OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5129 Commits
1 Branch
0 Tags
34 MiB
Tree: ad8db29db3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ad8db29db3'
${ noResults }
rocklinux/package/base/device-mapper/etc_conf_dm_initrd_dm

256 lines
9.2 KiB
Raw Normal View History

Benjamin Schieder: new initrd concept fixes a bug where using the same partition on different disks resulted in the same devicemap name [2005072713463809445] (https://www.rocklinux.net/submaster) git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@6286 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
19 years ago
  1. #!/bin/bash
  3. read a b version c < /proc/version
  4. while read device mountpoint status ; do
  5. [ "${status}" == "plain" ] && continue
  6. if [ ${rootfsmounted} -eq 0 -a "${mountpoint}" != "/" ] ; then # we need to have the rootfs mounted for all other filesystems to be mountable
  7. echo "Mounting rootfs (${rootfs}) on /root"
  8. initrd_mount ${rootfs} /root
  9. rootfsmounted=1
  10. fi
  11. if [ "${status}" == "encrypt" ] ; then # {{{
  12. echo "Encrypting ${device} on ${mountpoint}"
  13. echo
  14. echo "WARNING! Although this is usually safe you should make sure that your backups"
  15. echo "are recent and working. Just in case something happens (power loss, ...)."
  16. echo "If this process is interrupted your filesystem WILL BE INACCESSIBLE!"
  17. echo
  18. pass1="MEEP"
  19. pass2="MOOP"
  20. while [ "${pass1}" != "${pass2}" ] ; do
  21. echo -n "Please enter the passphrase for encryption: "
  22. read -s pass1 < /dev/console
  23. echo
  24. if [ -z "${pass1:20}" ] ; then
  25. echo "Your passphrase is short and may thus be insecure."
  26. echo -n "Enter it again to use it anyway: "
  27. read -s passa < /dev/console
  28. echo
  29. if [ "${passa}" != "${pass1}" ] ; then
  30. passa="ABCD"
  31. pass1="MEEP"
  32. pass2="MOOP"
  33. continue
  34. fi
  35. passa="ABCD"
  36. fi
  37. echo -n "Please confirm the passphrase: "
  38. read -s pass2 < /dev/console
  39. echo
  40. [ "${pass1}" != "${pass2}" ] && echo "The passphrases do not match!"
  41. done
  43. pass1="`echo ${pass1} | md5sum`"
  44. pass1=${pass1%% *}
  45. encryptedname=${device//\//_}_encrypted
  46. encryptedname=${encryptedname#_}
  47. echo -n "Setting up encryption now ... "
  48. echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${pass1} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
  49. echo "done"
  50. echo "I will now do a sanity check of the harddisk. This means"
  51. echo "that the encryption process will be simulated by writing"
  52. echo "to /dev/null instead of the encrypted partition."
  53. echo "This ensures that the whole disk is readable and the"
  54. echo "copy process won't fail because of a bad harddisk."
  55. echo
  56. echo -n "Press enter to continue ... "
  57. read </dev/console
  58. if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
  59. echo "Starting dd, this will take some time. Go have some coffee :-)"
  60. dd if=${device} of=/dev/null bs=1k conv=stat # conv=stat is my personal patch -- BRS
  61. error=${?}
  62. else
  63. echo "Starting dd, this will take some time. No output will happen"
  64. echo "while this is running. Go have some coffee :-)"
  65. dd if=${device} of=/dev/null bs=1k
  66. error=${?}
  67. fi
  68. if [ ${error} != 0 ] ; then
  69. echo "An error occured!"
  70. echo "Cowardly refusing to encrypt ${device}!"
  71. /sbin/dmsetup remove ${encryptedname}
  72. echo "Starting a shell"
  73. echo
  74. exec /bin/bash
  75. continue
  76. fi
  77. echo "Now the critical part of the encryption process starts."
