apply LUKS key patch from bug 162962 from Nelson Batalha <nelson_batalha@hotmail...
authorAndrew Gaffney <agaffney@gentoo.org>
Sun, 23 Dec 2007 22:44:50 +0000 (22:44 +0000)
committerAndrew Gaffney <agaffney@gentoo.org>
Sun, 23 Dec 2007 22:44:50 +0000 (22:44 +0000)
git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@573 67a159dc-881f-0410-a524-ba9dfbe2cb84

ChangeLog
generic/initrd.scripts
generic/linuxrc
genkernel.8

index 82cbe81651c4eac634e637a6f82e9cd59857f71e..1315bf15dc597864dd84524bf3cc322a8ad85e00 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@
 # Copyright 2006-2007 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+  23 Dec 2007; Andrew Gaffney <agaffney@gentoo.org> generic/initrd.scripts,
+  generic/linuxrc, genkernel.8:
+  apply LUKS key patch from bug 162962 from Nelson Batalha
+  <nelson_batalha@hotmail.com>
+
   14 Dec 2007; Andrew Gaffney <agaffney@gentoo.org> generic/linuxrc:
   fix text bolding on serial console for bug 202266 thanks to Michael Hordijk
   <hoffbrinkle@hotmail.com>
index 1e3bf993d311c24f202473754014450d67a415a6..e6649b881fbf95856752182a08ecd10130c18314 100644 (file)
@@ -37,9 +37,9 @@ modules_load() {
 
 modules_scan() {
        local MODS
-       [ -d /etc/modules/${1} ] || touch /etc/modules/${1}
+       [ -d "/etc/modules/${1}" ] || touch /etc/modules/${1}
 
-       [ -f /etc/modules/${1} ] && MODS=`cat /etc/modules/${1}`
+       [ -f "/etc/modules/${1}" ] && MODS=`cat /etc/modules/${1}`
        for x in ${MODS}
        do
                MLOAD=`echo ${MLIST} | sed -e "s/.*${x}.*/${x}/"`
@@ -63,82 +63,96 @@ modules_scan() {
        done
 }
 
-findcdmount() {
+uppercase(){
+       # needs tr on busybox
+       echo $1 | tr 'a-z' 'A-Z'
+}
+
+
+findmediamount() {
+       # $1 = mount dir name / media name
+       # $2 = recognition file
+       # $3 = variable to have the device path
+       # $4 = directory before /mnt, like NEW_ROOT
+       # args remaining are possible devices 
+
+       local media=$1 recon=$2 vrbl=$3
+       local mntdir="${4}/mnt/${media}"
+       shift 4
+
+       good_msg "Looking for the ${media}" ${CRYPT_SILENT}
+
        if [ "$#" -gt "0" ]
        then
+
+               [ ! -d "${mntdir}" ] && mkdir -p ${mntdir} 2>/dev/null >/dev/null
+
                for x in $*
                do
                        # Check for a block device to mount
                        if [ -b "${x}" ]
                        then
-                               good_msg "Attempting to mount media:- ${x}"
-                               if [ -z "${CDROOT_DEV}" ]
-                               then
-                                       mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom \
-                                               > /dev/null 2>&1
+                               good_msg "Attempting to mount media:- ${x}" ${CRYPT_SILENT}
+       
+                               if [ -n "${CDROOT_DEV}" -a \( ${media}="cdrom" \) ]; then
+                                       mount -r -t auto ${x} ${NEW_ROOT}/mnt/cdrom >/dev/null 2>&1
                                else
-                                       mount -r -t iso9660 ${x} ${NEW_ROOT}/mnt/cdrom \
-                                               > /dev/null 2>&1
-                               fi
+                                       mount -r -t auto ${x} ${mntdir} >/dev/null 2>&1
+                               fi                              
                                if [ "$?" = '0' ]
                                then
-                                       # Check for a LiveCD
-                                       if [ -f ${NEW_ROOT}/mnt/cdrom/${SUBDIR}/livecd ]
+                                       # Check for the media
+                                       if [ -f "${mntdir}/${recon}" ]
                                        then
-                                               REAL_ROOT="${x}"
+                                               #set REAL_ROOT, CRYPT_ROOT_KEYDEV or whatever ${vrbl} is
+                                               eval ${vrbl}'='"${x}"
+                                               good_msg "Media found on ${x}" ${CRYPT_SILENT}
                                                break
                                        else
-                                               umount ${NEW_ROOT}/mnt/cdrom
+                                               umount ${mntdir}
                                        fi
                                fi
                        fi
                done
-               if [ "${REAL_ROOT}" != '' ]
-               then
-                       good_msg "Media found on ${x}"
-               fi
        fi
+
+       eval local result='$'${vrbl}
+
+       [ -n "${result}" ] || bad_msg "Media not found" ${CRYPT_SILENT}
 }
 
