From e4426f1a803747f4beee7d938bc26ba85a202d84 Mon Sep 17 00:00:00 2001 From: Fabio Erculiani Date: Thu, 17 Oct 2013 20:08:12 +0200 Subject: [PATCH] 00-crypt.sh: improve support for crypt over LVM and LVM over crypt, add swap support --- defaults/initrd.d/00-crypt.sh | 50 ++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/defaults/initrd.d/00-crypt.sh b/defaults/initrd.d/00-crypt.sh index d18fb38..745b9c1 100755 --- a/defaults/initrd.d/00-crypt.sh +++ b/defaults/initrd.d/00-crypt.sh @@ -37,20 +37,12 @@ _open_luks() { ;; esac - local LUKS_NAME="${1}" - # do not force the link to /dev/mapper/root - # but rather use the value from root=, which is - # in ${REAL_ROOT} - if [ "${LUKS_NAME}" = "root" ]; then - if echo "${REAL_ROOT}" | grep -q "^/dev/mapper/"; then - LUKS_NAME="$(basename ${REAL_ROOT})" - fi - fi eval local LUKS_DEVICE='"${CRYPT_'${ltype}'}"' eval local LUKS_KEY='"${CRYPT_'${ltype}'_KEY}"' eval local LUKS_KEYDEV='"${CRYPT_'${ltype}'_KEYDEV}"' eval local LUKS_TRIM='"${CRYPT_'${ltype}'_TRIM}"' + local LUKS_NAME="${1}" local dev_error=0 key_error=0 keydev_error=0 local mntkey="/mnt/key/" cryptsetup_opts="" @@ -65,6 +57,23 @@ _open_luks() { local gpg_cmd="" exit_st=1 + # do not force the link to /dev/mapper/root + # but rather use the value from root=, which is + # in ${REAL_ROOT} + local luks_dev_name=$(basename "${LUKS_DEVICE}") + local real_dev= + local luks_name_prefix= + if [ "${ltype}" = "ROOT" ]; then + real_dev="${REAL_ROOT}" + elif [ "${ltype}" = "SWAP" ]; then + real_dev="${REAL_RESUME}" + fi + if echo "${real_dev}" | grep -q "^/dev/mapper/"; then + # If we use LVM + cryptsetup, we may have collisions between + # the two inside /dev/mapper. So, make up a way to avoid them. + LUKS_NAME="${LUKS_NAME}_${luks_dev_name}-$(basename ${real_dev})" + fi + # if crypt_silent=1 and some error occurs, bail out. local any_error= [ "${dev_error}" = "1" ] && any_error=1 @@ -202,8 +211,20 @@ _open_luks() { && mv /dev/tty.org /dev/tty if [ "${ret}" = "0" ]; then - good_msg "LUKS device ${LUKS_DEVICE} opened" exit_st=0 + good_msg "LUKS device ${LUKS_DEVICE} opened" + + # This is fine if the crypt device is a physical device + # like /dev/sdaX, however, if we have cryptsetup inside + # LVM, we must tweak REAL_ROOT if there is no device node. + start_volumes # this should create /dev/mapper links + if echo "${real_dev}" | grep -q "^/dev/mapper/"; then + if [ ! -e "${real_dev}" ]; then + good_msg "Creating symlink for ${LUKS_NAME} to ${real_dev}" + ln -s "${LUKS_NAME}" "${real_dev}" || exit_st=1 + fi + fi + break fi @@ -233,8 +254,6 @@ start_luks() { # and user must have it as well. [ -z "${REAL_ROOT}" ] && REAL_ROOT="/dev/mapper/root" fi - # Always rescan volumes - start_volumes fi # TODO(lxnay): this sleep 6 thing is hurting my eyes sooooo much. @@ -243,10 +262,9 @@ start_luks() { && { [ -z "${CRYPT_ROOT}" ] && sleep 6; _bootstrap_key "SWAP"; } if [ -n "${CRYPT_SWAP}" ]; then - _open_luks "swap" - if [ -z "${REAL_RESUME}" ]; then - # Resume from swap as default - REAL_RESUME="/dev/mapper/swap" + if _open_luks "swap"; then + # force REAL_RESUME= to some value if not set + [ -z "${REAL_RESUME}" ] && REAL_RESUME="/dev/mapper/swap" fi fi }