diff options
Diffstat (limited to 'rc.d/init.d')
-rw-r--r-- | rc.d/init.d/functions | 180 |
1 files changed, 0 insertions, 180 deletions
diff --git a/rc.d/init.d/functions b/rc.d/init.d/functions index 24447249..3e8b5ae0 100644 --- a/rc.d/init.d/functions +++ b/rc.d/init.d/functions @@ -552,17 +552,6 @@ confirm() { done } -# resolve a device node to its major:minor numbers in decimal or hex -get_numeric_dev() { -( - fmt="%d:%d" - if [ "$1" = "hex" ]; then - fmt="%x:%x" - fi - ls -lH "$2" | awk '{ sub(/,/, "", $5); printf("'"$fmt"'", $5, $6); }' -) 2>/dev/null -} - # Check whether file $1 is a backup or rpm-generated file and should be ignored is_ignored_file() { case "$1" in @@ -617,175 +606,6 @@ apply_sysctl() { fi } -key_is_random() { - [ "$1" = "/dev/urandom" -o "$1" = "/dev/hw_random" \ - -o "$1" = "/dev/random" ] -} - -find_crypto_mount_point() { - local fs_spec fs_file fs_vfstype remaining_fields - local fs - while read fs_spec fs_file remaining_fields; do - if [ "$fs_spec" = "/dev/mapper/$1" ]; then - echo $fs_file - break; - fi - done < /etc/fstab -} - -# Because of a chicken/egg problem, init_crypto must be run twice. /var may be -# encrypted but /var/lib/random-seed is needed to initialize swap. -init_crypto() { - local have_random dst src key opt lsl owner params makeswap skip arg opt - local param value rc ret mke2fs mdir prompt mount_point - - ret=0 - have_random=$1 - while read dst src key opt; do - [ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue - [ -b "/dev/mapper/$dst" ] && continue; - if [ "$have_random" = 0 ] && key_is_random "$key"; then - continue - fi - if [ -n "$key" -a "x$key" != "xnone" ]; then - if test -e "$key" ; then - owner=$(ls -l $key | (read a b owner rest; echo $owner)) - if ! key_is_random "$key"; then - lsl=$(ls -l "$key") - if [ "${lsl:4:6}" != "------" ]; then - echo $"INSECURE MODE FOR $key" - fi - fi - if [ "$owner" != root ]; then - echo $"INSECURE OWNER FOR $key" - fi - else - echo $"Key file for $dst not found, skipping" - ret=1 - continue - fi - else - key="" - fi - params="" - makeswap="" - mke2fs="" - skip="" - # Parse the src field for UUID= and convert to real device names - if [ "${src%%=*}" == "UUID" ]; then - src=$(/sbin/blkid -t "$src" -l -o device) - elif [ "${src/^\/dev\/disk\/by-uuid\/}" != "$src" ]; then - src=$(__readlink $src) - fi - # Is it a block device? - [ -b "$src" ] || continue - # Is it already a device mapper slave? (this is gross) - devesc=${src##/dev/} - devesc=${devesc//\//!} - for d in /sys/block/dm-*/slaves ; do - [ -e $d/$devesc ] && continue 2 - done - # Parse the options field, convert to cryptsetup parameters and - # contruct the command line - while [ -n "$opt" ]; do - arg=${opt%%,*} - opt=${opt##$arg} - opt=${opt##,} - param=${arg%%=*} - value=${arg##$param=} - - case "$param" in - cipher) - params="$params -c $value" - if [ -z "$value" ]; then - echo $"$dst: no value for cipher option, skipping" - skip="yes" - fi - ;; - size) - params="$params -s $value" - if [ -z "$value" ]; then - echo $"$dst: no value for size option, skipping" - skip="yes" - fi - ;; - hash) - params="$params -h $value" - if [ -z "$value" ]; then - echo $"$dst: no value for hash option, skipping" - skip="yes" - fi - ;; - noauto) - skip="yes" - ;; - verify) - params="$params -y" - ;; - swap) - makeswap=yes - ;; - tmp) - mke2fs=yes - esac - done - if [ "$skip" = "yes" ]; then - ret=1 - continue - fi - if [ -z "$makeswap" ] && cryptsetup isLuks "$src" 2>/dev/null ; then - if key_is_random "$key"; then - echo $"$dst: LUKS requires non-random key, skipping" - ret=1 - continue - fi - if [ -n "$params" ]; then - echo "$dst: options are invalid for LUKS partitions," \ - "ignoring them" - fi - if [ -n "$key" ]; then - /sbin/cryptsetup -d $key luksOpen "$src" "$dst" <&1 2>/dev/null && success || failure - rc=$? - else - mount_point="$(find_crypto_mount_point $dst)" - [ -n "$mount_point" ] || mount_point=${src##*/} - prompt=$(printf $"%s is password protected" "$mount_point") - plymouth ask-for-password --prompt "$prompt" --command="/sbin/cryptsetup luksOpen -T1 $src $dst" <&1 - rc=$? - fi - else - if [ -z "$key" ]; then - mount_point="$(find_crypto_mount_point $dst)" - [ -n "$mount_point" ] || mount_point=${src##*/} - prompt=$(printf $"%s is password protected" "$mount_point") - plymouth ask-for-password --prompt "$prompt" --command="/sbin/cryptsetup $params create $dst $src" <&1 - rc=$? - else - /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1 2>/dev/null && success || failure - rc=$? - fi - fi - if [ $rc -ne 0 ]; then - ret=1 - continue - fi - if [ -b "/dev/mapper/$dst" ]; then - if [ "$makeswap" = "yes" ]; then - mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null - fi - if [ "$mke2fs" = "yes" ]; then - if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \ - && mdir=$(mktemp -d /tmp/mountXXXXXX); then - mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir" - umount "$mdir" - rmdir "$mdir" - fi - fi - fi - done < /etc/crypttab - return $ret -} - # A sed expression to filter out the files that is_ignored_file recognizes __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' |