about summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarkus.Berger <Markus.Berger@pf4sh.de>2015-01-05 14:29:30 +0100
committerMarkus.Berger <Markus.Berger@pf4sh.de>2015-01-05 14:29:30 +0100
commitde0a29236d6ba04502b193719396eb9a79b3e98a (patch)
tree8a35d2007af17fa35ab39435101f168a4a64b775
parent6394a10a18da669b9054244293d19902de037892 (diff)
downloadrunit-void-de0a29236d6ba04502b193719396eb9a79b3e98a.tar.gz
runit-void-de0a29236d6ba04502b193719396eb9a79b3e98a.tar.xz
runit-void-de0a29236d6ba04502b193719396eb9a79b3e98a.zip
add function to parse more crypttab filds and options
-rw-r--r--core-services/03-filesystems.sh4
-rw-r--r--crypt.awk72
2 files changed, 73 insertions, 3 deletions
diff --git a/core-services/03-filesystems.sh b/core-services/03-filesystems.sh
index af55570..8b1e16b 100644
--- a/core-services/03-filesystems.sh
+++ b/core-services/03-filesystems.sh
@@ -22,9 +22,7 @@ fi
 
 if [ -e /etc/crypttab ]; then
     msg "Activating encrypted devices...\n"
-    awk '/^#/ || /^$/ { next }
-         NF>2 { print "unsupported crypttab: " $0 >"/dev/stderr"; next }
-         { system("cryptsetup luksOpen " $2 " " $1) }' /etc/crypttab
+    awk -f /etc/runit/crypt.awk /etc/crypttab
 
     if [ -x /sbin/vgchange ]; then
         msg "Activating LVM devices for dm-crypt...\n"
diff --git a/crypt.awk b/crypt.awk
new file mode 100644
index 0000000..5c2a2a7
--- /dev/null
+++ b/crypt.awk
@@ -0,0 +1,72 @@
+/^#/ || /^$/ { next }
+  NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next }
+{
+  # no password or none is given, ask fo it
+  if ( NF == 2 ) system("cryptsetup luksOpen " $2 " " $1);
+  else if (NF == 3 )
+  {
+    split($3, po, "=");
+    if ( po[1] == "none") system("cryptsetup luksOpen " $2 " " $1);
+    else system("cryptsetup luksOpen -d " $3 " " $2 " " $1);
+  }
+  else
+  # the option fild is not empty parse the options
+  {
+    split($4, opts, ",");
+    for(i in opts)
+    {
+      split(opts[i], para, "=");
+      if ( para[1] == "readonly" ) cmd=cmd "-r ";
+      else if ( para[1] == "cipher" ) cmd=cmd "-c " para[2] " ";
+      else if ( para[1] == "size" ) cmd=cmd "-s " para[2] " ";
+      else if ( para[1] == "hash" ) cmd=cmd "-h " para[2] " ";
+      else if ( para[1] == "offset" ) cmd=cmd "-o " para[2] " ";
+      else if ( para[1] == "skip" ) cmd=cmd "-p " para[2] " ";
+      else if ( para[1] == "tries" ) cmd=cmd "-T " para[2] " ";
+      else if ( para[1] == "verify" ) cmd=cmd "-y ";
+      else if ( para[1] == "discard" ) cmd=cmd "--allow-discards ";
+      else if ( para[1] == "swap" ) makeswap="y";
+      else if ( para[1] == "tmp" ) maketmp="y";
+      else if ( para[1] == "luks" ) useluks="y";
+      else if ( para[1] == "keyscript" ) keyscript=para[2];
+      else if ( para[1] == "keyslot" ) luksparams="--key-slot " para[2] " ";
+      else
+      {
+        print "no valid option " para[1] >"/dev/stderr";
+        cmd="";
+        makeswap="";
+        maketmp="";
+        useluks="";
+        luksparams="";
+        next;
+      }
+    }
+    if ( makeswap == "y" )
+    {
+      system("cryptsetup " cmd " -d " $3 " create " $2 " " $1);
+      system("mkswap /dev/mapper/" $1 );
+    }
+    else if ( maketmp == "y" )
+    {
+      system("cryptsetup " cmd " -d " $3 " create " $2 " " $1"_unformatted");
+      system("mkefs -t ext4 -q /dev/mapper/" $1"_unformatted" );
+      mdir="/run/cryptsetup/" $1;
+      system("mkdir -p " mdir);
+      system("mount /dev/mapper/" $1 "_unformatted  " mdir);
+      system("chmod 1777 " mdir);
+      system("umount " mdir);
+      #system("rmdir" mdir);
+      system("dmsetup rename " $1"_unformated " $1)
+    }
+    else if ( system("cryptsetup isLuks " $2 ) )
+    {
+      print "options are invalid for LUKS partitions" >"/dev/stderr";
+      system("cryptsetup Open -d " $3 " " $2 " " $1);
+    }
+    else if (para[1] == "keyscript" )
+    {
+      system( keyscript "| cryptsetup luksOpen -d - " $2 " " $1);
+    }
+    else print "other" >"/dev/stderr";
+  }
+}