On Tue, May 17, 2005 at 19:35:22 +0200, maximilian attems wrote:
> On Tue, 17 May 2005, Tino Keitel wrote:
>
> > On Sat, May 14, 2005 at 18:23:27 +0200, maximilian attems wrote:
> > > hello tino,
> > >
> > > thanks for your patch,
> > > i had a look at it, but got mad with all the
> > > "x$foo" = "xtrue" and reworked it a bit.
This broke all tests using [ -n $foo ], I corrected it in the attached
patch. It's a diff against 0.1.79.
[...]
> > > could you please give it some more testing.
> > > in the cleanup version i might push into the initrd-tools.
> > > if i get postive feedback.
> >
> > I tested my original patch with interactive password request. It would
> > be nice if someone could test it with keyfiles and/or keyscripts (I'll
> > try to test keyfile support if I find some time for it).
> >
> > Regards,
> > Tino
> well if you don't give it some runs,
> and correct it if it does work out,
> i don't know how it would reach sarge.
>
> as it seems we are doing one last initrd-tools round.
> no i don't have the time or the usage habit of testing cryptsetup.
I tested the attached patch with interactive passwort request as well
as with a key file. It doesn't make much sense to store the key in the
initrd but it could also be read from a USB storage device (which could
be mounted via /keyscripts supplied by the user, but as I can not find
any documentation for /keyscripts, I didn't try this). Anyway, it
worked without problems.
I also tested the error handling with invalid lines in /etc/crypttab
and it looks good. Error messages are now a bit more descriptive, too.
Another change is that I removed the portion in the previous patch
which only removed a blank line.
Regards,
Tino
Only in initrd-tools-0.1.79/debian: files
Only in initrd-tools-0.1.79/debian: initrd-tools
diff -ru initrd-tools-0.1.79_orig/mkinitrd initrd-tools-0.1.79/mkinitrd
--- initrd-tools-0.1.79_orig/mkinitrd 2005-05-13 11:42:47.000000000 +0200
+++ initrd-tools-0.1.79/mkinitrd 2005-05-19 16:24:57.000000000 +0200
@@ -323,6 +323,66 @@
fi
}
+dmcrypt_parse_crypttab() {
+ TABFILE=/etc/crypttab
+
+ egrep "^$dmname" $TABFILE | while read dst src key opt ; do
+ if [ -n "$key" ] && [ "$key" != "none" ]; then
+ INTERACTIVE="no"
+ else
+ INTERACTIVE="yes"
+ fi
+
+ PARAMS=""
+
+ # Parse the options field, convert to cryptsetup parameters
+ # and contruct the command line
+ while [ -n "$opt" ] ; do
+ ARG=`echo $opt | sed "s/,.*//"`
+ opt=${opt##$ARG}
+ opt=${opt##,}
+ PARAM=`echo $ARG | sed "s/=.*//"`
+ VALUE=${ARG##$PARAM=}
+
+ case "$PARAM" in
+ cipher)
+ PARAM=-c
+ if [ ! -n "$VALUE" ] ; then
+ echo "No value for cipher option in /etc/crypttab." >&2
+ exit 1
+ fi
+ ;;
+ size)
+ PARAM=-s
+ if [ ! -n "$VALUE" ] ; then
+ echo "No value for size option in /etc/crypttab." >&2
+ exit 1
+ fi
+ ;;
+ hash)
+ PARAM=-h
+ if [ ! -n "$VALUE" ] ; then
+ echo "No value for hash option in /etc/crypttab." >&2
+ exit 1
+ fi
+ ;;
+ verify)
+ PARAM=-y
+ VALUE=""
+ ;;
+ esac
+
+ PARAMS="$PARAMS $PARAM $VALUE"
+ done
+
+ if [ "$INTERACTIVE" = "yes" ] ; then
+ echo "$PARAMS"
+ else
+ echo "$PARAMS -d $key"
+ fi
+ done
+}
+
dmcrypt() {
local cipher_mode devname submajor subminor
@@ -341,6 +401,8 @@
exit 1
fi
+ export dmname
+ cryptcmd=`dmcrypt_parse_crypttab`
eval "$(stat -c 'submajor=$((0x%t)); subminor=$((0x%T))' $(readlink -f
"$devname"))"
if [ $submajor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\),
\([0-9]*\))$/\1/') \
@@ -365,6 +427,7 @@
export device
export dmname="$dmname"
export cipher_mode="$cipher_mode"
+export cryptcmd="$cryptcmd"
for i in /keyscripts/*; do
[ -f "\$i" ] || continue
case "\$i" in
@@ -377,7 +440,7 @@
esac
done
[ -b /dev/mapper/\$dmname ] || \\
- /sbin/cryptsetup -c \$cipher_mode create \$dmname \$device
+ /sbin/cryptsetup \$cryptcmd create \$dmname \$device
umount -n dev2
EOF
