denes
/
genkernel_fork
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

apply LUKS key patch from bug 162962 from Nelson Batalha <nelson_batalha@hotmail.com>

Browse Source 
git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@573 67a159dc-881f-0410-a524-ba9dfbe2cb84
cleanup-cruft
Andrew Gaffney 17 years ago
parent ccc3c9c78f
commit 8ac539106b
4 changed files with 353 additions and 201 deletions
Show Stats Download Patch File Download Diff File

5
ChangeLog
Unescape View File

@ -2,6 +2,11 @@
# Copyright 2006-2007 Gentoo Foundation; Distributed under the GPL v2 # Copyright 2006-2007 Gentoo Foundation; Distributed under the GPL v2
# $Header: $ # $Header: $
23 Dec 2007; Andrew Gaffney <agaffney@gentoo.org> generic/initrd.scripts,
generic/linuxrc, genkernel.8:
apply LUKS key patch from bug 162962 from Nelson Batalha
<nelson_batalha@hotmail.com>
14 Dec 2007; Andrew Gaffney <agaffney@gentoo.org> generic/linuxrc: 14 Dec 2007; Andrew Gaffney <agaffney@gentoo.org> generic/linuxrc:
fix text bolding on serial console for bug 202266 thanks to Michael Hordijk fix text bolding on serial console for bug 202266 thanks to Michael Hordijk
<hoffbrinkle@hotmail.com> <hoffbrinkle@hotmail.com>

427
generic/initrd.scripts
Unescape View File

@ -37,9 +37,9 @@ modules_load() {
modules_scan() { modules_scan() {
local MODS local MODS
[ -d /etc/modules/${1} ] || touch /etc/modules/${1} [ -d "/etc/modules/${1}" ] || touch /etc/modules/${1}
[ -f /etc/modules/${1} ] && MODS=`cat /etc/modules/${1}` [ -f "/etc/modules/${1}" ] && MODS=`cat /etc/modules/${1}`
for x in ${MODS} for x in ${MODS}
do do
MLOAD=`echo ${MLIST} | sed -e "s/.*${x}.*/${x}/"` MLOAD=`echo ${MLIST} | sed -e "s/.*${x}.*/${x}/"`
@ -63,82 +63,96 @@ modules_scan() {
done done
} }
findcdmount() { uppercase(){
# needs tr on busybox
echo $1 | tr 'a-z' 'A-Z'
}
findmediamount() {
# $1 = mount dir name / media name
# $2 = recognition file
# $3 = variable to have the device path
# $4 = directory before /mnt, like NEW_ROOT
# args remaining are possible devices
local media=$1 recon=$2 vrbl=$3
local mntdir="${4}/mnt/${media}"
shift 4
good_msg "Looking for the ${media}" ${CRYPT_SILENT}
if [ "$#" -gt "0" ] if [ "$#" -gt "0" ]
then then
[ ! -d "${mntdir}" ] && mkdir -p ${mntdir} 2>/dev/null >/dev/null
for x in $* for x in $*
do do
# Check for a block device to mount # Check for a block device to mount
if [ -b "${x}" ] if [ -b "${x}" ]
then then
good_msg "Attempting to mount media:- ${x}" good_msg "Attempting to mount media:- ${x}" ${CRYPT_SILENT}
if [ -z "${CDROOT_DEV}" ]
then if [ -n "${CDROOT_DEV}" -a \( ${media}="cdrom" \) ]; then
mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom \ mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom >/dev/null 2>&1
> /dev/null 2>&1
else else
mount -r -t iso9660 ${x} ${NEW_ROOT}/mnt/cdrom \ mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1
> /dev/null 2>&1 fi
fi
if [ "$?" = '0' ] if [ "$?" = '0' ]
then then
# Check for a LiveCD # Check for the media
if [ -f ${NEW_ROOT}/mnt/cdrom/${SUBDIR}/livecd ] if [ -f "${mntdir}/${recon}" ]
then then
REAL_ROOT="${x}" #set REAL_ROOT, CRYPT_ROOT_KEYDEV or whatever ${vrbl} is
eval ${vrbl}'='"${x}"
good_msg "Media found on ${x}" ${CRYPT_SILENT}
break break
else else
umount ${NEW_ROOT}/mnt/cdrom umount ${mntdir}
fi fi
fi fi
fi fi
done done
if [ "${REAL_ROOT}" != '' ]
then
good_msg "Media found on ${x}"
fi
fi fi
eval local result='$'${vrbl}
[ -n "${result}" ] || bad_msg "Media not found" ${CRYPT_SILENT}
} }
findkeymount() { devicelist(){
if [ "$#" -gt "0" ] # Locate the cdrom device with our media on it.
