Radix cross Linux

The main Radix cross Linux repository contains the build scripts of packages, which have the most complete and common functionality for desktop machines

452 Commits   2 Branches   1 Tag
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
radix/system/trunk/app/cryptsetup/2.6.1/rc.d/rc.luks 
   334         kx #!/bin/bash
   334         kx # Open any volumes created by cryptsetup.
   334         kx #
   334         kx # Some notes on /etc/crypttab in Slackware:
   334         kx # Only LUKS formatted volumes are supported (except for swap)
   334         kx # crypttab follows the following format:
   334         kx # <luks_name> <device> <password> <options>
   334         kx #
   334         kx # <luks_name>:  This is the name of your LUKS volume.
   334         kx # For example:  crypt-home
   334         kx #
   334         kx # <device>:  This is the device containing your LUKS volume.
   334         kx # For example:  /dev/sda2
   334         kx #
   334         kx # <password>:  This is either the volume password in plain text, or the name of
   334         kx # a key file.  Use 'none' to interactively enter password on boot.
   334         kx #
   334         kx # <options>:  Comma-separated list of options.  Note that there must be a
   334         kx # password field for any options to be picked up (use a password of 'none' to
   334         kx # get a password prompt at boot).  The following options are supported:
   334         kx #
   334         kx # discard -- this will cause --allow-discards to be passed to the cryptsetup
   334         kx # program while opening the LUKS volume.
   334         kx #
   334         kx # ro -- this will cause --readonly to be passed to the cryptsetup program while
   334         kx # opening the LUKS volume.
   334         kx #
   334         kx # swap -- this option cannot be used with other options.  The device given will
   334         kx # be formatted as a new encrypted volume with a random key on boot, and used as
   334         kx # swap.
   334         kx #
   334         kx # keyscript=<path/to/script> -- get the password from the named script's stdout.
   334         kx # The only parameter sent to script is the <password> field, but the script can
   334         kx # ignore it.
   334         kx #
   334         kx 
   334         kx if [ -f /etc/crypttab -a -x /sbin/cryptsetup ]; then
   334         kx   # First, check for device-mapper support.
   334         kx   if ! grep -wq device-mapper /proc/devices ; then
   334         kx     # If device-mapper exists as a module, try to load it.
   334         kx     # Try to load a device-mapper kernel module:
   334         kx     /sbin/modprobe -q dm-mod
   334         kx   fi
   334         kx   # NOTE: we only support LUKS formatted volumes (except for swap)!
   334         kx   # The input for this loop comes from after the "done" below, so that we can
   334         kx   # use fd3 and keep stdin functional for password entry or in case a keyscript
   334         kx   # requires it:
   334         kx   while read line <&3; do
   334         kx     eval LUKSARRAY=( $line )
   334         kx     LUKS="${LUKSARRAY[0]}"
   334         kx     DEV="${LUKSARRAY[1]}"
   334         kx     PASS="${LUKSARRAY[2]}"
   334         kx     OPTS="${LUKSARRAY[3]}"
   334         kx     KEYSCRIPT="$(echo $OPTS | sed -n 's/.*keyscript=\([^,]*\).*/\1/p')"
   334         kx     LUKSOPTS=""
   334         kx     if echo $OPTS | grep -wq ro ; then LUKSOPTS="${LUKSOPTS} --readonly" ; fi
   334         kx     if echo $OPTS | grep -wq discard ; then LUKSOPTS="${LUKSOPTS} --allow-discards" ; fi
   334         kx     # Skip LUKS volumes that were already unlocked (in the initrd):
   334         kx     /sbin/cryptsetup status $LUKS 2>/dev/null | head -n 1 | grep -q "is active" && continue
   334         kx     if /sbin/cryptsetup isLuks $DEV 2>/dev/null ; then
   334         kx       if [ -z "${LUKSOPTS}" ]; then
   334         kx         echo "Unlocking LUKS encrypted volume '${LUKS}' on device '$DEV':"
   334         kx       else
   334         kx         echo "Unlocking LUKS encrypted volume '${LUKS}' on device '$DEV' with options '${LUKSOPTS}':"
   334         kx       fi
   334         kx       if [ -x "${KEYSCRIPT}" ]; then
   334         kx         # A password was outputted by a script
   334         kx         ${KEYSCRIPT} "${PASS}" | /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
   334         kx         echo
   334         kx       elif [ -n "${PASS}" -a "${PASS}" != "none" ]; then
   334         kx         if [ -f "${PASS}" ]; then
   334         kx           # A password was given a key-file filename
   334         kx           /sbin/cryptsetup ${LUKSOPTS} --key-file=${PASS} luksOpen $DEV $LUKS
   334         kx         else
   334         kx           # A password was provided in plain text
   334         kx           echo "${PASS}" | /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
   334         kx         fi
   334         kx       else
   334         kx         # No password was given, or a password of 'none' was given
   334         kx         /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
   334         kx       fi
   334         kx     elif echo $OPTS | grep -wq swap ; then
   334         kx       # If any of the volumes is to be used as encrypted swap,
   334         kx       # then encrypt it using a random key and run mkswap:
   334         kx       echo "Creating encrypted swap volume '${LUKS}' on device '$DEV':"
   334         kx       /sbin/cryptsetup --batch-mode --cipher=aes --key-file=/dev/urandom --key-size=256 create $LUKS $DEV
   334         kx       mkswap /dev/mapper/$LUKS
   334         kx     fi
   334         kx   done 3< <(grep -vE '^(#|$)' /etc/crypttab)
   334         kx fi
cSvn-ui 0.1.5
Subversion 1.14.2
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.