From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E17DF158090 for ; Mon, 16 May 2022 05:34:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2AD33E08F2; Mon, 16 May 2022 05:34:21 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E1D95E08F2 for ; Mon, 16 May 2022 05:34:20 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 285CB34195D for ; Mon, 16 May 2022 05:34:20 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 89E36445 for ; Mon, 16 May 2022 05:34:18 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <1628356810.efdf4d0affb587655d703140db86d45ffd2a1ede.robbat2@gentoo> Subject: [gentoo-commits] proj/genkernel:master commit in: defaults/ X-VCS-Repository: proj/genkernel X-VCS-Files: defaults/initrd.scripts X-VCS-Directories: defaults/ X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: efdf4d0affb587655d703140db86d45ffd2a1ede X-VCS-Branch: master Date: Mon, 16 May 2022 05:34:18 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1bc63ebe-a622-4172-b1d7-65bc7201e3c7 X-Archives-Hash: 2eb436b002ce8a5221bbdba2ce60920a commit: efdf4d0affb587655d703140db86d45ffd2a1ede Author: Dmitry Baranov gmail com> AuthorDate: Tue Dec 29 20:10:50 2020 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Sat Aug 7 17:20:10 2021 +0000 URL: https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=efdf4d0a defaults/initrd.scripts: Get rid of extra padding Simplify conditional blocks where 'continue' is present. Signed-off-by: Dmitry Baranov gmail.com> defaults/initrd.scripts | 184 ++++++++++++++++++++++++------------------------ 1 file changed, 92 insertions(+), 92 deletions(-) diff --git a/defaults/initrd.scripts b/defaults/initrd.scripts index cdee2a4..33a48b3 100644 --- a/defaults/initrd.scripts +++ b/defaults/initrd.scripts @@ -1882,119 +1882,119 @@ openLUKS() { bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" ${CRYPT_SILENT} DEV_ERROR=1 continue - else - if [ -n "${cryptsetup_options}" ] - then - good_msg "Using the following cryptsetup options for ${LUKS_NAME}: ${cryptsetup_options}" ${CRYPT_SILENT} - fi + fi - # Handle keys - if [ -n "${LUKS_KEY}" ] + if [ -n "${cryptsetup_options}" ] + then + good_msg "Using the following cryptsetup options for ${LUKS_NAME}: ${cryptsetup_options}" ${CRYPT_SILENT} + fi + + # Handle keys + if [ -n "${LUKS_KEY}" ] + then + local REAL_LUKS_KEYDEV="${LUKS_KEYDEV}" + if [ ! -e "${mntkey}${LUKS_KEY}" ] then - local REAL_LUKS_KEYDEV="${LUKS_KEYDEV}" - if [ ! -e "${mntkey}${LUKS_KEY}" ] + REAL_LUKS_KEYDEV=$(find_real_device "${LUKS_KEYDEV}") + if [ -b "${REAL_LUKS_KEYDEV}" ] then - REAL_LUKS_KEYDEV=$(find_real_device "${LUKS_KEYDEV}") - if [ -b "${REAL_LUKS_KEYDEV}" ] + good_msg "Using key device ${REAL_LUKS_KEYDEV}." ${CRYPT_SILENT} + else + good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT} + # abort after 10 secs + local count=10 + while [ ${count} -gt 0 ] + do + count=$((count-1)) + sleep 1 + REAL_LUKS_KEYDEV=$(find_real_device "${LUKS_KEYDEV}") + if [ -b "${REAL_LUKS_KEYDEV}" ] + then + good_msg "Removable device ${REAL_LUKS_KEYDEV} detected." ${CRYPT_SILENT} + break + fi + done + if [ ! -b "${REAL_LUKS_KEYDEV}" ] then - good_msg "Using key device ${REAL_LUKS_KEYDEV}." ${CRYPT_SILENT} - else - good_msg "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" ${CRYPT_SILENT} - # abort after 10 secs - local count=10 - while [ ${count} -gt 0 ] - do - count=$((count-1)) - sleep 1 - REAL_LUKS_KEYDEV=$(find_real_device "${LUKS_KEYDEV}") - if [ -b "${REAL_LUKS_KEYDEV}" ] - then - good_msg "Removable device ${REAL_LUKS_KEYDEV} detected." ${CRYPT_SILENT} - break - fi - done + eval CRYPT_${TYPE}_KEY=${LUKS_KEY} + bootstrapKey ${TYPE} + eval LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' + REAL_LUKS_KEYDEV=$(find_real_device "${LUKS_KEYDEV}") if [ ! -b "${REAL_LUKS_KEYDEV}" ] then - eval CRYPT_${TYPE}_KEY=${LUKS_KEY} - bootstrapKey ${TYPE} - eval LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' - REAL_LUKS_KEYDEV=$(find_real_device "${LUKS_KEYDEV}") - if [ ! -b "${REAL_LUKS_KEYDEV}" ] - then - KEYDEV_ERROR=1 - bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} - continue - fi - # continue otherwise will mount keydev which is mounted by bootstrap + KEYDEV_ERROR=1 + bad_msg "Removable device ${LUKS_KEYDEV} not found." ${CRYPT_SILENT} continue fi + # continue otherwise will mount keydev which is mounted by bootstrap + continue fi + fi - # At this point a device was recognized, now let's see if the key is there - [ ! -d "${mntkey}" ] && mkdir -p "${mntkey}" >/dev/null 2>&1 + # At this point a device was recognized, now let's see if the key is there + [ ! -d "${mntkey}" ] && mkdir -p "${mntkey}" >/dev/null 2>&1 - # determine fs -- 'auto' will not trigger module loading! - LUKS_KEYDEV_FSTYPE=$(determine_fs "${REAL_LUKS_KEYDEV}" "${LUKS_KEYDEV_FSTYPE}") + # determine fs -- 'auto' will not trigger module loading! + LUKS_KEYDEV_FSTYPE=$(determine_fs "${REAL_LUKS_KEYDEV}" "${LUKS_KEYDEV_FSTYPE}") - if ! run mount -n -t ${LUKS_KEYDEV_FSTYPE} -o ro ${REAL_LUKS_KEYDEV} ${mntkey} >/dev/null 2>&1 - then - KEYDEV_ERROR=1 - bad_msg "Mounting of device ${REAL_LUKS_KEYDEV} failed." ${CRYPT_SILENT} - continue - else - good_msg "Removable device ${REAL_LUKS_KEYDEV} mounted." ${CRYPT_SILENT} - sleep 2 - # keyfile exists? - if [ ! -e "${mntkey}${LUKS_KEY}" ] - then - run umount -n "${mntkey}" >/dev/null 2>&1 - KEY_ERROR=1 - KEYDEV_ERROR=1 - bad_msg "Key {LUKS_KEY} on device ${REAL_LUKS_KEYDEV} not found." ${CRYPT_SILENT} - continue - fi - fi + if ! run mount -n -t ${LUKS_KEYDEV_FSTYPE} -o ro ${REAL_LUKS_KEYDEV} ${mntkey} >/dev/null 2>&1 + then + KEYDEV_ERROR=1 + bad_msg "Mounting of device ${REAL_LUKS_KEYDEV} failed." ${CRYPT_SILENT} + continue fi - # At this point a candidate key exists (either mounted before or not) - good_msg "${LUKS_KEY} on device ${REAL_LUKS_KEYDEV} found" ${CRYPT_SILENT} - if [ "$(echo ${LUKS_KEY} | grep -o '.gpg$')" = ".gpg" ] + good_msg "Removable device ${REAL_LUKS_KEYDEV} mounted." ${CRYPT_SILENT} + sleep 2 + # keyfile exists? + if [ ! -e "${mntkey}${LUKS_KEY}" ] then - if ! hash gpg >/dev/null 2>&1 - then - bad_msg "GPG-encrypted key file provided but gpg program is missing. Was initramfs built without --gpg parameter?" - bad_msg "Falling back to passphrase usage!" - else - [ -e /dev/tty ] && run mv /dev/tty /dev/tty.org - run mknod /dev/tty c 5 1 - cryptsetup_options="${cryptsetup_options} -d -" - gpg_cmd="gpg --logger-file /dev/null --quiet --decrypt ${mntkey}${LUKS_KEY} |" - fi - else - cryptsetup_options="${cryptsetup_options} -d ${mntkey}${LUKS_KEY}" + run umount -n "${mntkey}" >/dev/null 2>&1 + KEY_ERROR=1 + KEYDEV_ERROR=1 + bad_msg "Key {LUKS_KEY} on device ${REAL_LUKS_KEYDEV} not found." ${CRYPT_SILENT} + continue fi fi - # At this point, keyfile or not, we're ready! - crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" - crypt_filter_ret=$? - - [ -e /dev/tty.org ] \ - && run rm -f /dev/tty \ - && run mv /dev/tty.org /dev/tty + # At this point a candidate key exists (either mounted before or not) + good_msg "${LUKS_KEY} on device ${REAL_LUKS_KEYDEV} found" ${CRYPT_SILENT} - if [ ${crypt_filter_ret} -eq 0 ] + if [ "$(echo ${LUKS_KEY} | grep -o '.gpg$')" = ".gpg" ] then - run touch "${OPENED_LOCKFILE}" - good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} - break - elif [ ! -e "${OPENED_LOCKFILE}" ] - then - bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} - DEV_ERROR=1 - KEY_ERROR=1 - KEYDEV_ERROR=1 + if ! hash gpg >/dev/null 2>&1 + then + bad_msg "GPG-encrypted key file provided but gpg program is missing. Was initramfs built without --gpg parameter?" + bad_msg "Falling back to passphrase usage!" + else + [ -e /dev/tty ] && run mv /dev/tty /dev/tty.org + run mknod /dev/tty c 5 1 + cryptsetup_options="${cryptsetup_options} -d -" + gpg_cmd="gpg --logger-file /dev/null --quiet --decrypt ${mntkey}${LUKS_KEY} |" + fi + else + cryptsetup_options="${cryptsetup_options} -d ${mntkey}${LUKS_KEY}" fi fi + # At this point, keyfile or not, we're ready! + crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" + crypt_filter_ret=$? + + [ -e /dev/tty.org ] \ + && run rm -f /dev/tty \ + && run mv /dev/tty.org /dev/tty + + if [ ${crypt_filter_ret} -eq 0 ] + then + run touch "${OPENED_LOCKFILE}" + good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} + break + elif [ ! -e "${OPENED_LOCKFILE}" ] + then + bad_msg "Failed to open LUKS device ${LUKS_DEVICE}" ${CRYPT_SILENT} + DEV_ERROR=1 + KEY_ERROR=1 + KEYDEV_ERROR=1 + fi fi done