-findkeymount() {
-        if [ "$#" -gt "0" ]
-        then
-                for x in $*
-                do
-                        # Check for a block device to mount
-                        if [ -b "${x}" ]
-                        then
-                               if [ ${crypt_silent} = '' ]
-                               then
-                                       good_msg "Attempting to mount key media:- ${x}"
-                               fi
+devicelist(){
+       # Locate the cdrom device with our media on it.
+       # CDROM DEVICES
+       local DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
+       # USB Keychain/Storage
+       DEVICES="$DEVICES /dev/sd*"
+       # IDE devices
+       DEVICES="$DEVICES /dev/hd*"
+       # USB using the USB Block Driver
+       DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
+       # iSeries devices
+       DEVICES="$DEVICES /dev/iseries/vcd*"
+       echo ${DEVICES}
+}
 
-                                mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \
-                                                > /dev/null 2>&1
-                                if [ "$?" = '0' ]
-                                then
-                                        # Check for the key
-                                        if [ -e ${NEW_ROOT}/mnt/keydev/${LUKS_ROOT_KEY} ]
-                                        then
-                                                LUKS_ROOT_KEYDEV="${x}"
-                                               umount ${NEW_ROOT}/mnt/keydev
-                                                break
-                                        else
-                                                umount ${NEW_ROOT}/mnt/keydev
-                                        fi
-                                fi
-                        fi
-                done
-                if [ "${LUKS_ROOT_KEYDEV}" != '' ]
-                then
-                       if [ ${crypt_silent} = '' ]
-                       then
-                               good_msg "Key media found on ${x}"
-                       fi
-                fi
-        fi
+bootstrapCD() {
+       
+       local DEVICES=`devicelist`
+       # The device was specified on the command line.  Shold we even be doing a
+       # scan at this point?  I think not.
+       [ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"
+
+       findmediamount "cdrom" "${SUBDIR}/livecd" "REAL_ROOT" "${NEW_ROOT}" ${DEVICES}
 }
 
+bootstrapKey() {
+       # $1 = ROOT/SWAP
+       local KEYDEVS=`devicelist`
+       eval local keyloc='"${CRYPT_'${1}'_KEY}"'
+
+       findmediamount "key" "${keyloc}" "CRYPT_${1}_KEYDEV" "" ${KEYDEVS}
+}
 
 cache_cd_contents() {
        # Check loop file exists and cache to ramdisk if DO_cache is enabled
@@ -328,24 +342,74 @@ test_success() {
        fi
 }
 
-good_msg() {
+
+# msg functions arguments
+# $1 string
+# $2 hide flag
+
+good_msg() {   
        msg_string=$1
        msg_string="${msg_string:-...}"
-       echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
+       [ "$2" != 1 ] && echo -e "${GOOD}>>${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
 }
 
 bad_msg() {
        msg_string=$1
        msg_string="${msg_string:-...}"
-       splash 'verbose' > /dev/null &
-       echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
+       if [ "$2" != 1 ]
+       then
+               splash 'verbose' > /dev/null &
+               echo -e "${BAD}!!${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
+       fi
 } 
 
 warn_msg() {
        msg_string=$1
        msg_string="${msg_string:-...}"
-       echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
-} 
+       [ "$2" != 1 ] && echo -e "${WARN}**${NORMAL}${BOLD} ${msg_string} ${NORMAL}"
+}
+
+crypt_filter() {
+       if [ ${CRYPT_SILENT} -eq 1 ]
+       then
+               eval $1 >/dev/null 2>/dev/null
+       else
+               eval $1
+       fi
+}
+
+whereis(){
+       # $1 = variable whose value is the path (examples: "REAL_ROOT", "LUKS_KEYDEV")
+       # $2 = label
+       # $3 = optional explanations for failure
+
+       eval local oldvalue='$'${1}
+
+       [ \( $# != 2 \) -a \( $# != 3 \) ] && \
+               bad_msg "Bad invocation of function whereis, please file a bug \
+               report with this message" && exit 1
+       [ -n "${3}" ] && local explnt=" or : ${3}" || local explnt="."
+       
+       bad_msg "Could not find the ${2} in ${oldvalue}${explnt}"
+       echo '   Please specify another value or: press Enter for the same, type "shell" for a shell, or "q" to skip...'
+       echo -n "${2}(${oldvalue}) :: "
+       read ${1}
+       case `eval echo '$'${1}` in
+               'q')
+                       eval ${1}'='${oldvalue}
+                       warn_msg "Skipping step, this will likely cause a boot failure."
+                       break
+                       ;;
+               'shell')
+                       eval ${1}'='${oldvalue}
+                       echo "To leave and try again just press <Ctrl>+D"
+                       run_shell
+                       ;;
+               '')
+                       eval ${1}'='${oldvalue}
+                       ;;
+       esac
+}
 
 bind_mount_dev() {
        # bind-mount /dev/ so that loop devices can be found
@@ -354,14 +418,14 @@ bind_mount_dev() {
 
 start_dev_mgr() {
        # Check udev is available...
-       if [ "${KV_2_6_OR_GREATER}" -a ! "${USE_UDEV_NORMAL}" -eq '0' ]
+       if [ "${KV_2_6_OR_GREATER}" -a "${USE_UDEV_NORMAL}" != '0' ]
        then
                USE_UDEV_NORMAL=1
        else
                USE_UDEV_NORMAL=0
        fi
 
-       if [ "${USE_UDEV_NORMAL}" -eq '1' ]
+       if [ "${USE_UDEV_NORMAL}" = '1' ]
        then
                cd /sys
                [ "${DO_slowusb}" ] && sleep 10
@@ -378,42 +442,6 @@ start_dev_mgr() {
        fi
 }
 
-bootstrapCD() {
-       # Locate the cdrom device with our media on it.
-       # CDROM DEVICES
-       DEVICES="/dev/cdroms/* /dev/ide/cd/* /dev/sr*"
-       # USB Keychain/Storage
-       DEVICES="$DEVICES /dev/sd*"
-       # IDE devices
-       DEVICES="$DEVICES /dev/hd*"
-       # USB using the USB Block Driver
-       DEVICES="$DEVICES /dev/ubd* /dev/ubd/*"
-       # iSeries devices
-       DEVICES="$DEVICES /dev/iseries/vcd*"
-       # The device was specified on the command line.  Shold we even be doing a
-       # scan at this point?  I think not.
-       [ -n "${CDROOT_DEV}" ] && DEVICES="$DEVICES ${CDROOT_DEV}"
-
-       findcdmount $DEVICES
-}
-
-bootstrapKey() {
-        # Locate the device with our key on it.
-        # USB Keychain/Storage
-        KEYDEVS="/dev/sd*"
-        # CDROM DEVICES
-        KEYDEVS="${KEYDEVS} /dev/cdroms/* /dev/ide/cd/* /dev/sr*"
-        # IDE devices
-        KEYDEVS="${KEYDEVS} /dev/hd*"
-        # USB using the USB Block Driver
-        KEYDEVS="${KEYDEVS} /dev/ubd* /dev/ubd/*"
-        # iSeries devices
-        KEYDEVS="${KEYDEVs} /dev/iseries/vcd*"
-
-        findkeymount ${KEYDEVS}
-}
-
-
 cmdline_hwopts() {
        # Scan CMDLINE for any "doscsi" or "noscsi"-type arguments
        
@@ -510,7 +538,7 @@ setup_keymap() {
 
                chooseKeymap
 
-               [ "${DEVBIND}" -eq '1' ] && umount /dev
+               [ "${DEVBIND}" = '1' ] && umount /dev
                
                if [ -e /etc/sysconfig/keyboard -a "${CDROOT}" -eq '1' ]
                then
@@ -611,7 +639,7 @@ startVolumes() {
                /sbin/mdadm --assemble
        fi
 