  78. echo "I'm now copying the data bytewise from the unencrypted device to the"
  79. echo "encrypted loopdevice. Make absolutely sure that this process won't be"
  80. echo "interrupted!"
  81. echo
  82. echo -n "Press enter to start encrypting ... "
  83. read < /dev/console
  84. if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
  85. echo "Starting dd, this will take some time. Go have some coffee :-)"
  86. dd if=${device} of=/dev/mapper/${encryptedname} bs=1k conv=stat # conv=stat is my personal patch -- BRS
  87. else
  88. echo "Starting dd, this will take some time. No output will happen"
  89. echo "while this is running. Go have some coffee :-)"
  90. dd if=${device} of=/dev/mapper/${encryptedname} bs=1k
  91. fi
  92. echo "Encrypting the data is done."
  93. echo -n "Mounting encrypted ${device} on ${mountpoint} now ... "
  94. if ! initrd_mount /dev/mapper/${encryptedname} /root/${mountpoint} ; then
  95. echo "FAILED"
  96. echo "Couldn't mount /dev/mapper/${encryptedname} on ${mountpoint}"
  97. echo "Starting a shell"
  98. echo
  99. exec /bin/bash
  100. fi
  101. [ "${mountpoint}" == "/" ] && rootfsmounted=1
  102. echo "done"
  103. echo "Remember to change the status of ${device} to encrypted using stone."
  104. echo "Press enter to continue"
  105. read < /dev/console
  106. continue
  107. fi # }}}
  108. if [ "${status}" == "decrypt" ] ; then # {{{
  109. echo "Decrypting ${device} on ${mountpoint}"
  110. echo
  111. echo "WARNING! Although this is usually safe you should make sure that your backups"
  112. echo "are recent and working. Just in case something happens (power loss, ...)."
  113. echo "If this process is interrupted your filesystem WILL BE INACCESSIBLE!"
  114. echo
  115. pass1="MEEP"
  116. pass2="MOOP"
  117. while [ "${pass1}" != "${pass2}" ] ; do
  118. echo -n "Please enter the passphrase for decryption: "
  119. read -s pass1 < /dev/console
  120. echo
  121. echo -n "Please confirm the passphrase: "
  122. read -s pass2 < /dev/console
  123. echo
  124. [ "${pass1}" != "${pass2}" ] && echo "The passphrases do not match!"
  125. done
  126. pass1="`echo ${pass1} | md5sum`"
  127. pass1=${pass1%% *}
  128. encryptedname=${device//\//_}_encrypted
  129. encryptedname=${encryptedname#_}
  131. echo -n "Setting up decryption now ... "
  132. echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${pass1} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
  133. echo "done"
  134. echo "I will now do a sanity check of the harddisk. This means"
  135. echo "that the encryption process will be simulated by writing"
  136. echo "to /dev/null instead of the encrypted partition."
  137. echo "This ensures that the whole disk is readable and the"
  138. echo "copy process won't fail because of a bad harddisk."
  139. echo
  140. echo -n "Press enter to continue ... "
  141. read </dev/console
  142. if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
  143. echo "Starting dd, this will take some time. Go have some coffee :-)"
  144. dd if=${device} of=/dev/null bs=1k conv=stat # conv=stat is my personal patch -- BRS
  145. error=${?}
  146. else
  147. echo "Starting dd, this will take some time. No output will happen"
  148. echo "while this is running. Go have some coffee :-)"
  149. dd if=${device} of=/dev/null bs=1k
  150. error=${?}
  151. fi
  152. if [ ${error} != 0 ] ; then
  153. echo "An error occured!"
  154. echo "Cowardly refusing to decrypt ${device}!"
  155. echo "Starting a shell."
  156. echo
  157. exec /bin/bash
  158. continue
  159. fi
  160. echo "Now the critical part of the decryption process starts."
  161. echo "I'm now copying the data bytewise from the encrypted device to the"
  162. echo "unencrypted loopdevice. Make absolutely sure that this process won't be"
  163. echo "interrupted!"
