $1 != "$fstype" ]]; then
				continue
			fi

			# do not unmount API filesystems
			if [[ $target = /@(proc|sys|run|dev|dev/pts) ]]; then
				continue
			fi

			# avoid networked devices
			IFS=, read -ra opts <<< "$options"
			if in_array _netdev "${opts[@]}"; then
				continue
			fi

			mounts=("$target" "${mounts[@]}")
		done

		if (( ${#mounts[*]} )); then
			umount -r "${mounts[@]}"
		fi
	}

}

remove_leftover() {
	status 'Removing leftover files' systemd-tmpfiles --create --remove --clean
}

bootlogd_stop() {
	[[ -f /run/bootlogd.pid ]] || return 0
	touch /var/log/boot
	kill $(< /run/bootlogd.pid)
	rm -f /run/bootlogd.pid
}

###############################
# Custom hooks in initscripts #
###############################
# Hooks can be used to include custom code in various places in the rc.* scripts
#
# Define a hook function in a functions.d file using:
#  function_name() {
#    ...
#  }
#  add_hook hook_name function_name
# It is allowed to register several hook functions for the same hook
# Is is also allowed to register the same hook function for several hooks
#
# Currently, the following hooks exist:
# sysinit_start: at the beginning of rc.sysinit
# multi_start: at the beginning of rc.multi
# single_start: at the beginning of rc.single
# shutdown_start: at the beginning of rc.shutdown
# sysinit_end: at the end of rc.sysinit
# multi_end: at the end of rc.multi
# single_end: at the end of rc.single
# sysinit_udevlaunched: after udev has been launched in rc.sysinit
# single_udevlaunched: after udev has been launched in rc.single
# sysinit_udevsettled: after uevents have settled in rc.sysinit
# single_udevsettled: after uevents have settled in rc.single
# sysinit_premount: before local filesystems are mounted, but after root is mounted read-write in rc.sysinit
# sysinit_postmount: after local filesystems are mounted
# shutdown_prekillall: before all processes are being killed in rc.shutdown
# single_prekillall: before all processes are being killed in rc.single
# shutdown_postkillall: after all processes have been killed in rc.shutdown
# single_postkillall: after all processes have been killed in rc.single
# shutdown_preumount: after last filesystem write, but before filesystems are unmounted
# shutdown_postumount: after filesystems are unmounted
# shutdown_poweroff: directly before powering off in rc.shutdown
#
# Declare add_hook and run_hook as read-only to prevent overwriting them.
# Too bad we cannot do the same thing with hook_funcs

if (( RC_FUNCTIONS_HOOK_FUNCS_DEFINED != 1 )); then
	declare -A hook_funcs

	add_hook() {
		[[ $1 && $2 ]] || return 1
		hook_funcs[$1]+=" $2"
	}

	run_hook() {
		[[ $1 ]] || return 1
		local func
		for func in ${hook_funcs["$1"]}; do
			"${func}"
		done
	}

	declare -fr add_hook run_hook
	declare -r RC_FUNCTIONS_HOOK_FUNCS_DEFINED=1
fi

# set colors
if [[ $USECOLOR != [nN][oO] ]]; then
	if tput setaf 0 &>/dev/null; then
		C_CLEAR=$(tput sgr0)                      # clear text
		C_MAIN=${C_CLEAR}$(tput bold)        # main text
		C_OTHER=${C_MAIN}$(tput setaf 4)     # prefix & brackets
		C_SEPARATOR=${C_MAIN}$(tput setaf 0) # separator
		C_BUSY=${C_CLEAR}$(tput setaf 6)     # busy
		C_FAIL=${C_MAIN}$(tput setaf 1)      # failed
		C_DONE=${C_MAIN}                          # completed
		C_BKGD=${C_MAIN}$(tput setaf 5)      # backgrounded
		C_H1=${C_MAIN}                            # highlight text 1
		C_H2=${C_MAIN}$(tput setaf 6)        # highlight text 2
	else
		C_CLEAR="\e[m"          # clear text
		C_MAIN="\e[;1m"         # main text
		C_OTHER="\e[1;34m"      # prefix & brackets
		C_SEPARATOR="\e[1;30m"  # separator
		C_BUSY="\e[;36m"        # busy
		C_FAIL="\e[1;31m"       # failed
		C_DONE=${C_MAIN}        # completed
		C_BKGD="\e[1;35m"       # backgrounded
		C_H1=${C_MAIN}          # highlight text 1
		C_H2="\e[1;36m"         # highlight text 2
	fi
fi

# prefixes:

PREFIX_REG="::"
PREFIX_HL=" >"

# Source additional functions at the end to allow overrides
for f in /etc/rc.d/functions.d/*; do
	[[ -e $f ]] && . "$f"
done

# End of file
# vim: set ts=2 sw=2 noet:
#=====================================================================================


. /etc/conf.d/key-file-check.conf

abbruch () {
   stat_fail
   exit 1
}
if [ "$2" = "vg" -o  "$2" = "novg" ]; then
    case "$1" in
      start)
        stat_busy "Unlocking encrypted Devices"
        VERIFY=$(mount | grep $LV | cut --delimiter=" " -f3)
        closeusb () {
           echo "stop"
           sleep 1
           umount $MOUNTPOINT1 && echo "USB-storage unmounted"
           abbruch
        }
        USBSTICK=$(ls /dev/disk/by-uuid/ | grep $UUID)
        if [[ $VERIFY != $MOUNTPOINT2 ]]; then
            if [[ $USBSTICK = $UUID ]]; then
                echo "USB-storage with key-file: found"
                echo "mounting (read-only) USB-storage:"
                mount -o ro /dev/disk/by-uuid/$USBSTICK $MOUNTPOINT1 || abbruch
                echo "ok"
                echo "opening encrypted device ..."
                cryptsetup luksOpen $VOLUME data-$LV-luks-io --key-file=$MOUNTPOINT1/.Thumb0.db || closeusb
                umount $MOUNTPOINT1 || abbruch
                echo "USB-storage unmounted"
            else
                echo "USB-storage with key-file: not found"
                cryptsetup luksOpen $VOLUME data-$LV-luks-io || abbruch
                echo "encrypted device unlocked"
            fi || abbruch
            if [ "$2" = "vg" ]; then
                vgchange -ay || abbruch
                mount /dev/disk/by-label/$LV $MOUNTPOINT2 || abbruch
                echo "encrypted device unlocked and logical volume mounted"
            fi
        else
            echo "logical volume already mounted on $MOUNTPOINT2"
        fi
        stat_done
      ;;
      stop)
        stat_busy "Locking Encrypted Devices"
        if [ "$2" = "vg" ]; then
          umount $MOUNTPOINT2 || abbruch
          vgchange -an || abbruch
          echo "logical device unmounted and encrypted volume locked"
        fi
        cryptsetup luksClose /dev/mapper/data-$LV-luks-io || abbruch
        stat_done
      ;;
      restart)
        $0 stop
        sleep 1
       $0 start
      ;;
      *)
        echo "usage: $0 {start|stop|restart} {vg|novg}"
      esac
else
    echo "usage: $0 {start|stop|restart} {vg|novg}"
fi