-       if [ "${USE_DMRAID_NORMAL}" -eq '1' ]
+       if [ "${USE_DMRAID_NORMAL}" = '1' ]
        then
                if [ -e '/sbin/dmraid' ]
                then
@@ -625,7 +653,7 @@ startVolumes() {
                fi
        fi
 
-       if [ "${USE_LVM_NORMAL}" -eq '1' ]
+       if [ "${USE_LVM_NORMAL}" = '1' ]
        then
                if [ -e '/bin/vgscan' -a -e '/bin/vgchange' ]
                then
@@ -641,7 +669,7 @@ startVolumes() {
                        /bin/vgchange -ay --ignorelockingfailure 2>/dev/null
 
                        # Disable EVMS since lvm is activated and they dont work together.
-                       if [ "${USE_EVMS_NORMAL}" -eq '1' ]
+                       if [ "${USE_EVMS_NORMAL}" = '1' ]
                        then
                                bad_msg "Disabling EVMS Support because LVM started"
                                bad_msg "Do not add dolvm to the cmdline if this is not what you want"
@@ -653,7 +681,7 @@ startVolumes() {
                fi
        fi
 
-       if [ "${USE_EVMS_NORMAL}" -eq '1' ]
+       if [ "${USE_EVMS_NORMAL}" = '1' ]
        then
                if [ -e '/sbin/evms_activate' ]
                then
@@ -664,60 +692,142 @@ startVolumes() {
 }
 
