aboutsummaryrefslogtreecommitdiffstats
path: root/rc.d/rc.sysinit
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2010-06-23 13:49:30 -0400
committerBill Nottingham <notting@redhat.com>2010-06-23 13:50:00 -0400
commitf15d4585ba5fe2e56fa07e54752c6d91830377f2 (patch)
treefe8b81c19bfe2154f58754909e199de0e44dd482 /rc.d/rc.sysinit
parent7b2d2b5db67765ff6ac0a1ce94f3ee06665fa2f7 (diff)
downloadinitscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar
initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar.gz
initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar.bz2
initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.tar.xz
initscripts-f15d4585ba5fe2e56fa07e54752c6d91830377f2.zip
Also init_crypto for encrypyed network block devices. (#605600)
Diffstat (limited to 'rc.d/rc.sysinit')
-rwxr-xr-xrc.d/rc.sysinit160
1 files changed, 0 insertions, 160 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index 25c7503b..46c5ccdd 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -85,166 +85,6 @@ relabel_selinux() {
reboot -f
}
-key_is_random() {
- [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" \
- -o "$1" = "/dev/random" ]
-}
-
-find_crypto_mount_point() {
- local fs_spec fs_file fs_vfstype remaining_fields
- local fs
- while read fs_spec fs_file remaining_fields; do
- if [ "$fs_spec" = "/dev/mapper/$1" ]; then
- echo $fs_file
- break;
- fi
- done < /etc/fstab
-}
-
-# Because of a chicken/egg problem, init_crypto must be run twice. /var may be
-# encrypted but /var/lib/random-seed is needed to initialize swap.
-init_crypto() {
- local have_random dst src key opt mode owner params makeswap skip arg opt
- local param value rc ret mke2fs mdir prompt mount_point
-
- ret=0
- have_random=$1
- while read dst src key opt; do
- [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
- [ -b "/dev/mapper/$dst" ] && continue;
- if [ "$have_random" = 0 ] && key_is_random "$key"; then
- continue
- fi
- if [ -n "$key" -a "x$key" != "xnone" ]; then
- if test -e "$key" ; then
- owner=$(ls -l $key | (read a b owner rest; echo $owner))
- if ! key_is_random "$key"; then
- mode=$(ls -l "$key" | cut -c 5-10)
- if [ "$mode" != "------" ]; then
- echo $"INSECURE MODE FOR $key"
- fi
- fi
- if [ "$owner" != root ]; then
- echo $"INSECURE OWNER FOR $key"
- fi
- else
- echo $"Key file for $dst not found, skipping"
- ret=1
- continue
- fi
- else
- key=""
- fi
- params=""
- makeswap=""
- mke2fs=""
- skip=""
- # Parse the src field for UUID= and convert to real device names
- if [ "${src%%=*}" == "UUID" ]; then
- src=$(/sbin/blkid -t "$src" -l -o device)
- elif [ "${src/^\/dev\/disk\/by-uuid\/}" != "$src" ]; then
- src=$(__readlink $src)
- fi
- # Is it a block device?
- [ -b "$src" ] || continue
- # Is it already a device mapper slave? (this is gross)
- devesc=${src##/dev/}
- devesc=${devesc//\//!}
- for d in /sys/block/dm-*/slaves ; do
- [ -e $d/$devesc ] && continue 2
- done
- # Parse the options field, convert to cryptsetup parameters and
- # contruct the command line
- while [ -n "$opt" ]; do
- arg=${opt%%,*}
- opt=${opt##$arg}
- opt=${opt##,}
- param=${arg%%=*}
- value=${arg##$param=}
-
- case "$param" in
- cipher)
- params="$params -c $value"
- if [ -z "$value" ]; then
- echo $"$dst: no value for cipher option, skipping"
- skip="yes"
- fi
- ;;
- size)
- params="$params -s $value"
- if [ -z "$value" ]; then
- echo $"$dst: no value for size option, skipping"
- skip="yes"
- fi
- ;;
- hash)
- params="$params -h $value"
- if [ -z "$value" ]; then
- echo $"$dst: no value for hash option, skipping"
- skip="yes"
- fi
- ;;
- verify)
- params="$params -y"
- ;;
- swap)
- makeswap=yes
- ;;
- tmp)
- mke2fs=yes
- esac
- done
- if [ "$skip" = "yes" ]; then
- ret=1
- continue
- fi
- if [ -z "$makeswap" ] && cryptsetup isLuks "$src" 2>/dev/null ; then
- if key_is_random "$key"; then
- echo $"$dst: LUKS requires non-random key, skipping"
- ret=1
- continue
- fi
- if [ -n "$params" ]; then
- echo "$dst: options are invalid for LUKS partitions," \
- "ignoring them"
- fi
- if [ -n "$key" ]; then
- /sbin/cryptsetup -d $key luksOpen "$src" "$dst" <&1 2>/dev/null && success || failure
- rc=$?
- else
- mount_point="$(find_crypto_mount_point $dst)"
- [ -n "$mount_point" ] || mount_point=${src##*/}
- prompt=$(printf $"%s is password protected" "$mount_point")
- plymouth ask-for-password --prompt "$prompt" --command="/sbin/cryptsetup luksOpen -T1 $src $dst" <&1
- rc=$?
- fi
- else
- [ -z "$key" ] && plymouth --hide-splash
- /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null && success || failure
- rc=$?
- [ -z "$key" ] && plymouth --show-splash
- fi
- if [ $rc -ne 0 ]; then
- ret=1
- continue
- fi
- if [ -b "/dev/mapper/$dst" ]; then
- if [ "$makeswap" = "yes" ]; then
- mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null
- fi
- if [ "$mke2fs" = "yes" ]; then
- if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \
- && mdir=$(mktemp -d /tmp/mountXXXXXX); then
- mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir"
- umount "$mdir"
- rmdir "$mdir"
- fi
- fi
- fi
- done < /etc/crypttab
- return $ret
-}
-
# Print a text banner.
echo -en $"\t\tWelcome to "
read -r system_release < /etc/system-release