eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bdce4b84d89612271f5b973d11d39da3df4b13ed
cryptsetup/misc/dracut_90reencrypt/reencrypt.sh
Ondrej Kozina 7de815e957 Silence annoying shell checks for dracut module. 
Also fixes one theoretical issue with 'local' keyword for
any (if any) POSIX-strictly shell.
2018-12-12 15:08:06 +01:00

85 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
#
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
[ -d /sys/module/loop ] || modprobe loop
[ -f /tmp/reencrypted ] && exit 0
. /lib/dracut-lib.sh
# if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
else
device="$1"
fi
PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32"
if [ "$3" != "any" ]; then
PARAMS="$PARAMS -S $3"
fi
if [ -n "$4" ]; then
PARAMS="$PARAMS --device-size $4"
fi
reenc_readkey() {
keypath="${1#*:}"
keydev="${1%%:*}"
mntp="/tmp/reencrypted-mount-tmp"
mkdir "$mntp"
mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
umount "$mntp"
rm -r "$mntp"
}
# shellcheck disable=SC2086
# shellcheck disable=SC2164
reenc_run() {
cwd=$(pwd)
_prompt="LUKS password for REENCRYPTING $device"
cd /tmp
udevadm settle
if [ "$1" = "none" ] ; then
if [ "$2" != "any" ]; then
_prompt="$_prompt, using keyslot $2"
fi
/bin/plymouth ask-for-password \
--prompt "$_prompt" \
--command="/sbin/cryptsetup-reencrypt-verbose $PARAMS"
else
info "REENCRYPT using key $1"
reenc_readkey "$1" | /sbin/cryptsetup-reencrypt-verbose -d - $PARAMS
fi
_ret=$?
cd $cwd
}
info "REENCRYPT $device requested"
# flock against other interactive activities
# shellcheck disable=SC2086
{ flock -s 9;
reenc_run $2 $3
} 9>/.console_lock
if [ $_ret -eq 0 ]; then
# do not ask again
# shellcheck disable=SC2188
>> /tmp/reencrypted
warn "Reencryption of device $device has finished successfully. Use previous"
warn "initramfs image (without reencrypt module) to boot the system. When"
warn "you leave the emergency shell, the system will reboot."
emergency_shell -n "(reboot)"
[ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
[ -x /sbin/shutdown ] && /sbin/shutdown -r now
fi
# panic the kernel otherwise
exit 1
Reference in New Issue View Git Blame Copy Permalink