improve portability, code quality, fix bugs, etc...

2020-06-28 06:58:57 +03:00
parent 1287f2996b
commit 9c16bad562
10 changed files with 539 additions and 578 deletions
--- a/hooks/luks/luks
+++ b/hooks/luks/luks
@@ -0,0 +1,37 @@
+# vim: set ft=sh:
+#
+# handle_luks()
+{
+    print "configuring LUKS"
+
+    [ "$hostonly" = 1 ] &&
+        for _module in \
+            aes ecb xts lrw wp512 sha256 \
+            sha512 twofish serpent dm-crypt
+        do
+            copy_module "$_module"
+        done
+
+    copy_binary cryptsetup
+
+    # avoid possible issues with libgcc_s.so.1
+    # see https://bugs.archlinux.org/task/56771
+    [ -e /lib/libgcc_s.so.1 ] && copy_library /lib/libgcc_s.so.1
+
+    # word splitting is safe by design
+    # shellcheck disable=2086
+    IFS=,; set -- $luks_opts; unset IFS
+
+    set -C; for opt; do case "${opt%%=*}" in
+        key | header)
+            cp "${opt#*=}" "${tmpdir}/root/${opt%%=*}"
+            chmod 400      "${tmpdir}/root/${opt%%=*}"
+
+            sed "s|${opt#*=}|/root/${opt%%=*}|" \
+                "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_"
+
+            cp "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config"
+            chmod 600        "${tmpdir}/etc/tinyramfs/config"
+            rm "${tmpdir}/_"
+    esac || panic; done; set +C
+}
--- a/hooks/luks/luks.init
+++ b/hooks/luks/luks.init
@@ -0,0 +1,31 @@
+# vim: set ft=sh:
+#
+# unlock_luks()
+{
+    [ "$break" = luks ] && { print "break before unlock_luks()"; sh; }
+
+    mkdir -p /run/cryptsetup
+
+    IFS=,; set -- $luks_opts; unset IFS
+
+    for opt; do case "$opt" in
+        discard=1) luks_discard="--allow-discards" ;;
+        header=*)  luks_header="--${opt}"  ;;
+        name=*)    luks_name="${opt#*=}"   ;;
+        root=*)    luks_root="${opt#*=}"   ;;
+        key=*)     luks_key="-d ${opt#*=}" ;;
+    esac; done
+
+    resolve_device "$luks_root"
+
+    set -- \
+        "$luks_key" "$luks_header" "$luks_discard" \
+        "$device" "${luks_name:-crypt-${device##*/}}"
+
+    # libdevice-mapper assumes that udev has dm rules
+    # which is not true because we use our device-helper for dm stuff
+    # this variable fixes possible(?) hang
+    export DM_DISABLE_UDEV=1
+
+    cryptsetup open $@ || panic "failed to unlock LUKS"
+}