rpms / cryptsetup

Clone
Source Code
GIT

Blame SOURCES/cryptsetup-reencrypt-module.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   a390326493b1a45a5b994b15346c8dd7cfc136ee
  2.   SOURCES
  3.   cryptsetup-reencrypt-module.patch
Blob History Raw
a39032 
diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/module-setup.sh cryptsetup-1.6.2/misc/dracut_90reencrypt/module-setup.sh
a39032 
--- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/module-setup.sh	2013-10-22 17:49:43.677906826 +0200
a39032 
+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/module-setup.sh	2013-10-22 17:53:11.214137892 +0200
a39032 
@@ -7,14 +7,21 @@ check() {
a39032
a39032 
 depends() {
a39032 
     echo dm rootfs-block
a39032 
-    return 0
a39032 
 }
a39032
a39032 
 installkernel() {
a39032 
-    instmods dm_crypt =crypto
a39032 
+    # requires hostonly='' override so that loop module is pulled in initramfs
a39032 
+    # even if not loaded in actual kernel. dracut bug?
a39032 
+    hostonly='' instmods dm_crypt =crypto loop
a39032 
 }
a39032
a39032 
 install() {
a39032 
+    if dracut_module_included crypt; then
a39032 
+        derror "'reencrypt' can't be installed together with 'crypt'."
a39032 
+        derror "Add '-o crypt' option to install reencrypt module."
a39032 
+        return 1
a39032 
+    fi
a39032 
+
a39032 
     dracut_install cryptsetup-reencrypt
a39032
a39032 
     inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
a39032 
     inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
a39032 
diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/parse-reencrypt.sh cryptsetup-1.6.2/misc/dracut_90reencrypt/parse-reencrypt.sh
a39032 
--- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/parse-reencrypt.sh	2013-10-22 17:49:43.677906826 +0200
a39032 
+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/parse-reencrypt.sh	2013-10-22 17:57:58.391063270 +0200
a39032 
@@ -1,10 +1,10 @@
a39032 
 #!/bin/sh
a39032
a39032 
-REENC=$(getargs rd_REENCRYPT=)
a39032 
+REENC=$(getargs rd.luks.reencrypt=)
a39032 
 REENC_DEV=$(echo $REENC | sed 's/:.*//')
a39032 
 REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')
a39032
a39032 
-REENC_KEY=$(getargs rd_REENCRYPT_KEY=)
a39032 
+REENC_KEY=$(getargs rd.luks.reencrypt_key=)
a39032 
 if [ -z "$REENC_KEY" ] ; then
a39032 
     REENC_KEY=none
a39032 
 fi
a39032 
diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/README cryptsetup-1.6.2/misc/dracut_90reencrypt/README
a39032 
--- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/README	2013-10-22 17:49:43.677906826 +0200
a39032 
+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/README	2013-10-22 18:01:08.224347499 +0200
a39032 
@@ -2,10 +2,12 @@ Example of simple dracut module for reen
a39032 
 LUKS drive on-the-fly.
a39032
a39032 
 Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then
a39032 
-rebuild intramfs "with dracut -f -a reencrypt".
a39032 
+build special intramfs "with dracut -a reencrypt -o crypt".
a39032 
+Reencrypt module doesn't work (has a conflict) with crypt module as
a39032 
+of now. After successfull reencryption reboot using original initramfs.
a39032
a39032 
-Dracut then recognize argument rd_REENCRYPT=name:size,
a39032 
-e.g. rd_REENCRYPT=sda2:52G means only 52G of device
a39032 
+Dracut then recognize argument rd.luks.reencrypt=name:size,
a39032 
+e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
a39032 
 will be reencrypted (default is whole device).
a39032 
 (Name is kernel name of device.)
a39032
a39032 
diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/reencrypt.sh cryptsetup-1.6.2/misc/dracut_90reencrypt/reencrypt.sh
a39032 
--- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/reencrypt.sh	2013-10-22 17:49:43.677906826 +0200
a39032 
+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/reencrypt.sh	2013-10-22 18:00:18.871533944 +0200
a39032 
@@ -5,6 +5,8 @@
a39032
a39032 
 [ -d /sys/module/dm_crypt ] || modprobe dm_crypt
a39032
a39032 
+[ -d /sys/module/loop ] || modprobe loop
a39032 
+
a39032 
 [ -f /tmp/reencrypted ] && exit 0
a39032
a39032 
 . /lib/dracut-lib.sh
a39032 
@@ -43,6 +45,7 @@ reenc_run() {
a39032 
         info "REENCRYPT using key $1"
a39032 
         reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
a39032 
     fi
a39032 
+    _ret=$?
a39032 
     cd $cwd
a39032 
 }
a39032
a39032 
@@ -50,9 +53,18 @@ info "REENCRYPT $device requested"
a39032 
 # flock against other interactive activities
a39032 
 { flock -s 9;
a39032 
     reenc_run $2
a39032 
-} 9>/.console.lock
a39032 
+} 9>/.console_lock
a39032 
+
a39032 
+if [ $_ret -eq 0 ]; then
a39032 
+    # do not ask again
a39032 
+    >> /tmp/reencrypted
a39032 
+    warn "Reencryption of device $device has finished successfully. Use previous"
a39032 
+    warn "initramfs image (without reencrypt module) to boot the system. When"
a39032 
+    warn "you leave the emergency shell, the system will reboot."
a39032
a39032 
-# do not ask again
a39032 
->> /tmp/reencrypted
a39032 
+    emergency_shell -n "(reboot)"
a39032 
+    /usr/bin/systemctl reboot
a39032 
+fi
a39032
a39032 
-exit 0
a39032 
+# panic the kernel otherwise
a39032 
+exit 1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation