diff options
| -rw-r--r-- | functions | 62 |
1 files changed, 58 insertions, 4 deletions
@@ -381,12 +381,13 @@ activate_vgs() { (( $? == 0 )) && stat_done || stat_fail } -do_unlock() { +do_unlock_legacy() { # $1 = requested name # $2 = source device # $3 = password # $4 = options stat_append "${1}.." + printf "${C_FAIL}Using legacy crypttab format. This will stop working in the future. See crypttab(5).${C_OTHER}\n" local open=create a=$1 b=$2 failed=0 # Ordering of options is different if you are using LUKS vs. not. # Use ugly swizzling to deal with it. @@ -448,7 +449,6 @@ do_unlock() { /*) cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;; *) - printf "${C_FAIL}crypttab contains a literal encryption key. This will stop working in the future.${C_OTHER}\n" echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;; esac if (( $? )); then @@ -460,10 +460,64 @@ do_unlock() { return $failed } +do_unlock_systemd() { + stat_append "${1}.." + local failed=0 + if ! /usr/lib/systemd/systemd-cryptsetup attach "$1" "$2" "$3" $4; then + failed=1 + else + IFS=, + if in_array swap ${options[@]}; then + if ! mkswap /dev/mapper/$name >/dev/null; then + failed=1 + fi + elif in_array tmp ${options[@]}; then + if ! mke2fs /dev/mapper/$name >/dev/null; then + failed=1 + fi + fi + fi + if (( $failed )); then + stat_append "failed " + else + stat_append "ok " + fi + return $failed +} + +do_unlock() { + local name=$1 device=$2 password=$3 options=$4 + + if [[ ${options:0:2} =~ -. ]]; then + do_unlock_legacy "$name" "$device" "$password" "$options" + return $? + fi + + case $password in + ASK|SWAP) + do_unlock_legacy "$name" "$device" "$password" "$options" + ;; + /dev/*) + if [[ ${password##*:} == $password ]]; then + do_unlock_systemd "$name" "$device" "$password" "$options" + else + do_unlock_legacy "$name" "$device" "$password" "$options" + fi + ;; + /*|none|-) + do_unlock_systemd "$name" "$device" "$password" "$options" + ;; + *) + do_unlock_legacy "$name" "$device" "$password" "$options" + ;; + esac + return $? +} + read_crypttab() { # $1 = function to call with the split out line from the crypttab local line nspo failed=0 - while read line; do + while read line <&3; do [[ $line && $line != '#'* ]] || continue eval nspo=("${line%#*}") if $1 "${nspo[0]}" "${nspo[1]}" "${nspo[2]}" "${nspo[*]:3}"; then @@ -471,7 +525,7 @@ read_crypttab() { else failed=1 fi - done < /etc/crypttab + done 3< /etc/crypttab return $failed } |