[Pkg-loop-aes-commits] r1349 - in
/branches/loop-aes-utils/initramfs-integration/debian:
initramfs-tools-hook initramfs-tools-script
lmamane at users.alioth.debian.org
lmamane at users.alioth.debian.org
Sat Dec 16 09:00:58 CET 2006
Author: lmamane
Date: Sat Dec 16 09:00:57 2006
New Revision: 1349
URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1349
Log:
Reintroduce "force loop-aes support on" feature
Modified:
branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-hook
branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-script
Modified: branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-hook
URL: http://svn.debian.org/wsvn/pkg-loop-aes/branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-hook?rev=1349&op=diff
==============================================================================
--- branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-hook (original)
+++ branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-hook Sat Dec 16 09:00:57 2006
@@ -33,6 +33,9 @@
decode_cipher() {
local cipher
+ # When changing this, don't forget to update the list of all known
+ # cipher modules in the iterate_cipher_module call near the end
+ # of this file. Also update the copy in initramfs-tools-script
case "$1" in
twofish*)
echo twofish
@@ -63,6 +66,8 @@
}
get_root_opts() {
+ # If you change this, keep the version in initramfs-tools-script
+ # in sync.
local opt cipher
local IFS=", "
for opt in $rootoptions; do
@@ -119,25 +124,23 @@
loopaes_opts="${loopaes_opts},loop=${rootloop}"
encrypted=no
-if [ "${rootloop}" ]; then
+if [ -n "${rootloop}" ]; then
encrypted=yes
fi
enabled=no
+forced=no
case "${INITRAMFS_LOOPAES}" in
0|n|no|off|'')
- enabled=no
;;
1|y|yes|on)
enabled=yes
+ forced=yes
;;
auto)
- if [ "$encrypted" = yes ]; then
- enabled=yes
- fi
+ enabled="${encrypted}"
;;
*)
- enabled=no
echo "WARNING! (loop-aes) ignoring invalid INITRAMFS_LOOPAES value: '${INITRAMFS_LOOPAES}'" 1>&2
;;
esac
@@ -154,14 +157,33 @@
exit 0
fi
-if [ "$encrypted" = no ]; then
- cat >&2 <<END_WARN
-WARNING: (loop-aes) Support for loop-AES is enabled but this script was
-unable to determine the loop-AES settings from /etc/fstab. It will skip
-setup of loop-AES support and let initramfs-tools continue.
+case "${rootdev}" in
+ /dev/loop*)
+ cat >&2 <<END_WARN
+WARNING:(loop-aes) According to /etc/fstab, your root device is on a
+loop device. Probably you use the wrong syntax for this script in
+/etc/fstab. See /usr/share/doc/loop-aes-utils/README . The initramfs
+being created will NOT be able to mount your loop-AES encrypted root
+automatically.
END_WARN
- exit 0
-fi
+ ;;
+ *)
+ if [ "$encrypted" = no ]; then
+ cat >&2 <<END_WARN
+WARNING: (loop-aes) Support for loop-AES is forced on but this script was
+unable to determine the loop-AES settings from /etc/fstab. Assuming
+you want the possibility of using loopaesopts kernel command-line
+option (and/or have losetup available in the initramfs shell), but
+don't want a loop-AES-encrypted root to be mounted automatically by
+default.
+
+Note that you need to ensure that the keys for the encrypted root fs
+you want to load through the loopaesopts kernel command-line option
+are reachable from the initramfs.
+END_WARN
+ fi
+ ;;
+esac
# Prepare the initramfs
if [ -n "${rootgpgkey}" ]; then
@@ -192,7 +214,7 @@
cp /etc/console/boottime.kmap.gz $DESTDIR/etc/
fi
manual_add_modules loop
-if [ "$MODULES" = "dep" ]; then
+if [ "${forced}" = no ]; then
iterate_cipher_module "manual_add_modules" "$rootencryption"
else
iterate_cipher_module "manual_add_modules" "serpent:blowfish:twofish"
Modified: branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-script
URL: http://svn.debian.org/wsvn/pkg-loop-aes/branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-script?rev=1349&op=diff
==============================================================================
--- branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-script (original)
+++ branches/loop-aes-utils/initramfs-integration/debian/initramfs-tools-script Sat Dec 16 09:00:57 2006
@@ -22,6 +22,10 @@
decode_cipher() {
local cipher
+ # When changing this, don't forget to update the copy in
+ # initramfs-tools-hook, as well as the list of all known cipher
+ # modules in the iterate_cipher_module call near the end of
+ # initramfs-tools-hook.
case "$1" in
twofish*)
echo twofish
@@ -53,26 +57,28 @@
get_options()
{
- # Do we have any settings from the /conf/conf.d/cryptroot file?
- [ -r /conf/conf.d/loopaes ] && . /conf/conf.d/loopaes
- loopaes_opts="${LOOPAESOPTS}"
+ # Do we have any settings from the /conf/conf.d/loopaes file?
+ [ -r /conf/conf.d/loopaes ] && . /conf/conf.d/loopaes
+ loopaes_opts="${LOOPAESOPTS}"
- # Does the kernel boot command line override them?
- for x in $(cat /proc/cmdline); do
- case $x in
- loopaesopts=*)
- loopaes_opts=${x#loopaesopts=}
- ;;
- esac
- done
+ # Does the kernel boot command line override them?
+ for x in $(cat /proc/cmdline); do
+ case $x in
+ loopaesopts=*)
+ loopaes_opts=${x#loopaesopts=}
+ ;;
+ esac
+ done
- # Sanity check
- if [ -z "${loopaes_opts}" ]; then
- # Apparently the root partition isn't encrypted
- echo "No root-on-loop configured, skipping"
- exit 0
- fi
+ # Sanity check
+ if [ -z "${loopaes_opts}" ]; then
+ # Apparently the root partition isn't encrypted
+ echo "No root-on-loop configured, skipping"
+ exit 0
+ fi
+ # If you change this, keep the version in initramfs-tools-script
+ # in sync.
local opt cipher
local IFS=", "
for opt in $loopaes_opts; do
More information about the Pkg-loop-aes-commits
mailing list