then # CDROM DEVICES
for x in $* local DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
do # USB Keychain/Storage
# Check for a block device to mount DEVICES="$DEVICES /dev/sd*"
if [ -b "${x}" ] # IDE devices
then DEVICES="$DEVICES /dev/hd*"
if [ ${crypt_silent} = '' ] # USB using the USB Block Driver
then DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
good_msg "Attempting to mount key media:- ${x}" # iSeries devices
fi DEVICES="$DEVICES /dev/iseries/vcd*"
echo ${DEVICES}
}
mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \ bootstrapCD() {
> /dev/null 2>&1
if [ "$?" = '0' ] local DEVICES=`devicelist`
then # The device was specified on the command line. Shold we even be doing a
# Check for the key # scan at this point? I think not.
if [ -e ${NEW_ROOT}/mnt/keydev/${LUKS_ROOT_KEY} ] [ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"
then
LUKS_ROOT_KEYDEV="${x}" findmediamount "cdrom" "${SUBDIR}/livecd" "REAL_ROOT" "${NEW_ROOT}" ${DEVICES}
umount ${NEW_ROOT}/mnt/keydev
break
else
umount ${NEW_ROOT}/mnt/keydev
fi
fi
fi
done
if [ "${LUKS_ROOT_KEYDEV}" != '' ]
then
if [ ${crypt_silent} = '' ]
then
good_msg "Key media found on ${x}"
fi
fi
fi
} }
bootstrapKey() {
# $1 = ROOT/SWAP
local KEYDEVS=`devicelist`
eval local keyloc='"${CRYPT_'${1}'_KEY}"'
findmediamount "key" "${keyloc}" "CRYPT_${1}_KEYDEV" "" ${KEYDEVS}
}
cache_cd_contents() { cache_cd_contents() {
# Check loop file exists and cache to ramdisk if DO_cache is enabled # Check loop file exists and cache to ramdisk if DO_cache is enabled
@ -328,24 +342,74 @@ test_success() {
fi fi
} }
good_msg() {
# msg functions arguments
# $1 string
# $2 hide flag
good_msg() {
msg_string=$1 msg_string=$1
msg_string="${msg_string:-...}" msg_string="${msg_string:-...}"
echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}" [ "$2" != 1 ] && echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
} }
bad_msg() { bad_msg() {
msg_string=$1 msg_string=$1
msg_string="${msg_string:-...}" msg_string="${msg_string:-...}"
splash 'verbose' > /dev/null & if [ "$2" != 1 ]
echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}" then
splash 'verbose' > /dev/null &
echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
fi
} }
warn_msg() { warn_msg() {
msg_string=$1 msg_string=$1
msg_string="${msg_string:-...}" msg_string="${msg_string:-...}"
echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}" [ "$2" != 1 ] && echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
} }
crypt_filter() {
if [ ${CRYPT_SILENT} -eq 1 ]
then
eval $1 >/dev/null 2>/dev/null
else
eval $1
fi
}
whereis(){
# $1 = variable whose value is the path (examples: "REAL_ROOT", "LUKS_KEYDEV")
# $2 = label
# $3 = optional explanations for failure
eval local oldvalue='$'${1}
[ \( $# != 2 \) -a \( $# != 3 \) ] && \
bad_msg "Bad invocation of function whereis, please file a bug \
report with this message" && exit 1
[ -n "${3}" ] && local explnt=" or : ${3}" || local explnt="."
