eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 19:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b7799cb1d947381f90ea6e9963b1445111cee1e
cryptsetup/misc/dracut_90reencrypt/reencrypt.sh
Ondrej Kozina 1b7799cb1d dracut_90reencrypt: fix warns reported by static analysis 
- moddir is assigned in parent script run by dracut (warning was
  silenced)

- fix defect wrt to assignement and making variable local on
  same line. The variable cwd was first assigned by subshell
  and later any error originating in subshell was masked by
  making the variable local (which returns always 'true')
2016-04-25 15:47:18 +02:00

81 lines
1.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
#
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
[ -d /sys/module/loop ] || modprobe loop
[ -f /tmp/reencrypted ] && exit 0
. /lib/dracut-lib.sh
# if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
else
device="$1"
fi
PARAMS="$device -T 1 --use-fsync -B 32"
if [ "$3" != "any" ]; then
PARAMS="$PARAMS -S $3"
fi
if [ -n "$4" ]; then
PARAMS="$PARAMS --device-size $4"
fi
reenc_readkey() {
local keypath="${1#*:}"
local keydev="${1%%:*}"
local mntp="/tmp/reencrypted-mount-tmp"
mkdir "$mntp"
mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
umount "$mntp"
rm -r "$mntp"
}
reenc_run() {
local cwd
cwd=$(pwd)
local _prompt="LUKS password for REENCRYPTING $device"
cd /tmp
if [ "$1" = "none" ] ; then
if [ "$2" != "any" ]; then
_prompt="$_prompt, using keyslot $2"
fi
/bin/plymouth ask-for-password \
--prompt "$_prompt" \
--command="/sbin/cryptsetup-reencrypt $PARAMS"
else
info "REENCRYPT using key $1"
reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
fi
_ret=$?
cd $cwd
}
info "REENCRYPT $device requested"
# flock against other interactive activities
{ flock -s 9;
reenc_run $2 $3
} 9>/.console_lock
if [ $_ret -eq 0 ]; then
# do not ask again
>> /tmp/reencrypted
warn "Reencryption of device $device has finished successfully. Use previous"
warn "initramfs image (without reencrypt module) to boot the system. When"
warn "you leave the emergency shell, the system will reboot."
emergency_shell -n "(reboot)"
[ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
[ -x /sbin/shutdown ] && /sbin/shutdown -r now
fi
# panic the kernel otherwise
exit 1
Reference in New Issue View Git Blame Copy Permalink