 # Open a LUKS device
-# $1 LUKS device
-# $2 LUKS name
+# It is either the root or a swap, other devices are supported in the scripts provided with sys-fs/cryptsetup-luks
+# $1 - root/swap
 openLUKS() {
-       LUKS_DEVICE="$1"
-       LUKS_NAME="$2"
-       if [ -e /sbin/cryptsetup ]
-       then
-               while [ 1 ]
-               do
-                       if [ "${LUKS_DEVICE}" = '' ]
-                       then
-                               # LUKS device could not be opened. Prompt user for device.
-                               bad_msg "The LUKS ${LUKS_NAME} block device is not detected."
-                               echo "   Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."
-                               echo -n "LUKS ${LUKS_NAME}() :: "
-                               read LUKS_DEVICE
-                               continue
-                       elif [ "${LUKS_DEVICE}" = 'shell' ]
+       # please use 'tr' and this line, or remove it
+       # eval local TYPE=`uppercase $1`
+
+       case $1 in
+               root)
+                       local TYPE=ROOT
+                       ;;
+               swap)
+                       local TYPE=SWAP
+                       ;;
+       esac
+
+       eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
+       local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
+       local mntkey="/mnt/key/" cryptsetup_options=''
+
+       [ ! -e /sbin/cryptsetup ] && bad_msg "The initrd does not support LUKS" && exit 1
+       while [ 1 ]
+       do
+               # if crypt_silent=1 and some error occurs, enter shell quietly
+               if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ]
+               then
+                       run_shell
+               elif [ ${DEV_ERROR} -eq 1 ]
+               then
+                       whereis "LUKS_DEVICE" "${LUKS_NAME}"
+                       DEV_ERROR=0
+               elif [ ${KEY_ERROR} -eq 1 ]
+               then
+                       whereis "LUKS_KEY" "${LUKS_NAME} key"
+                       KEY_ERROR=0
+               elif [ ${KEYDEV_ERROR} -eq 1 ]
+               then
+                       whereis "LUKS_KEYDEV" "${LUKS_NAME} key device"
+                       KEYDEV_ERROR=0
+               else
+                       setup_md_device ${LUKS_DEVICE}
+                       cryptsetup isLuks ${LUKS_DEVICE}
+                       if [ ! "$?" -eq '0' ]
                        then
-                               run_shell
-                               
-                               LUKS_DEVICE=''
+                               bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT}
+                               DEV_ERROR=1
                                continue
-                       elif [ "${LUKS_DEVICE}" = 'q' ]
-                       then
-                               break
                        else
-                               setup_md_device ${LUKS_DEVICE}
-                               if cryptsetup isLuks ${LUKS_DEVICE}
+                               # Handle keys
+                               if [ -n "${LUKS_KEY}" ] 
                                then
-                                       good_msg "Opening LUKS device ${LUKS_DEVICE}"
-                                       
-                                       cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}
-                                       if [ ! "$?" -eq '0' ]
+                                       if [ ! -e "${mntkey}${LUKS_KEY}" ] 
                                        then
-                                               bad_msg "Failed open LUKS device ${LUKS_DEVICE}"
-                                       else
-                                               break
+                                               if [ -b "${LUKS_KEYDEV}" ]
+                                               then good_msg "Using key device ${LUKS_KEYDEV}." ${CRYPT_SILENT}
+                                               else
+                                                       good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT}
+                                                       # abort after 10 secs
+                                                       local count=10
+                                                       while [ ${count} -gt 0 ]
+                                                       do 
+                                                               count=$((count-1))
+                                                               sleep 1
+                                                               if [ -b "${LUKS_KEYDEV}" ]
+                                                               then
+                                                                       good_msg "Removable device ${LUKS_KEYDEV} detected." ${CRYPT_SILENT}
+                                                                       break
+                                                               fi
+                                                       done
+                                                       if [ ! -b "${LUKS_KEYDEV}" ]
+                                                       then
+                                                               eval CRYPT_${TYPE}_KEY=${LUKS_KEY}
+                                                               bootstrapKey ${TYPE}
+                                                               eval LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
+                                                               if [ ! -b "${LUKS_KEYDEV}" ]; then
+                                                                       KEYDEV_ERROR=1
+                                                                       bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
+                                                                       continue
+                                                               fi
+                                                               # continue otherwise will mount keydev which is mounted by bootstrap
+                                                               continue
+                                                       fi
+                                               fi
+                                               # At this point a device was recognized, now let's see if the key is there
+                                               [ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null
+
+                                               mount -n -o ro ${LUKS_KEYDEV} ${mntkey} >/dev/null 2>/dev/null
+                                               if [ "$?" != '0' ]
+                                               then
+                                                       KEYDEV_ERROR=1
+                                                       bad_msg "Mounting of device ${LUKS_KEYDEV} failed." ${CRYPT_SILENT}
+                                                       continue
+                                               else
+                                                       good_msg "Removable device ${LUKS_KEYDEV} mounted." ${CRYPT_SILENT}
+                                                       sleep 2
+                                                       # keyfile exists?
+                                                       if [ ! -e "${mntkey}${LUKS_KEY}" ]; then
+                                                               umount -n ${mntkey} 2>/dev/null >/dev/null
+                                                               KEY_ERROR=1
+                                                               KEYDEV_ERROR=1
+                                                               bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT}
+                                                               continue
+                                                       fi
+                                               fi
                                        fi
+                                       # At this point a candidate key exists (either mounted before or not)
+                                       good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT}
+                                       cryptsetup_options="-d ${mntkey}${LUKS_KEY}"
+                               fi
+                               # At this point, keyfile or not, we're ready!
+                               crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}"
+                               if [ $? -eq 0 ]
+                               then
+                                       good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT}
+                                       break
                                else
-                                       bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header"
+                                       bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT}
+                                       DEV_ERROR=1
+                                       KEY_ERROR=1
+                                       KEYDEV_ERROR=1
                                fi
                        fi
-                       LUKS_DEVICE=''
-               done
-       else
-               bad_msg "The initrd does not support LUKS"
-       fi
+               fi
+       done
+       umount ${mntkey} 2>/dev/null >/dev/null
+       rmdir -p ${mntkey} 2>/dev/null >/dev/null
 }
 
 startLUKS() {
-       if [ -n "${LUKS_ROOT}" ]
-       then
-               openLUKS "${LUKS_ROOT}" "root" 
+
+       # if key is set but key device isn't, find it
+       
+       [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \
+               && sleep 6 && bootstrapKey "ROOT"
+
+       if [ -n "${CRYPT_ROOT}" ]; then
+               openLUKS "root"
                if [ -n "${REAL_ROOT}" ]
                then
                        # Rescan volumes
@@ -726,10 +836,18 @@ startLUKS() {
                        REAL_ROOT="/dev/mapper/root"
                fi
        fi
-       if [ -n "${LUKS_SWAP}" ]
-       then
-               openLUKS "${LUKS_SWAP}" "swap" 
-               break
+
+       # same for swap, but no need to sleep if root was unencrypted
+       [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \
+               && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; }
+
+       if [ -n "${CRYPT_SWAP}" ]; then
+               openLUKS "swap"
+               if [ -z "${REAL_RESUME}" ]
+               then
+                       # Resume from swap as default
+                       REAL_RESUME="/dev/mapper/swap"
+               fi
        fi
 }
 