bad_msg "Could not find the ${2} in ${oldvalue}${explnt}"
echo ' Please specify another value or: press Enter for the same, type "shell" for a shell, or "q" to skip...'
echo -n "${2}(${oldvalue}) :: "
read ${1}
case `eval echo '$'${1}` in
'q')
eval ${1}'='${oldvalue}
warn_msg "Skipping step, this will likely cause a boot failure."
break
;;
'shell')
eval ${1}'='${oldvalue}
echo "To leave and try again just press <Ctrl>+D"
run_shell
;;
'')
eval ${1}'='${oldvalue}
;;
esac
}
bind_mount_dev() { bind_mount_dev() {
# bind-mount /dev/ so that loop devices can be found # bind-mount /dev/ so that loop devices can be found
@ -354,14 +418,14 @@ bind_mount_dev() {
start_dev_mgr() { start_dev_mgr() {
# Check udev is available... # Check udev is available...
if [ "${KV_2_6_OR_GREATER}" -a ! "${USE_UDEV_NORMAL}" -eq '0' ] if [ "${KV_2_6_OR_GREATER}" -a "${USE_UDEV_NORMAL}" != '0' ]
then then
USE_UDEV_NORMAL=1 USE_UDEV_NORMAL=1
else else
USE_UDEV_NORMAL=0 USE_UDEV_NORMAL=0
fi fi
if [ "${USE_UDEV_NORMAL}" -eq '1' ] if [ "${USE_UDEV_NORMAL}" = '1' ]
then then
cd /sys cd /sys
[ "${DO_slowusb}" ] && sleep 10 [ "${DO_slowusb}" ] && sleep 10
@ -378,42 +442,6 @@ start_dev_mgr() {
fi fi
} }
bootstrapCD() {
# Locate the cdrom device with our media on it.
# CDROM DEVICES
DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
# USB Keychain/Storage
DEVICES="$DEVICES /dev/sd*"
# IDE devices
DEVICES="$DEVICES /dev/hd*"
# USB using the USB Block Driver
DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
# iSeries devices
DEVICES="$DEVICES /dev/iseries/vcd*"
# The device was specified on the command line. Shold we even be doing a
# scan at this point? I think not.
[ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"
findcdmount $DEVICES
}
bootstrapKey() {
# Locate the device with our key on it.
# USB Keychain/Storage
KEYDEVS="/dev/sd*"
# CDROM DEVICES
KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
# IDE devices
KEYDEVS="${KEYDEVS} /dev/hd*"
# USB using the USB Block Driver
KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*"
# iSeries devices
KEYDEVS="${KEYDEVs} /dev/iseries/vcd*"
findkeymount ${KEYDEVS}
}
cmdline_hwopts() { cmdline_hwopts() {
# Scan CMDLINE for any "doscsi" or "noscsi"-type arguments # Scan CMDLINE for any "doscsi" or "noscsi"-type arguments
@ -510,7 +538,7 @@ setup_keymap() {
chooseKeymap chooseKeymap
[ "${DEVBIND}" -eq '1' ] && umount /dev [ "${DEVBIND}" = '1' ] && umount /dev
if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ] if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ]
then then
@ -611,7 +639,7 @@ startVolumes() {
/sbin/mdadm --assemble /sbin/mdadm --assemble
fi fi
if [ "${USE_DMRAID_NORMAL}" -eq '1' ] if [ "${USE_DMRAID_NORMAL}" = '1' ]
then then
if [ -e '/sbin/dmraid' ] if [ -e '/sbin/dmraid' ]
then then
@ -625,7 +653,7 @@ startVolumes() {
fi fi
fi fi
if [ "${USE_LVM_NORMAL}" -eq '1' ] if [ "${USE_LVM_NORMAL}" = '1' ]
then then
if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ] if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ]
then then
@ -641,7 +669,7 @@ startVolumes() {
/bin/vgchange -ay --ignorelockingfailure 2>/dev/null /bin/vgchange -ay --ignorelockingfailure 2>/dev/null
# Disable EVMS since lvm is activated and they dont work together. # Disable EVMS since lvm is activated and they dont work together.
