diff options
author | Bill Nottingham <notting@redhat.com> | 2010-06-23 13:49:30 -0400 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2010-06-23 13:50:00 -0400 |
commit | f15d4585ba5fe2e56fa07e54752c6d91830377f2 (patch) | |
tree | fe8b81c19bfe2154f58754909e199de0e44dd482 /rc.d/rc.sysinit | |
parent | 7b2d2b5db67765ff6ac0a1ce94f3ee06665fa2f7 (diff) | |
download | initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar.gz initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar.bz2 initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar.xz initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.zip |
Also init_crypto for encrypyed network block devices. (#605600)
Diffstat (limited to 'rc.d/rc.sysinit')
-rwxr-xr-x | rc.d/rc.sysinit | 160 |
1 files changed, 0 insertions, 160 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index 25c7503b..46c5ccdd 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -85,166 +85,6 @@ relabel_selinux() { reboot -f } -key_is_random() { - [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" \ - -o "$1" = "/dev/random" ] -} - -find_crypto_mount_point() { - local fs_spec fs_file fs_vfstype remaining_fields - local fs - while read fs_spec fs_file remaining_fields; do - if [ "$fs_spec" = "/dev/mapper/$1" ]; then - echo $fs_file - break; - fi - done < /etc/fstab -} - -# Because of a chicken/egg problem, init_crypto must be run twice. /var may be -# encrypted but /var/lib/random-seed is needed to initialize swap. -init_crypto() { - local have_random dst src key opt mode owner params makeswap skip arg opt - local param value rc ret mke2fs mdir prompt mount_point - - ret=0 - have_random=$1 - while read dst src key opt; do - [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue - [ -b "/dev/mapper/$dst" ] && continue; - if [ "$have_random" = 0 ] && key_is_random "$key"; then - continue - fi - if [ -n "$key" -a "x$key" != "xnone" ]; then - if test -e "$key" ; then - owner=$(ls -l $key | (read a b owner rest; echo $owner)) - if ! key_is_random "$key"; then - mode=$(ls -l "$key" | cut -c 5-10) - if [ "$mode" != "------" ]; then - echo $"INSECURE MODE FOR $key" - fi - fi - if [ "$owner" != root ]; then - echo $"INSECURE OWNER FOR $key" - fi - else - echo $"Key file for $dst not found, skipping" - ret=1 - continue - fi - else - key="" - fi - params="" - makeswap="" - mke2fs="" - skip="" - # Parse the src field for UUID= and convert to real device names - if [ "${src%%=*}" == "UUID" ]; then - src=$(/sbin/blkid -t "$src" -l -o device) - elif [ "${src/^\/dev\/disk\/by-uuid\/}" != "$src" ]; then - src=$(__readlink $src) - fi - # Is it a block device? - [ -b "$src" ] || continue - # Is it already a device mapper slave? (this is gross) - devesc=${src##/dev/} - devesc=${devesc//\//!} - for d in /sys/block/dm-*/slaves ; do - [ -e $d/$devesc ] && continue 2 - done - # Parse the options field, convert to cryptsetup parameters and - # contruct the command line - while [ -n "$opt" ]; do - arg=${opt%%,*} - opt=${opt##$arg} - opt=${opt##,} - param=${arg%%=*} - value=${arg##$param=} - - case "$param" in - cipher) - params="$params -c $value" - if [ -z "$value" ]; then - echo $"$dst: no value for cipher option, skipping" - skip="yes" - fi - ;; - size) - params="$params -s $value" - if [ -z "$value" ]; then - echo $"$dst: no value for size option, skipping" - skip="yes" - fi - ;; - hash) - params="$params -h $value" - if [ -z "$value" ]; then - echo $"$dst: no value for hash option, skipping" - skip="yes" - fi - ;; - verify) - params="$params -y" - ;; - swap) - makeswap=yes - ;; - tmp) - mke2fs=yes - esac - done - if [ "$skip" = "yes" ]; then - ret=1 - continue - fi - if [ -z "$makeswap" ] && cryptsetup isLuks "$src" 2>/dev/null ; then - if key_is_random "$key"; then - echo $"$dst: LUKS requires non-random key, skipping" - ret=1 - continue - fi - if [ -n "$params" ]; then - echo "$dst: options are invalid for LUKS partitions," \ - "ignoring them" - fi - if [ -n "$key" ]; then - /sbin/cryptsetup -d $key luksOpen "$src" "$dst" <&1 2>/dev/null && success || failure - rc=$? - else - mount_point="$(find_crypto_mount_point $dst)" - [ -n "$mount_point" ] || mount_point=${src##*/} - prompt=$(printf $"%s is password protected" "$mount_point") - plymouth ask-for-password --prompt "$prompt" --command="/sbin/cryptsetup luksOpen -T1 $src $dst" <&1 - rc=$? - fi - else - [ -z "$key" ] && plymouth --hide-splash - /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null && success || failure - rc=$? - [ -z "$key" ] && plymouth --show-splash - fi - if [ $rc -ne 0 ]; then - ret=1 - continue - fi - if [ -b "/dev/mapper/$dst" ]; then - if [ "$makeswap" = "yes" ]; then - mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null - fi - if [ "$mke2fs" = "yes" ]; then - if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \ - && mdir=$(mktemp -d /tmp/mountXXXXXX); then - mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir" - umount "$mdir" - rmdir "$mdir" - fi - fi - fi - done < /etc/crypttab - return $ret -} - # Print a text banner. echo -en $"\t\tWelcome to " read -r system_release < /etc/system-release |