@@ -756,7 +874,7 @@ verbose_kmsg() {
 
 
 cdupdate() {
-       if [ "${CDROOT}" -eq '1' ]
+       if [ "${CDROOT}" = '1' ]
        then
                if [ -x /${NEW_ROOT}/mnt/cdrom/cdupdate.sh ]
                then
@@ -802,7 +920,7 @@ rundebugshell() {
 }
 
 setup_unionfs() {
-       if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]
+       if [ "${USE_UNIONFS_NORMAL}" = '1' ]
        then
                # Directory used for rw changes in union mount filesystem
                UNION=/union
@@ -857,6 +975,13 @@ setup_unionfs() {
        fi
 }
 
+swsusp_resume() {
+       ### determine swap resume partition
+       local device=$(ls -l "${REAL_RESUME}" | sed 's/\ */ /g' | cut -d \  -f 6-7 | sed 's/,\ */:/')
+       [ -f /sys/power/resume ] && echo "${device}" > /sys/power/resume
+       return 0
+}
+
 tuxonice_resume() {
        [ -d /proc/suspend2 -o -d /sys/power/suspend2 -o -d /sys/power/tuxonice ] || return
 
index c53976d87ab5a35647b41d3a6687ce208a49f398..7cccb57b8a436071931149c771d0b5b3c0c746bd 100644 (file)
@@ -44,6 +44,7 @@ CMDLINE="`cat /proc/cmdline`"
 REAL_ROOT=''
 FAKE_ROOT=''
 REAL_ROOTFLAGS=''
+CRYPT_SILENT=0
 for x in ${CMDLINE}
 do
        case "${x}" in
@@ -174,13 +175,31 @@ do
                        NFSROOT=`parse_opt "${x}"`
                ;;
                crypt_root\=*)
-                       LUKS_ROOT=`parse_opt "${x}"`
+                       CRYPT_ROOT=`parse_opt "${x}"`
                ;;
                crypt_swap\=*)
-                       LUKS_SWAP=`parse_opt "${x}"`
+                       CRYPT_SWAP=`parse_opt "${x}"`
                ;;
-               crypt_silent\=*)
-                       LUKS_SILENT=`parse_opt "${x}"`
+               root_key\=*)
+                       CRYPT_ROOT_KEY=`parse_opt "${x}"`
+               ;;
+               root_keydev\=*)
+                       CRYPT_ROOT_KEYDEV=`parse_opt "${x}"`
+               ;;
+               swap_key\=*)
+                       CRYPT_SWAP_KEY=`parse_opt "${x}"`
+               ;;
+               swap_keydev\=*)
+                       CRYPT_SWAP_KEYDEV=`parse_opt "${x}"`
+               ;;
+               real_resume\=*)
+                       REAL_RESUME=`parse_opt "${x}"`
+               ;;
+               noresume)
+                       NORESUME=1
+               ;;
+               crypt_silent)
+                       CRYPT_SILENT=1
                ;;
                real_rootflags\=*)
                        REAL_ROOTFLAGS=`parse_opt "${x}"`
@@ -203,7 +222,7 @@ if [ -d '/lib/modules' ]
 then
        good_msg 'Loading modules'
        # Load appropriate kernel modules
-       if [ "${NODETECT}" -ne '1' ]
+       if [ "${NODETECT}" != '1' ]
        then
                for modules in $MY_HWOPTS
                do
@@ -237,7 +256,7 @@ setup_md_device
 startVolumes
 