if [ "${USE_EVMS_NORMAL}" -eq '1' ] if [ "${USE_EVMS_NORMAL}" = '1' ]
then then
bad_msg "Disabling EVMS Support because LVM started" bad_msg "Disabling EVMS Support because LVM started"
bad_msg "Do not add dolvm to the cmdline if this is not what you want" bad_msg "Do not add dolvm to the cmdline if this is not what you want"
@ -653,7 +681,7 @@ startVolumes() {
fi fi
fi fi
if [ "${USE_EVMS_NORMAL}" -eq '1' ] if [ "${USE_EVMS_NORMAL}" = '1' ]
then then
if [ -e '/sbin/evms_activate' ] if [ -e '/sbin/evms_activate' ]
then then
@ -664,60 +692,142 @@ startVolumes() {
} }
# Open a LUKS device # Open a LUKS device
# $1 LUKS device # It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks
# $2 LUKS name # $1 - root/swap
openLUKS() { openLUKS() {
LUKS_DEVICE="$1" # please use 'tr' and this line, or remove it
LUKS_NAME="$2" # eval local TYPE=`uppercase $1`
if [ -e /sbin/cryptsetup ]
then case $1 in
while [ 1 ] root)
do local TYPE=ROOT
if [ "${LUKS_DEVICE}" = '' ] ;;
then swap)
# LUKS device could not be opened. Prompt user for device. local TYPE=SWAP
bad_msg "The LUKS ${LUKS_NAME} block device is not detected." ;;
echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..." esac
echo -n "LUKS ${LUKS_NAME}() :: "
read LUKS_DEVICE eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
continue local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
elif [ "${LUKS_DEVICE}" = 'shell' ] local mntkey="/mnt/key/" cryptsetup_options=''
[ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
while [ 1 ]
do
# if crypt_silent=1 and some error occurs, enter shell quietly
if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]
then
run_shell
elif [ ${DEV_ERROR} -eq 1 ]
then
whereis "LUKS_DEVICE" "${LUKS_NAME}"
DEV_ERROR=0
elif [ ${KEY_ERROR} -eq 1 ]
then
whereis "LUKS_KEY" "${LUKS_NAME} key"
KEY_ERROR=0
elif [ ${KEYDEV_ERROR} -eq 1 ]
then
whereis "LUKS_KEYDEV" "${LUKS_NAME} key device"
KEYDEV_ERROR=0
else
setup_md_device ${LUKS_DEVICE}
cryptsetup isLuks ${LUKS_DEVICE}
if [ ! "$?" -eq '0' ]
then then
run_shell bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT}
DEV_ERROR=1
LUKS_DEVICE=''
continue continue
elif [ "${LUKS_DEVICE}" = 'q' ]
then
break
else else
setup_md_device ${LUKS_DEVICE} # Handle keys
if cryptsetup isLuks ${LUKS_DEVICE} if [ -n "${LUKS_KEY}" ]
then then
good_msg "Opening LUKS device ${LUKS_DEVICE}" if [ ! -e "${mntkey}${LUKS_KEY}" ]
cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}
if [ ! "$?" -eq '0' ]
then then
bad_msg "Failed open LUKS device ${LUKS_DEVICE}" if [ -b "${LUKS_KEYDEV}" ]
else then good_msg "Using key device ${LUKS_KEYDEV}." ${CRYPT_SILENT}
break else
good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT}
# abort after 10 secs
local count=10
while [ ${count} -gt 0 ]
do
count=$((count-1))
sleep 1
if [ -b "${LUKS_KEYDEV}" ]
then
good_msg "Removable device ${LUKS_KEYDEV} detected." ${CRYPT_SILENT}
break
fi
done
if [ ! -b "${LUKS_KEYDEV}" ]
then
eval CRYPT_${TYPE}_KEY=${LUKS_KEY}
bootstrapKey ${TYPE}
eval LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
