local snapshots="${2}"
local dev="${3}"
- if ! is_gpt_device ${dev} || \
- ( echo ${PERSISTENT_ENCRYPTION} | grep -qve "\<luks\>" && \
- /sbin/cryptsetup isLuks ${dev} > /dev/null 2>&1 )
+ local gpt_dev="${dev}"
+ if is_active_luks_mapping ${dev}
+ then
+ # if $dev is an opened luks device, we need to check
+ # GPT stuff on the backing device
+ gpt_dev=$(get_luks_backing_device "${dev}")
+ fi
+
+ if ! is_gpt_device ${gpt_dev}
then
return
fi
+
+ local gpt_name=$(get_gpt_name ${gpt_dev})
for label in ${overlays} ${snapshots}
do
- if [ "$(get_gpt_name ${dev})" = "${label}" ]
+ if [ "${gpt_name}" = "${label}" ]
then
echo "${label}=${dev}"
fi
do
local result=""
- local real_dev=""
local luks_device=""
# Check if it's a luks device; we'll have to open the device
# in order to probe any filesystem it contains, like we do
# below. do_custom_mounts() also depends on that any luks
# device already has been opened.
if echo ${PERSISTENT_ENCRYPTION} | grep -qe "\<luks\>" && \
- /sbin/cryptsetup isLuks ${dev} >/dev/null 2>&1
+ is_luks_partition ${dev}
then
if luks_device=$(open_luks_device "${dev}")
then
- real_dev="${dev}"
dev="${luks_device}"
else
# skip $dev since we failed/chose not to open it
# Probe for matching GPT partition names or filesystem labels
if echo ${PERSISTENT_STORAGE} | grep -qe "\<filesystem\>"
then
- local gpt_dev="${dev}"
- if [ -n "${luks_device}" ]
- then
- # When we probe GPT partitions we need to look
- # at the real device, not the virtual, opened
- # luks device
- gpt_dev="${real_dev}"
- fi
- result=$(probe_for_gpt_name "${overlays}" "${snapshots}" ${gpt_dev})
+ result=$(probe_for_gpt_name "${overlays}" "${snapshots}" ${dev})
if [ -n "${result}" ]
then
ret="${ret} ${result}"
# Close luks device if it isn't used
if [ -z "${result}" ] && [ -n "${luks_device}" ] && \
- /sbin/cryptsetup status "${luks_device}" 1> /dev/null 2>&1
+ is_active_luks_mapping "${luks_device}"
then
/sbin/cryptsetup luksClose "${luks_device}"
fi
echo ${mac}
}
-is_luks()
+is_luks_partition ()
{
- devname="${1}"
- if [ -x /sbin/cryptsetup ]
- then
- /sbin/cryptsetup isLuks "${devname}" 2>/dev/null || ret=${?}
- return ${ret}
- else
- return 1
- fi
+ device="${1}"
+ /sbin/cryptsetup isLuks "${device}" 1>/dev/null 2>&1
+}
+is_active_luks_mapping ()
+{
+ device="${1}"
+ /sbin/cryptsetup status "${device}" 1>/dev/null 2>&1
+}
+
+get_luks_backing_device () {
+ device=${1}
+ cryptsetup status ${device} 2> /dev/null | \
+ awk '{if ($1 == "device:") print $2}'
}
removable_dev ()
# Side-effect: leaves $devices with live.persist mounted in ${rootmnt}/live/persistent
# Side-effect: prints info to file $custom_mounts
- local devices="${1}"
- local custom_mounts="${2}" # print result to this file
+ local custom_mounts=${1}
+ shift
+ local devices=${@}
local bindings="/tmp/bindings.list"
local links="/tmp/links.list"
continue
fi
- if echo ${dest} | grep -qe "^[^/]"
+ if [ -z "${dest}" ]
then
- options="${dest}"
dest="${source}"
- elif [ -z "${dest}" ]
+ fi
+
+ if trim_path ${source} | grep -q -e "^[^/]" -e "^\(.*/\)\?\.\.\?\(/.*\)\?$"
then
- dest="${source}"
+ log_warning_msg "Skipping unsafe custom mount with source ${source}: the source must be an absolute path w.r.t. the persistent media root and cannot contain \".\" or \"..\""
+ continue
fi
- if echo ${dest} | grep -qe "^/\+$\|^/\+live\(/.*\)\?$"
+ if trim_path ${dest} | grep -q -e "^[^/]" -e "^/$" -e "^/live\(/.*\)\?$" -e "^/\(.*/\)\?\.\.\?\(/.*\)\?$"
then
- # mounting on / or /live could cause trouble
- log_warning_msg "Skipping unsafe custom mount on ${dest}"
+ log_warning_msg "Skipping unsafe custom mount with desination ${dest}: the destination must be an absolute path containing neither \".\" nor \"..\", and cannot be /live (or any sub-directory therein) or / (for the latter, use ${root_overlay_label}-type persistence instead)"
continue
fi
done
# ensure that no multiple-/ occur in paths
- local full_source="$(echo ${backing}/${source}/ | sed -e 's|/\+|/|g')"
- local full_dest="$(echo ${rootmnt}/${dest}/ | sed -e 's|/\+|/|g')"
+ local full_source="$(trim_path ${backing}/${source})"
+ local full_dest="$(trim_path ${rootmnt}/${dest})"
device_used="yes"
if echo ${options} | grep -qe "\<linkfiles\>";
then
# FIXME: this should really be handled by
# live-config since we don't know for sure
# which uid a certain user has until then
- if echo ${dest} | grep -qe "^${rootmnt}/*home/\+[^/]\+"
+ if trim_path ${dest} | grep -qe "^${rootmnt}/*home/[^/]\+"
then
path="/"
for dir in $(echo ${dest} | sed -e 's|/\+| |g')
cow_dir="/live/cow/${dest}"
fi
mkdir -p ${cow_dir}
+ chown --reference "${source}" "${cow_dir}"
+ chmod --reference "${source}" "${cow_dir}"
do_union ${dest} ${cow_dir} ${source} ${rofs_dest_backing}
fi
if [ ! -r "${include_list}" ]
then
echo "# home-rw backwards compatibility:
-. /home" > "${include_list}"
+/ /home" > "${include_list}"
fi
}