eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
517b5da67a584bcc0aea0b109b889f0f6653b623
cryptsetup/misc/dracut_90reencrypt/reencrypt.sh
Ondrej Kozina 8ea6b3eebd Redirect stdout to stderr during reencryption in initrd. 
Stdout is not printed in initrd unless user invokes debug mode.
It's inconvenient to have users waiting for reencryption to
finish with no input at all.
2018-07-21 11:28:41 +02:00

82 lines
1.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
#
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
[ -d /sys/module/loop ] || modprobe loop
[ -f /tmp/reencrypted ] && exit 0
. /lib/dracut-lib.sh
# if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
else
device="$1"
fi
PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32"
if [ "$3" != "any" ]; then
PARAMS="$PARAMS -S $3"
fi
if [ -n "$4" ]; then
PARAMS="$PARAMS --device-size $4"
fi
reenc_readkey() {
local keypath="${1#*:}"
local keydev="${1%%:*}"
local mntp="/tmp/reencrypted-mount-tmp"
mkdir "$mntp"
mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
umount "$mntp"
rm -r "$mntp"
}
reenc_run() {
local cwd
cwd=$(pwd)
local _prompt="LUKS password for REENCRYPTING $device"
cd /tmp
udevadm settle
if [ "$1" = "none" ] ; then
if [ "$2" != "any" ]; then
_prompt="$_prompt, using keyslot $2"
fi
/bin/plymouth ask-for-password \
--prompt "$_prompt" \
--command="/sbin/cryptsetup-reencrypt-verbose $PARAMS"
else
info "REENCRYPT using key $1"
reenc_readkey "$1" | /sbin/cryptsetup-reencrypt-verbose -d - $PARAMS
fi
_ret=$?
cd $cwd
}
info "REENCRYPT $device requested"
# flock against other interactive activities
{ flock -s 9;
reenc_run $2 $3
} 9>/.console_lock
if [ $_ret -eq 0 ]; then
# do not ask again
>> /tmp/reencrypted
warn "Reencryption of device $device has finished successfully. Use previous"
warn "initramfs image (without reencrypt module) to boot the system. When"
warn "you leave the emergency shell, the system will reboot."
emergency_shell -n "(reboot)"
[ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
[ -x /sbin/shutdown ] && /sbin/shutdown -r now
fi
# panic the kernel otherwise
exit 1
Reference in New Issue View Git Blame Copy Permalink