if [ ! -b "${LUKS_KEYDEV}" ]; then
KEYDEV_ERROR=1
bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
continue
fi
# continue otherwise will mount keydev which is mounted by bootstrap
continue
fi
fi
# At this point a device was recognized, now let's see if the key is there
[ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null
mount -n -o ro ${LUKS_KEYDEV} ${mntkey} >/dev/null 2>/dev/null
if [ "$?" != '0' ]
then
KEYDEV_ERROR=1
bad_msg "Mounting of device ${LUKS_KEYDEV} failed." ${CRYPT_SILENT}
continue
else
good_msg "Removable device ${LUKS_KEYDEV} mounted." ${CRYPT_SILENT}
sleep 2
# keyfile exists?
if [ ! -e "${mntkey}${LUKS_KEY}" ]; then
umount -n ${mntkey} 2>/dev/null >/dev/null
KEY_ERROR=1
KEYDEV_ERROR=1
bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
continue
fi
fi
fi fi
# At this point a candidate key exists (either mounted before or not)
good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
fi
# At this point, keyfile or not, we're ready!
crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
if [ $? -eq 0 ]
then
good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}
break
else else
bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT}
DEV_ERROR=1
KEY_ERROR=1
KEYDEV_ERROR=1
fi fi
fi fi
LUKS_DEVICE='' fi
done done
else umount ${mntkey} 2>/dev/null >/dev/null
bad_msg "The initrd does not support LUKS" rmdir -p ${mntkey} 2>/dev/null >/dev/null
fi
} }
startLUKS() { startLUKS() {
if [ -n "${LUKS_ROOT}" ]
then # if key is set but key device isn't, find it
openLUKS "${LUKS_ROOT}" "root"
[ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
&& sleep 6 && bootstrapKey "ROOT"
if [ -n "${CRYPT_ROOT}" ]; then
openLUKS "root"
if [ -n "${REAL_ROOT}" ] if [ -n "${REAL_ROOT}" ]
then then
# Rescan volumes # Rescan volumes
@ -726,10 +836,18 @@ startLUKS() {
REAL_ROOT="/dev/mapper/root" REAL_ROOT="/dev/mapper/root"
fi fi
fi fi
if [ -n "${LUKS_SWAP}" ]
then # same for swap, but no need to sleep if root was unencrypted
openLUKS "${LUKS_SWAP}" "swap" [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
break && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; }
if [ -n "${CRYPT_SWAP}" ]; then
openLUKS "swap"
if [ -z "${REAL_RESUME}" ]
then
# Resume from swap as default
REAL_RESUME="/dev/mapper/swap"
fi
fi fi
} }
@ -756,7 +874,7 @@ verbose_kmsg() {
cdupdate() { cdupdate() {
if [ "${CDROOT}" -eq '1' ] if [ "${CDROOT}" = '1' ]
then then
if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ] if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ]
then then
@ -802,7 +920,7 @@ rundebugshell() {
} }
setup_unionfs() { setup_unionfs() {
if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then then
# Directory used for rw changes in union mount filesystem # Directory used for rw changes in union mount filesystem
UNION=/union UNION=/union
@ -857,6 +975,13 @@ setup_unionfs() {
fi fi
} }
swsusp_resume() {
### determine swap resume partition
local device=$(ls -l "${REAL_RESUME}" | sed 's/\ */ /g' | cut -d \ -f 6-7 | sed 's/,\ */:/')
[ -f /sys/power/resume ] && echo "${device}" > /sys/power/resume