 # Initialize LUKS root device except for livecd's
-if [ "${CDROOT}" -ne '1' ]
+if [ "${CDROOT}" != 1 ]
 then
        startLUKS
 fi
@@ -246,7 +265,7 @@ fi
 mkdir -p ${NEW_ROOT}
 setup_unionfs
 
-if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]
+if [ "${USE_UNIONFS_NORMAL}" = '1' ]
 then
        CHROOT=${UNION}
 else
@@ -256,17 +275,23 @@ fi
 # Run debug shell if requested
 rundebugshell
 
-tuxonice_resume
+if [ "${NORESUME}" != '1' ]
+then
+       swsusp_resume
+#      suspend_resume
+#      suspend2_resume
+       tuxonice_resume
+fi
 
-if [ "${CDROOT}" -eq '1' ]
+if [ "${CDROOT}" = '1' ]
 then
-       if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ]
+       if [ ! "${USE_UNIONFS_NORMAL}" = '1' ]
        then
                good_msg "Making tmpfs for ${NEW_ROOT}"
                mount -t tmpfs tmpfs ${NEW_ROOT}
        fi
        
-       for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys
+       for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys
        do
                mkdir -p ${NEW_ROOT}/$i
                chmod 755 ${NEW_ROOT}/$i
@@ -357,31 +382,17 @@ do
                                        good_msg "Detected real_root=${ROOT_DEV}"
                                        REAL_ROOT="${ROOT_DEV}"
                                else
-                                       bad_msg "Could not find root block device: ${REAL_ROOT}"
-                                       echo '   Please specify a device to boot, or "shell" for a shell...'
-                                       echo -n 'boot() :: '
-                                       read REAL_ROOT
+                                       whereis "REAL_ROOT" "root block device"
                                        got_good_root=0
                                        continue
                                fi
                                ;;
                esac
                                
-               if [ "${REAL_ROOT}" = 'shell' ]
-               then
-                       run_shell
-
-                       REAL_ROOT=''
-                       got_good_root=0
-                       continue
-               
-               elif [ "${REAL_ROOT}" = '' ]
+               if [ "${REAL_ROOT}" = '' ]
                then
                        # No REAL_ROOT determined/specified. Prompt user for root block device.
-                       bad_msg "The root block device is unspecified or not detected."
-                       echo '   Please specify a device to boot, or "shell" for a shell...'
-                       echo -n 'boot() :: '
-                       read REAL_ROOT
+                       whereis "REAL_ROOT" "root block device"
                        got_good_root=0
 
                # Check for a block device or /dev/nfs
@@ -397,7 +408,7 @@ do
        done
 
 
-       if [ "${CDROOT}" -eq '1' -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ]
+       if [ "${CDROOT}" = 1 -a "${got_good_root}" = '1' -a "${REAL_ROOT}" != "/dev/nfs" ]
        then
                # CD already mounted; no further checks necessary
                break
@@ -441,7 +452,7 @@ done
 
 #verbose_kmsg
 
-# If cdroot is set determine the looptype to boot
+# If cd root is set determine the looptype to boot
 if [ "${CDROOT}" = '1' ]
 then
        good_msg 'Determining looptype ...'
@@ -495,28 +506,19 @@ then
        fi
 
        cache_cd_contents
-       
 
         # If encrypted, find key and mount, otherwise mount as usual
-       if [ "${LUKS_ROOT}" != '' ] 
+       if [ -n "${CRYPT_ROOT}" ] 
        then
-               if [ "${LUKS_SILENT}" = '' ]
-               then
-                       good_msg 'You booted an encrypted livecd'
-               fi
-
-               LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
+               good_msg 'You booted an encrypted livecd' ${CRYPT_SILENT}
 
-               if [ "${LUKS_ROOT_KEY}" ]
-               then
-                       bootstrapKey
-               fi
+               CRYPT_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)
                
                losetup /dev/loop0 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}
                
                test_success 'Preparing loop filesystem'
                
-               LUKS_ROOT='/dev/loop0'
+               CRYPT_ROOT='/dev/loop0'
                
                startLUKS
                
@@ -601,7 +603,7 @@ then
 # End cdrom looptype determination and mounting if necessary
 #
 
-       if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]
+       if [ "${USE_UNIONFS_NORMAL}" = '1' ]
        then
                union_insert_dir ${UNION} ${NEW_ROOT}/${FS_LOCATION}
                
