X-Git-Url: http://git.grml.org/?a=blobdiff_plain;f=scripts%2Flive-helpers;h=31093563f1404c83b7b397ef1aa2292d1aba8054;hb=9eb2933053120a89ac5c332a45e989379b8f8ad1;hp=bbed9097aa2d3cd1c6803dd4de9a5ffb49b12a62;hpb=d8df882369aad68caf3ac39692e2196e932ef15b;p=live-boot-grml.git diff --git a/scripts/live-helpers b/scripts/live-helpers index bbed909..3109356 100644 --- a/scripts/live-helpers +++ b/scripts/live-helpers @@ -46,9 +46,9 @@ storage_devices() do fulldevname=$(sys2dev "${sysblock}") - if echo "${black_listed_devices}" | grep -qw "${fulldevname}" || \ + if echo "${black_listed_devices}" | grep -qe "\<${fulldevname}\>" || \ [ -n "${white_listed_devices}" ] && \ - echo "${white_listed_devices}" | grep -vqw "${fulldevname}" + echo "${white_listed_devices}" | grep -qve "\<${fulldevname}\>" then # skip this device entirely continue @@ -58,7 +58,7 @@ storage_devices() do devname=$(sys2dev "${dev}") - if echo "${black_listed_devices}" | grep -qw "${devname}" + if echo "${black_listed_devices}" | grep -qe "\<${devname}\>" then # skip this subdevice continue @@ -311,6 +311,41 @@ try_mount () fi } +open_luks_device () +{ + dev="${1}" + name="$(basename ${dev})" + opts="--key-file=-" + if [ -n "${PERSISTENT_READONLY}" ] + then + opts="${opts} --readonly" + fi + + load_keymap + + while true + do + /lib/cryptsetup/askpass "Enter passphrase for ${dev}: " | \ + /sbin/cryptsetup -T 1 luksOpen ${dev} ${name} ${opts} + + if [ 0 -eq ${?} ] + then + luks_device="/dev/mapper/${name}" + echo ${luks_device} + return 0 + fi + + echo >&6 + echo -n "There was an error decrypting ${dev} ... Retry? [Y/n] " >&6 + read answer + + if [ "$(echo "${answer}" | cut -b1 | tr A-Z a-z)" = "n" ] + then + return 2 + fi + done +} + find_persistent_media () { # Scans devices for overlays and snapshots, and returns a whitespace @@ -344,51 +379,23 @@ find_persistent_media () luks_device="" # Checking for a luks device - if [ "${PERSISTENT_ENCRYPTION}" = "luks" ] && [ -e /sbin/cryptsetup ] + if echo ${PERSISTENT_ENCRYPTION} | grep -qe "\" && \ + /sbin/cryptsetup isLuks ${dev} then - if ! modprobe dm-crypt + if luks_device=$(open_luks_device "${dev}") then - log_warning_msg "Unable to load module dm-crypt" - continue - fi - - if [ ! -x /lib/cryptsetup/askpass ] || [ ! -x /sbin/cryptsetup ] - then - log_warning_msg "cryptsetup in unavailable" - continue - fi - - if ! /sbin/cryptsetup isLuks ${dev} - then - # skip device since we strictly want luks devices + dev="${luks_device}" + else + # skip $dev since we failed/chose not to open it continue fi - - load_keymap - - while true - do - /lib/cryptsetup/askpass "Enter passphrase for ${dev}: " | /sbin/cryptsetup -T 1 luksOpen ${dev} $(basename ${dev}) --key-file=- - - if [ 0 -eq ${?} ] - then - luks_device="/dev/mapper/$(basename ${dev})" - dev="${luks_device}" - break - fi - - echo >&6 - echo -n "There was an error decrypting ${dev} ... Retry? [Y/n] " >&6 - read answer - - if [ "$(echo "${answer}" | cut -b1 | tr A-Z a-z)" = "n" ] - then - break - fi - done + elif echo ${PERSISTENT_ENCRYPTION} | grep -qve "\" + then + # skip $dev since we don't allow unencrypted storage + continue fi - if echo ${PERSISTENT_STORAGE} | grep -qw filesystem + if echo ${PERSISTENT_STORAGE} | grep -qe "\" then for label in ${overlays} ${snapshots} do @@ -403,7 +410,7 @@ find_persistent_media () done fi - if echo ${PERSISTENT_STORAGE} | grep -qw file + if echo ${PERSISTENT_STORAGE} | grep -qe "\" then devfstype="$(get_fstype ${dev})" overlay_on_dev=""