return 0
}
tuxonice_resume() { tuxonice_resume() {
[ -d /proc/suspend2 -o -d /sys/power/suspend2 -o -d /sys/power/tuxonice ] || return [ -d /proc/suspend2 -o -d /sys/power/suspend2 -o -d /sys/power/tuxonice ] || return

102
generic/linuxrc
Unescape View File

@ -44,6 +44,7 @@ CMDLINE="`cat /proc/cmdline`"
REAL_ROOT='' REAL_ROOT=''
FAKE_ROOT='' FAKE_ROOT=''
REAL_ROOTFLAGS='' REAL_ROOTFLAGS=''
CRYPT_SILENT=0
for x in ${CMDLINE} for x in ${CMDLINE}
do do
case "${x}" in case "${x}" in
@ -174,13 +175,31 @@ do
NFSROOT=`parse_opt "${x}"` NFSROOT=`parse_opt "${x}"`
;; ;;
crypt_root\=*) crypt_root\=*)
LUKS_ROOT=`parse_opt "${x}"` CRYPT_ROOT=`parse_opt "${x}"`
;; ;;
crypt_swap\=*) crypt_swap\=*)
LUKS_SWAP=`parse_opt "${x}"` CRYPT_SWAP=`parse_opt "${x}"`
;; ;;
crypt_silent\=*) root_key\=*)
LUKS_SILENT=`parse_opt "${x}"` CRYPT_ROOT_KEY=`parse_opt "${x}"`
;;
root_keydev\=*)
CRYPT_ROOT_KEYDEV=`parse_opt "${x}"`
;;
swap_key\=*)
CRYPT_SWAP_KEY=`parse_opt "${x}"`
;;
swap_keydev\=*)
CRYPT_SWAP_KEYDEV=`parse_opt "${x}"`
;;
real_resume\=*)
REAL_RESUME=`parse_opt "${x}"`
;;
noresume)
NORESUME=1
;;
crypt_silent)
CRYPT_SILENT=1
;; ;;
real_rootflags\=*) real_rootflags\=*)
REAL_ROOTFLAGS=`parse_opt "${x}"` REAL_ROOTFLAGS=`parse_opt "${x}"`
@ -203,7 +222,7 @@ if [ -d '/lib/modules' ]
then then
good_msg 'Loading modules' good_msg 'Loading modules'
# Load appropriate kernel modules # Load appropriate kernel modules
if [ "${NODETECT}" -ne '1' ] if [ "${NODETECT}" != '1' ]
then then
for modules in $MY_HWOPTS for modules in $MY_HWOPTS
do do
@ -237,7 +256,7 @@ setup_md_device
startVolumes startVolumes
# Initialize LUKS root device except for livecd's # Initialize LUKS root device except for livecd's
if [ "${CDROOT}" -ne '1' ] if [ "${CDROOT}" != 1 ]
then then
startLUKS startLUKS
fi fi
@ -246,7 +265,7 @@ fi
mkdir -p ${NEW_ROOT} mkdir -p ${NEW_ROOT}
setup_unionfs setup_unionfs
if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then then
CHROOT=${UNION} CHROOT=${UNION}
else else
@ -256,17 +275,23 @@ fi
# Run debug shell if requested # Run debug shell if requested
rundebugshell rundebugshell
tuxonice_resume if [ "${NORESUME}" != '1' ]
then
swsusp_resume
# suspend_resume
# suspend2_resume
tuxonice_resume
fi
if [ "${CDROOT}" -eq '1' ] if [ "${CDROOT}" = '1' ]
then then
if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ ! "${USE_UNIONFS_NORMAL}" = '1' ]
then then
good_msg "Making tmpfs for ${NEW_ROOT}" good_msg "Making tmpfs for ${NEW_ROOT}"
mount -t tmpfs tmpfs ${NEW_ROOT} mount -t tmpfs tmpfs ${NEW_ROOT}
fi fi
for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys
do do
mkdir -p ${NEW_ROOT}/$i mkdir -p ${NEW_ROOT}/$i
chmod 755 ${NEW_ROOT}/$i chmod 755 ${NEW_ROOT}/$i
@ -357,31 +382,17 @@ do
good_msg "Detected real_root=${ROOT_DEV}" good_msg "Detected real_root=${ROOT_DEV}"
REAL_ROOT="${ROOT_DEV}" REAL_ROOT="${ROOT_DEV}"
else else
bad_msg "Could not find root block device: ${REAL_ROOT}" whereis "REAL_ROOT" "root block device"
echo ' Please specify a device to boot, or "shell" for a shell...'
