Search
Search
Search
Search
Information
Information
Light
Dark
Open actions menu
Basic upload method
Bypass upload method
Tips!
If you encounter an error (by firewall) while uploading using both methods,
try changing extension of the file before uploading it and rename it right after.
This uploader supports multiple file upload.
Submit
~
lib
cryptsetup
File Content:
cryptdisks-functions
# # This file is for inclusion with # . /lib/cryptsetup/cryptdisks-functions # and should not be executed directly. PATH="/usr/sbin:/usr/bin:/sbin:/bin" CRYPTDISKS_ENABLE="Yes" #set -x # Sanity check #1 [ -x /sbin/cryptsetup ] || exit 0 . /lib/lsb/init-functions . /lib/cryptsetup/functions if [ -r /etc/default/cryptdisks ]; then . /etc/default/cryptdisks fi MOUNT="$CRYPTDISKS_MOUNT" # do_start() # Unlock all devices in the crypttab(5) do_start() { [ -s "$TABFILE" ] || return 0 # Create locking directory before invoking cryptsetup(8) to avoid warnings mkdir -pm0700 /run/cryptsetup modprobe -qb dm-mod || true modprobe -qb dm-crypt || true dmsetup mknodes >/dev/null 2>&1 || true if [ "$INITSTATE" != "init" ]; then log_action_begin_msg "Starting $INITSTATE crypto disks" fi mount_fs crypttab_foreach_entry _do_start_callback umount_fs log_action_end_msg 0 } _do_start_callback() { setup_mapping || log_action_end_msg $? } # mount_fs() # Premounts file systems mount_fs() { local point MOUNTED="" for point in $MOUNT; do if mount "$point" >/dev/null; then MOUNTED="$MOUNTED $point" fi done } # Postunmounts file systems umount_fs() { local point for point in $MOUNTED; do umount "$point" >/dev/null done } # setup_mapping() # Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME, # $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS. setup_mapping() { if dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then device_msg "running" return 0 fi local loud="${DEFAULT_LOUD:-}" crypttab_parse_options --export --missing-path=fail || return 1 if [ -n "${CRYPTTAB_OPTION_quiet+x}" ]; then loud="no" elif [ -n "${CRYPTTAB_OPTION_loud+x}" ]; then loud="yes" fi if [ -z "${FORCE_START-}" ]; then if [ "$INITSTATE" = "early" -a -n "${CRYPTTAB_OPTION_noearly+x}" ] || [ "$INITSTATE" != "manual" -a -n "${CRYPTTAB_OPTION_noauto+x}" ]; then device_msg "ignored" return 0 fi fi if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then if ! crypttab_key_check; then device_msg "invalid key" return 1 fi CRYPTTAB_OPTION_tries=1 fi if ! crypttab_resolve_source; then if [ "$loud" = "yes" ]; then device_msg "skipped, device $CRYPTTAB_SOURCE does not exist" fi return 1 fi device_msg "starting" local offset_bytes="" if [ -n "${CRYPTTAB_OPTION_offset+x}" ] && [ ${#CRYPTTAB_OPTION_offset} -le 7 ] && [ $CRYPTTAB_OPTION_offset -lt 4194304 ]; then # silently ignore large offset values which might cause the multiplication to overflow... offset_bytes=$((CRYPTTAB_OPTION_offset * 512)) fi local out tmpdev if [ "$CRYPTTAB_TYPE" != "luks" ] && [ "$CRYPTTAB_TYPE" != "bitlk" ]; then # fail if the device has a filesystem and the disk encryption format doesn't # verify the key digest (unlike LUKS); unless it's swap, otherwise people can't # easily convert an existing plainttext swap partition to an encrypted one if ! out="$(/lib/cryptsetup/checks/un_blkid "$CRYPTTAB_SOURCE" "" ${CRYPTTAB_OPTION_offset+"$offset_bytes"} 2>/dev/null)" && ! /lib/cryptsetup/checks/blkid "$CRYPTTAB_SOURCE" swap ${CRYPTTAB_OPTION_offset+"$offset_bytes"} >/dev/null; then log_warning_msg "$CRYPTTAB_NAME: the precheck for '$CRYPTTAB_SOURCE' failed: $out" return 1 fi fi local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype rv local target="$CRYPTTAB_NAME" CRYPTTAB_NAME="${CRYPTTAB_NAME}_unformatted" # XXX potential conflict