  164. echo
  165. echo -n "Press enter to start decrypting ... "
  166. read < /dev/console
  167. if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
  168. echo "Starting dd, this will take some time. Go have some coffee :-)"
  169. dd if=/dev/mapper/${encryptedname} of=${device} bs=1k conv=stat # conv=stat is my personal patch
  170. else
  171. echo "Starting dd, this will take some time. No output will happen"
  172. echo "while this is running. Go have some coffee :-)"
  173. dd if=/dev/mapper/${encryptedname} of=${device} bs=1k
  174. fi
  175. echo "Decrypting the data is done."
  176. echo -n "Shutting down encryption ... "
  177. /sbin/dmsetup remove ${encryptedname}
  178. echo -n "done"
  179. echo -n "Mounting ${device} on ${mountpoint} now ... "
  180. if ! initrd_mount ${device} /root/${mountpoint} ; then
  181. echo "FAILED"
  182. echo "Couldn't mount ${device} on ${mountpoint}"
  183. echo "Starting a shell"
  184. echo
  185. exec /bin/bash
  186. fi
  187. [ "${mountpoint}" == "/" ] && rootfsmounted=1
  188. echo "done"
  189. echo "Remember to change the status of ${device} to 'plain' using stone."
  190. echo "Press enter to continue"
  191. read < /dev/console
  192. continue
  193. fi # }}}
  194. if [ "${status}" == "swap" ] ; then # {{{
  195. echo "Creating encrypted swap on ${device}"
  196. echo "setting up encryption"
  197. echo -n "gathering entropy ... "
  198. ent=""
  199. while [ -z "${ent:128}" ] ; do
  200. read -n 1 e < /dev/random
  201. [ "${e}" == "\n" ] && continue
  202. ent="${ent}${e}"
  203. echo -n "."
  204. done
  205. ent="`echo ${ent} | md5sum`"
  206. ent=${ent%% *}
  207. echo
  208. echo -n "setting up encryption ... "
  209. encryptedname=${device//\//_}_encrypted
  210. encryptedname=${encryptedname#_}
  211. echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${ent} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
  212. echo "done"
  213. echo -n "creating swapspace ... "
  214. if /sbin/mkswap /dev/mapper/${encryptedname} >/dev/null 2>&1 ; then
  215. echo "success"
  216. echo -n "activating swapspace ... "
  217. if /sbin/swapon /dev/mapper/${encryptedname} ; then
  218. echo "success"
  219. else
  220. echo "failed"
  221. echo "booting without swap!"
  222. fi
  223. else
  224. echo "failed"
  225. echo "booting without swap!"
  226. fi
  227. fi # }}}
  228. if [ "${status}" == "encrypted" ] ; then # {{{
  229. run=1
  230. while [ ${run} -eq 1 ] ; do
  231. echo "Please enter the passphrase for ${device} on ${mountpoint}"
  232. echo -n "Passphrase: "
  233. read -s passphrase < /dev/console
  234. echo
  235. passphrase="`echo ${passphrase} | md5sum`"
  236. passphrase=${passphrase%% *}
  237. encryptedname=${device//\//_}_encrypted
  238. encryptedname=${encryptedname#_}
  239. echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${passphrase} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
  240. if initrd_mount /dev/mapper/${encryptedname} /root/${mountpoint} < /dev/console ; then
  241. run=0
  242. echo "Success"
  243. else
  244. /sbin/dmsetup remove ${encryptedname}
  245. echo "Couldn't mount ${device} on ${mountpoint}"
  246. echo -n "Continue without it [y/n] ? "
  247. read -n 1 yn < /dev/console
  248. echo
  249. [ "${yn}" == "y" ] && run=0
  250. fi
  251. done
  253. [ "${mountpoint}" == "/" ] && rootfsmounted=1
  254. continue
  255. fi # }}}
  256. done < /etc/dm/mounts