echo -n 'boot() :: '
read REAL_ROOT
got_good_root=0 got_good_root=0
continue continue
fi fi
;; ;;
esac esac
if [ "${REAL_ROOT}" = 'shell' ] if [ "${REAL_ROOT}" = '' ]
then
run_shell
REAL_ROOT=''
got_good_root=0
continue
elif [ "${REAL_ROOT}" = '' ]
then then
# No REAL_ROOT determined/specified. Prompt user for root block device. # No REAL_ROOT determined/specified. Prompt user for root block device.
bad_msg "The root block device is unspecified or not detected." whereis "REAL_ROOT" "root block device"
echo ' Please specify a device to boot, or "shell" for a shell...'
echo -n 'boot() :: '
read REAL_ROOT
got_good_root=0 got_good_root=0
# Check for a block device or /dev/nfs # Check for a block device or /dev/nfs
@ -397,7 +408,7 @@ do
done done
if [ "${CDROOT}" -eq '1' -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ] if [ "${CDROOT}" = 1 -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ]
then then
# CD already mounted; no further checks necessary # CD already mounted; no further checks necessary
break break
@ -441,7 +452,7 @@ done
#verbose_kmsg #verbose_kmsg
# If cdroot is set determine the looptype to boot # If cd root is set determine the looptype to boot
if [ "${CDROOT}" = '1' ] if [ "${CDROOT}" = '1' ]
then then
good_msg 'Determining looptype ...' good_msg 'Determining looptype ...'
@ -495,28 +506,19 @@ then
fi fi
cache_cd_contents cache_cd_contents
# If encrypted, find key and mount, otherwise mount as usual # If encrypted, find key and mount, otherwise mount as usual
if [ "${LUKS_ROOT}" != '' ] if [ -n "${CRYPT_ROOT}" ]
then then
if [ "${LUKS_SILENT}" = '' ] good_msg 'You booted an encrypted livecd' ${CRYPT_SILENT}
then
good_msg 'You booted an encrypted livecd'
fi
LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
if [ "${LUKS_ROOT_KEY}" ] CRYPT_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
then
bootstrapKey
fi
losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP} losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
test_success 'Preparing loop filesystem' test_success 'Preparing loop filesystem'
LUKS_ROOT='/dev/loop0' CRYPT_ROOT='/dev/loop0'
startLUKS startLUKS
@ -601,7 +603,7 @@ then
# End cdrom looptype determination and mounting if necessary # End cdrom looptype determination and mounting if necessary
# #
if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then then
union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION} union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION}
@ -627,7 +629,7 @@ then
fi fi
if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ "${USE_UNIONFS_NORMAL}" != '1' ]
then then
good_msg "Copying read-write image contents to tmpfs" good_msg "Copying read-write image contents to tmpfs"
# Copy over stuff that should be writable # Copy over stuff that should be writable
@ -695,7 +697,7 @@ then
sleep 10 sleep 10
fi fi
else else
if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then then
union_insert_dir ${UNION} ${NEW_ROOT} union_insert_dir ${UNION} ${NEW_ROOT}
mkdir -p ${UNION}/tmp/.initrd mkdir -p ${UNION}/tmp/.initrd
@ -717,7 +719,7 @@ verbose_kmsg
# init scripts will be able to unmount it properly at next reboot # init scripts will be able to unmount it properly at next reboot
# #
# Eventually, all "unions over /" mounts should go in that /.unions/ # Eventually, all "unions over /" mounts should go in that /.unions/
if [ "${USE_UNIONFS_NORMAL}" -eq '1' ] if [ "${USE_UNIONFS_NORMAL}" = '1' ]
then then
mkdir -p /${CHROOT}/.unions/memory 2>/dev/null mkdir -p /${CHROOT}/.unions/memory 2>/dev/null
mount -o move /memory /${CHROOT}/.unions/memory || echo '*: Failed to move unionfs /memory into the system root!' mount -o move /memory /${CHROOT}/.unions/memory || echo '*: Failed to move unionfs /memory into the system root!'
