From 3a8d07915bce8a5423d1052eae930a0d7a97ea4b Mon Sep 17 00:00:00 2001 From: suigin Date: Sat, 7 Nov 2015 23:13:35 -0800 Subject: Added support for LUKS headers, keyfile offset and size. Additionally, fixed problem where discard and readonly options were only recognized for plain/swap crypt devices but not LUKS devices. --- crypt.awk | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) (limited to 'crypt.awk') diff --git a/crypt.awk b/crypt.awk index a211371..d533ab8 100644 --- a/crypt.awk +++ b/crypt.awk @@ -26,45 +26,48 @@ NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next } dest=$1 key=$3 split($4, opts, ","); + commonopts=""; + swapopts=""; + luksopts=""; for(i in opts) { split(opts[i], para, "="); par=para[1]; - val=para[2] - if ( par == "readonly" || par == "read-only") cmd=cmd "-r "; - else if ( par == "cipher" ) cmd=cmd "-c " val " "; - else if ( par == "size" ) cmd=cmd "-s " val " "; - else if ( par == "hash" ) cmd=cmd "-h " val " "; - else if ( par == "offset" ) cmd=cmd "-o " val " "; - else if ( par == "skip" ) cmd=cmd "-p " val " "; - else if ( par == "tries" ) cmd=cmd "-T " val " "; - else if ( par == "verify" ) cmd=cmd "-y "; - else if ( par == "discard" ) cmd=cmd "--allow-discards "; + val=para[2]; + if ( par == "readonly" || par == "read-only") commonopts=commonopts "-r "; + else if ( par == "discard" ) commonopts=commonopts "--allow-discards "; + else if ( par == "tries" ) commonopts=commonopts "-T " val " "; else if ( par == "swap" ) makeswap="y"; - else if ( par == "luks" ) use_luks="y"; + else if ( par == "cipher" ) swapopts=swapopts "-c " val " "; + else if ( par == "size" ) swapopts=swapopts "-s " val " "; + else if ( par == "hash" ) swapopts=swapopts "-h " val " "; + else if ( par == "offset" ) swapopts=swapopts "-o " val " "; + else if ( par == "skip" ) swapopts=swapopts "-p " val " "; + else if ( par == "verify" ) swapopts=swapopts "-y "; #else if ( par == "noauto" ) #else if ( par == "nofail" ) #else if ( par == "plain" ) #else if ( par == "timeout" ) #else if ( par == "tmp" ) + else if ( par == "luks" ) use_luks="y"; else if ( par == "keyscript" ) {use_keyscript="y"; keyscript=val;} - else if ( par == "keyslot" || par == "key-slot" ) luksparams=luksparams "-S " val " "; + else if ( par == "keyslot" || par == "key-slot" ) luksopts=luksopts "-S " val " "; + else if ( par == "keyfile-size" ) luksopts=luksopts "-l " val " "; + else if ( par == "keyfile-offset" ) luksopts=luksopts "-keyfile-offset=" val " "; + else if ( par == "header" ) luksopts=luksopts "--header=" val " "; else { print "option: " par " not supported " >"/dev/stderr"; - cmd=""; makeswap=""; use_luks=""; use_keyscript=""; - luksparams=""; next; } } if ( makeswap == "y" && use_luks != "y" ) { - ccmd="cryptsetup " cmd " -d " key " create " dest " " src; + ccmd="cryptsetup " swapopts commonopts "-d " key " create " dest " " src; ccmd_2="mkswap /dev/mapper/" dest; - cmd=""; makeswap=""; - usekeyscript=""; - luksparams=""; + use_luks=""; + use_keyscript=""; system(ccmd); system(ccmd_2); ccmd=""; @@ -73,15 +76,15 @@ NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next } } if ( use_luks == "y" && makeswap != "y" ){ if ( use_keyscript == "y") { - ccmd=keyscript " | cryptsetup" luksparams " luksOpen -d - " src " " dest; + ccmd=keyscript " | cryptsetup " luksopts commonopts "luksOpen -d - " src " " dest; use_keyscript=""; } else { if ( key == "none" ){ - ccmd="cryptsetup" luksparams " luksOpen " src " " dest; + ccmd="cryptsetup " luksopts commonopts "luksOpen " src " " dest; } else { - ccmd="cryptsetup" luksparams " luksOpen -d " key " " src " " dest; + ccmd="cryptsetup " luksopts commonopts "luksOpen -d " key " " src " " dest; } } } @@ -89,11 +92,9 @@ NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next } print "use swap OR luks as option" >"/dev/stderr"; ccmd=""; } - cmd=""; makeswap=""; use_luks=""; use_keyscript=""; - luksparams=""; if ( ccmd != ""){ system(ccmd); ccmd="" -- cgit 1.4.1