while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then # unlock via keyfile unlock_mapping "$CRYPTTAB_KEY" else # unlock interactively or via keyscript CRYPTTAB_NAME="$target" run_keyscript "$count" | unlock_mapping fi rv=$? count=$(( $count + 1 )) if [ $rv -ne 0 ] || ! tmpdev="$(dm_blkdevname "$CRYPTTAB_NAME")"; then continue fi if [ -n "${CRYPTTAB_OPTION_check+x}" ] && \ ! "$CRYPTTAB_OPTION_check" "$tmpdev" ${CRYPTTAB_OPTION_checkargs+"$CRYPTTAB_OPTION_checkargs"}; then log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed" cryptsetup remove -- "$CRYPTTAB_NAME" continue fi if [ "${CRYPTTAB_OPTION_swap+x}" ]; then if out="$(/lib/cryptsetup/checks/un_blkid "$tmpdev" "" ${CRYPTTAB_OPTION_offset+"$offset_bytes"} 2>/dev/null)" || /lib/cryptsetup/checks/blkid "$tmpdev" swap ${CRYPTTAB_OPTION_offset+"$offset_bytes"} >/dev/null 2>&1; then mkswap "$tmpdev" >/dev/null 2>&1 else log_warning_msg "$target: the check for '$CRYPTTAB_NAME' failed. $CRYPTTAB_NAME contains data: $out" cryptsetup remove -- "$CRYPTTAB_NAME" return 1 fi elif [ "${CRYPTTAB_OPTION_tmp+x}" ]; then local tmpdir="$(mktemp --tmpdir="/run/cryptsetup" --directory)" rv=0 if ! mkfs -t "$CRYPTTAB_OPTION_tmp" -q "$tmpdev" >/dev/null 2>&1 || ! mount -t "$CRYPTTAB_OPTION_tmp" "$tmpdev" "$tmpdir" || ! chmod 1777 "$tmpdir"; then rv=1 fi umount "$tmpdir" || true rmdir "$tmpdir" || true [ $rv -eq 0 ] || return $rv fi if command -v udevadm >/dev/null 2>&1; then udevadm settle fi dmsetup rename -- "$CRYPTTAB_NAME" "$target" device_msg "$target" "started" return 0 done device_msg "$target" "failed" return 1 } # Removes all mappings in crypttab, except the ones holding the root # file system or /usr do_stop() { local devno_rootfs devno_usr dmsetup mknodes log_action_begin_msg "Stopping $INITSTATE crypto disks" devno_rootfs="$(get_mnt_devno /)" || devno_rootfs="" devno_usr="$(get_mnt_devno /usr)" || devno_usr="" crypttab_foreach_entry _do_stop_callback log_action_end_msg 0 } _do_stop_callback() { local i rv=0 skip="n" # traverse the device tree for each crypttab(5) entry, that's # suboptimal but we can't use mapped device names as they might # contain any character other than NUL. shouldn't be much overhead # anyway as the device tree is likely not that long foreach_cryptdev _do_stop_skipped $devno_rootfs $devno_usr if [ "$skip" = "n" ]; then for i in 1 2 4 8 16 32; do remove_mapping "$CRYPTTAB_NAME" 3<&- && break || rv=$? if [ $rv -eq 1 ] || [ $rv -eq 2 -a $i -gt 16 ]; then log_action_end_msg $rv break fi log_action_cont_msg "$CRYPTTAB_NAME busy..." sleep $i done fi } _do_stop_skipped() { if [ "$1" = "$CRYPTTAB_NAME" ]; then skip="y" fi } # device_msg([$name], $message) # Convenience function to handle $VERBOSE device_msg() { local name message if [ $# -eq 1 ]; then name="$CRYPTTAB_NAME" message="$1" else name="$1" message="$2" fi if [ "$VERBOSE" != "no" ]; then log_action_cont_msg "$name ($message)" fi } # remove_mapping($target) # Remove mapping $target remove_mapping() { local CRYPTTAB_NAME="$1" if ! dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then device_msg "stopped" return 0 fi if [ "$(dmsetup info --noheadings -c -o subsystem -- "$CRYPTTAB_NAME")" != "CRYPT" ]; then device_msg "error" return 1 fi local opencount="$(dmsetup info -c --noheadings -o open -- "$CRYPTTAB_NAME" 2>/dev/null || true)" if [ -z "$opencount" ]; then device_msg "error" return 1 elif [ "$opencount" != "0" ]; then device_msg "busy" if [ "$INITSTATE" = "early" ] || [ "$INITSTATE" = "manual" ]; then return 1 elif [ "$INITSTATE" = "remaining" ]; then return 2 fi return 0 fi if cryptsetup remove -- "$CRYPTTAB_NAME"; then device_msg "stopping" return 0 else device_msg "error" return 1 fi } # vim: set filetype=sh :
Edit
Download
Unzip
Chmod
Delete
