[Pkg-loop-aes-commits] r1337 - /trunk/loop-aes-utils/debian/initramfs-tools-hook

xam at users.alioth.debian.org xam at users.alioth.debian.org
Sat Dec 2 19:14:38 CET 2006 

Author: xam
Date: Sat Dec  2 19:14:12 2006
New Revision: 1337

URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1337
Log:
initramfs: Show warning if disabled and encrypted root was detected

Modified:
    trunk/loop-aes-utils/debian/initramfs-tools-hook

Modified: trunk/loop-aes-utils/debian/initramfs-tools-hook
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/initramfs-tools-hook?rev=1337&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/initramfs-tools-hook (original)
+++ trunk/loop-aes-utils/debian/initramfs-tools-hook Sat Dec  2 19:14:12 2006
@@ -16,32 +16,7 @@
 	;;
 esac
 
-#Check whether loop-aes support is forced on or off
-case "${INITRAMFS_LOOPAES}" in
-    0|n|no|off)
-	exit 0
-	;;
-    1|y|yes|on)
-	FORCE_LOOPAES=1
-	;;
-    auto)
-	;;
-    *)
-	if [ -n "${INITRAMFS_LOOPAES}" ]; then
-	    echo "WARNING! (loop-aes) ignoring invalid INITRAMFS_LOOPAES value: '${INITRAMFS_LOOPAES}'" 1>&2
-	fi
-    	# Default not doing anything
-	exit 0
-	;;
-esac
-
 . /usr/share/initramfs-tools/hook-functions
-
-exit_unless_forced() {
-    if [ -z "${FORCE_LOOPAES}" ]; then
-	exit $1
-    fi
-}
 
 get_root_device() {
     [ -r /etc/fstab ] || return
@@ -133,14 +108,60 @@
     done
 }
 
-# Find out which device root is on
+# Find out which device root is on (sets rootdev and rootoptions)
 eval $(get_root_device)
-[ -z "${rootdev}" ] && exit_unless_forced 0
-# We now have set: rootdev rootoptions
+if [ -z "${rootdev}" ]; then
+    echo "WARNING: (loop-aes) Could not determine root device. Skipping." >&2
+    exit 0
+fi
 
 get_root_opts
-[ -z "${rootloop}" ] && exit_unless_forced 0
 loopaes_opts="${loopaes_opts},loop=${rootloop}"
+
+encrypted=no
+if [ "${rootloop}" ]; then
+    encrypted=yes
+fi
+
+enabled=no
+case "${INITRAMFS_LOOPAES}" in
+    0|n|no|off|'')
+	enabled=no
+	;;
+    1|y|yes|on)
+	enabled=yes
+	;;
+    auto)
+	if [ "$encrypted" = yes ]; then
+	    enabled=yes
+	fi
+	;;
+    *)
+	enabled=no
+	echo "WARNING! (loop-aes) ignoring invalid INITRAMFS_LOOPAES value: '${INITRAMFS_LOOPAES}'" 1>&2
+	;;
+esac
+
+if [ "$enabled" = no ]; then
+    if [ "$encrypted" = yes ]; then
+	cat >&2 <<END_WARN
+WARNING: Your root partition appears to be encrypted with loop-AES, but
+the initramfs support for loop-AES is disabled. The resulting initramfs
+will most likely NOT be able to boot your system (!!!). Please make sure
+that you have a good initramfs before the next reboot.
+END_WARN
+    fi
+    exit 0
+fi
+
+if [ "$encrypted" = no ]; then
+    cat >&2 <<END_WARN
+WARNING: (loop-aes) Support for loop-AES is enabled but this script was 
+unable to determine the loop-AES settings from /etc/fstab. It will skip
+setup of loop-AES support and let initramfs-tools continue.
+END_WARN
+    exit 0
+fi
 
 # Prepare the initramfs
 if [ -n "${rootgpgkey}" ]; then
@@ -165,7 +186,7 @@
 	cp /etc/console/boottime.kmap.gz $DESTDIR/etc/
 fi
 manual_add_modules loop
-if [ -z "${FORCE_LOOPAES}" ]; then
+if [ "$MODULES" = "dep" ]; then
     iterate_cipher_module "manual_add_modules" "$rootencryption"
 else
     iterate_cipher_module "manual_add_modules" "serpent:blowfish:twofish"

More information about the Pkg-loop-aes-commits mailing list