@ -737,12 +739,12 @@ then
fi fi
echo -ne "${BOLD}.${NORMAL}" echo -ne "${BOLD}.${NORMAL}"
if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" -eq '1' -a "${CDROOT}" -eq '0' ] if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" = '1' -a "${CDROOT}" = 0 ]
then then
umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!' umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!'
mount -n --move /tmp/.initrd/dev dev || echo '*: Failed to move over the /dev tree!' mount -n --move /tmp/.initrd/dev dev || echo '*: Failed to move over the /dev tree!'
rm -rf /tmp/.initrd/dev || echo '*: Failed to remove the initrd /dev!' rm -rf /tmp/.initrd/dev || echo '*: Failed to remove the initrd /dev!'
elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" -eq '1' ] elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" = '1' ]
then then
/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd /tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd
/tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin /tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin
@ -752,7 +754,7 @@ then
umount /tmp/.initrd/dev || echo '*: Failed to unmount the initrd /dev!' umount /tmp/.initrd/dev || echo '*: Failed to unmount the initrd /dev!'
umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!' umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!'
umount /tmp/.initrd/sys || echo '*: Failed to unmount the initrd /sys!' umount /tmp/.initrd/sys || echo '*: Failed to unmount the initrd /sys!'
elif /tmp/.initrd/bin/[ "${CDROOT}" -eq '1' ] elif /tmp/.initrd/bin/[ "${CDROOT}" -eq 1 ]
then then
umount /tmp/.initrd/proc || echo "*: Failed to unmount the initrd /proc!" umount /tmp/.initrd/proc || echo "*: Failed to unmount the initrd /proc!"
umount /dev 2>/dev/null umount /dev 2>/dev/null

20
genkernel.8
Unescape View File

@ -259,6 +259,26 @@ Specifies the device node of the root filesystem to mount.
This specifies the device encrypted by Luks, which contains the root This specifies the device encrypted by Luks, which contains the root
filesystem to mount. filesystem to mount.
.TP .TP
\fBcrypt_swap=\fR<...>
This specifies the swap device encrypted by Luks.
.TP
\fBroot_key=\fR<...>
In case your root is encrypted with a key, you can use a device like a usb pen to store the key.
This value should be the key path relative to the mount point.
.TP
\fBroot_keydev=\fR<...>
If necessary provide the name of the device that carries the root_key.
If unset while using root_key, it will automatically look for the device in every boot.
.TP
\fBswap_key=\fR<...>
Same as root_key for swap.
.TP
\fBswap_keydev=\fR<...>
Same as root_keydev for swap.
.TP
\fBcrypt_silent\fR
Set this to silent all the output related to the cryptographic software, and in case your encrypted device isn't open with the key, it opens a shell in the initrd quietly.
.TP
\fBdodmraid=\fR<...> \fBdodmraid=\fR<...>
Passes arguments to dmraid on bootup. Passes arguments to dmraid on bootup.
.TP .TP

Write Preview
Loading…
Cancel
Save