r1999 - in trunk/utils/initrd-tools: . debian

[Martin Michlmayr]

Author: tbm
Date: 2004-12-15 06:09:38 -0700 (Wed, 15 Dec 2004)
New Revision: 1999

Modified:
   trunk/utils/initrd-tools/debian/changelog
   trunk/utils/initrd-tools/mkinitrd
Log:
Add support for encrypted root filesystems using dm-crypt and cryptsetup.
Patch provided by Wesley W. Terpstra, with modifications and testing by
Loic Minier and me (Closes: #247054).


Modified: trunk/utils/initrd-tools/debian/changelog
===================================================================
--- trunk/utils/initrd-tools/debian/changelog	2004-12-15 04:17:00 UTC (rev 1998)
+++ trunk/utils/initrd-tools/debian/changelog	2004-12-15 13:09:38 UTC (rev 1999)
@@ -5,6 +5,10 @@
       modules in /proc/scsi. (closes: #285301)
     - Also fix in that same workaround a possible problem with module names
       with hyphens that get flattened to underscores in 2.6.
+  * Martin Michlmayr
+    - Add support for encrypted root filesystems using dm-crypt and
+      cryptsetup.  Patch provided by Wesley W. Terpstra, with modifications
+      and testing by Loic Minier and me (Closes: #247054).
 
  -- Joshua Kwan <joshk@triplehelix.org>  Sun, 12 Dec 2004 17:17:11 -0800
 

Modified: trunk/utils/initrd-tools/mkinitrd
===================================================================
--- trunk/utils/initrd-tools/mkinitrd	2004-12-15 04:17:00 UTC (rev 1998)
+++ trunk/utils/initrd-tools/mkinitrd	2004-12-15 13:09:38 UTC (rev 1999)
@@ -322,8 +322,90 @@
 	fi
 }
 
+dmcrypt() {
+	local cipher_mode devname submajor subminor
+	
+	if ! command -v cryptsetup > /dev/null 2>&1; then
+		echo Root is on a DM crypt device, but cryptsetup not installed >&2
+	fi
+	
+	cipher_mode=$(dmsetup table $dmname | cut -d" " -f4)
+
+	echo dm-crypt
+	echo $cipher_mode | cut -d- -f1
+
+	devname=$(grep -m 1 "^$dmname[[:space:]]" /etc/crypttab | sed 's/^[^[:space:]]*[[:space:]]*\([^[:space:]]*\).*/\1/')
+	if [ ! -b ${devname:-/dev/null} ]; then
+		echo \'$dmname\' does not have a valid block device in /etc/crypttab >&2
+		exit 1
+	fi
+	
+	eval "$(stat -c 'submajor=$((0x%t)); subminor=$((0x%T))' $(readlink -f "$devname"))"
+	
+	if [ $submajor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\), \([0-9]*\))$/\1/') \
+	  -o $subminor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\), \([0-9]*\))$/\2/') ]; then
+		echo /etc/crypttab entry for \'$dmname\' does not agree with dmsetup >&2
+		exit 1
+	fi
+		
+	getroot $devname
+	
+	cat <<EOF >&5
+mount_tmpfs dev2
+
+save_rootdev="\$rootdev"
+save_ROOT="\$ROOT"
+rootdev=$(($submajor*256+$subminor))
+ROOT="$devname"
+get_device
+rootdev="\$save_rootdev"
+ROOT="\$save_ROOT"
+
+export device
+export dmname="$dmname"
+export cipher_mode="$cipher_mode"
+for i in /keyscripts/*; do
+	[ -f "\$i" ] || continue
+	case "\$i" in
+	*.sh)
+		(. \$i)
+		;;
+	*)
+		\$i
+		;;
+	esac
+done
+[ -b /dev/mapper/\$dmname ] || \\
+	/sbin/cryptsetup -c \$cipher_mode create \$dmname \$device
+
+umount -n dev2
+EOF
+	{
+		echo /sbin/cryptsetup
+		echo /lib/libdevmapper.so.1.00
+		echo /lib/libpopt.so.0
+	} >&6
+}
+
 dm() {
-	if command -v lvmiopversion > /dev/null 2>&1; then
+	local dmname
+	
+	if ! command -v dmsetup > /dev/null 2>&1; then
+		echo Root is on a DM device, but dmsetup not installed >&2
+		exit 1
+	fi
+	
+	dmdev=$(printf "(%d, %d)" $major $minor)
+	
+	if ! dmsetup ls | grep -q "$dmdev\$"; then
+		echo Unknown DM device $major:$minor >&2
+		exit 1
+	fi
+	
+	dmname=$(dmsetup ls | grep "$dmdev\$" | sed 's/^\([^[:space:]]*\).*$/\1/')
+	if dmsetup table $dmname | grep -q crypt; then
+		dmcrypt
+	elif command -v lvmiopversion > /dev/null 2>&1; then
 		lvm
 	elif [ ! -x /etc/mkinitrd/scripts/evms ]; then
 		echo Unknown DM device $major:$minor >&2
@@ -1143,7 +1225,7 @@
 	mv script initrd
 
 	cd initrd
-	mkdir -p dev2 devfs etc mnt proc scripts sys tmp var
+	mkdir -p dev2 devfs etc keyscripts mnt proc scripts sys tmp var
 
 	> etc/mtab