@@ -627,7 +629,7 @@ then
        fi
 
        
-       if [ ! "${USE_UNIONFS_NORMAL}" -eq '1' ]
+       if [ "${USE_UNIONFS_NORMAL}" != '1' ]
        then
                good_msg "Copying read-write image contents to tmpfs"
                # Copy over stuff that should be writable
@@ -695,7 +697,7 @@ then
                sleep 10
        fi
 else
-       if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]
+       if [ "${USE_UNIONFS_NORMAL}" = '1' ]
        then
                union_insert_dir ${UNION} ${NEW_ROOT}
                mkdir -p ${UNION}/tmp/.initrd
@@ -717,7 +719,7 @@ verbose_kmsg
 # init scripts will be able to unmount it properly at next reboot
 #
 # Eventually, all "unions over /" mounts should go in that /.unions/
-if [ "${USE_UNIONFS_NORMAL}" -eq '1' ]
+if [ "${USE_UNIONFS_NORMAL}" = '1' ]
 then
        mkdir -p /${CHROOT}/.unions/memory 2>/dev/null
        mount -o move /memory /${CHROOT}/.unions/memory || echo '*: Failed to move unionfs /memory into the system root!'
@@ -737,12 +739,12 @@ then
        fi
        echo -ne "${BOLD}.${NORMAL}"
 
-       if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" -eq '1' -a "${CDROOT}" -eq '0' ]
+       if /tmp/.initrd/bin/[ "${USE_DEVFS_NORMAL}" = '1' -a "${CDROOT}" = 0 ]
        then
                umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!'
                mount -n --move /tmp/.initrd/dev dev || echo '*: Failed to move over the /dev tree!'
                rm -rf /tmp/.initrd/dev || echo '*: Failed to remove the initrd /dev!'
-       elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" -eq '1' ]
+       elif /tmp/.initrd/bin/[ "${USE_UDEV_NORMAL}" = '1' ]
        then
                /tmp/.initrd/bin/[ -e /tmp/.initrd/dev/fd ] && rm /tmp/.initrd/dev/fd
                /tmp/.initrd/bin/[ -e /tmp/.initrd/dev/stdin ] && rm /tmp/.initrd/dev/stdin
@@ -752,7 +754,7 @@ then
                umount /tmp/.initrd/dev || echo '*: Failed to unmount the initrd /dev!'
                umount /tmp/.initrd/proc || echo '*: Failed to unmount the initrd /proc!'
                umount /tmp/.initrd/sys || echo '*: Failed to unmount the initrd /sys!'
-       elif /tmp/.initrd/bin/[ "${CDROOT}" -eq '1' ]
+       elif /tmp/.initrd/bin/[ "${CDROOT}" -eq 1 ]
        then
                umount /tmp/.initrd/proc || echo "*: Failed to unmount the initrd /proc!"
                umount /dev 2>/dev/null
index 4acc807a8a3aa58dc7da757d8731363f72c6eb31..6daec213abc82ff14e5cf41f5903ea752bda66f9 100644 (file)
@@ -259,6 +259,26 @@ Specifies the device node of the root filesystem to mount.
 This specifies the device encrypted by Luks, which contains the root 
 filesystem to mount.
 .TP
+\fBcrypt_swap=\fR<...>
+This specifies the swap device encrypted by Luks.
+.TP
+\fBroot_key=\fR<...>
+In case your root is encrypted with a key, you can use a device like a usb pen to store the key. 
+This value should be the key path relative to the mount point.
+.TP
+\fBroot_keydev=\fR<...>
+If necessary provide the name of the device that carries the root_key.
+If unset while using root_key, it will automatically look for the device in every boot.
+.TP
+\fBswap_key=\fR<...>
+Same as root_key for swap.
+.TP
+\fBswap_keydev=\fR<...>
+Same as root_keydev for swap.
+.TP
+\fBcrypt_silent\fR
+Set this to silent all the output related to the cryptographic software, and in case your encrypted device isn't open with the key, it opens a shell in the initrd quietly.
+.TP
 \fBdodmraid=\fR<...>
 Passes arguments to dmraid on bootup.
 .TP