diff --git a/mkinitrd b/mkinitrd index 300db21..12f881e 100755 --- a/mkinitrd +++ b/mkinitrd @@ -386,6 +386,10 @@ finddmmods() { ;; crypt) findmodule -dm-crypt + mods="$(echo $line | awk '{print $4}' | sed 's,-\([^-]\+:\)\?, ,g')" + for mod in $mods; do + findmodule -$mod + done ;; zero) findmodule -dm-zero @@ -497,6 +501,14 @@ findblockdevinsys() { if [[ "$devname" =~ ^/sys/block/ ]]; then echo "$devname" fi + # check if it's a dm-crypt device. if so, just return the /dev/mapper path + if [[ "$devname" =~ ^/dev/mapper/ ]]; then + type=$(/sbin/dmsetup table $(basename $devname) | awk '{print $3}') + if [ "$type" == "crypt" ]; then + echo "$devname" + return 0 + fi + fi majmin=$(get_numeric_dev dec $devname) finddevnoinsys "$majmin" } @@ -533,7 +545,7 @@ findstoragedriver () { continue ;; *) handleddevices="$handleddevices $device" ;; esac - if [[ "$device" =~ "md[0-9]+" ]]; then + if [[ "$device" =~ "^md[0-9]+" ]]; then vecho "Found RAID component $device" handleraid "$device" continue @@ -542,6 +554,7 @@ findstoragedriver () { if [[ "$device" =~ ^mapper/ ]]; then majmin=$(get_numeric_dev dec "/dev/$device") sysfs=$(finddevnoinsys $majmin) + handlecrypt "$device" else sysfs=$(findone -type d /sys/block -name $device) fi @@ -652,6 +665,33 @@ is_iscsi() { fi } +handlecrypt() { + line=$(/sbin/dmsetup table "$(basename $1)" 2>/dev/null) + [ -z "$line" ] && return 1 + type=$(echo "$line" | awk '{ print $3 }') + [ -z "$type" ] && return 1 + case "$type" in + crypt) + # encrypted LVs will not work. that's what you get for being crazy. + slaveno=$(echo $line | awk '{print $7}') + slavedev=$(basename $(finddevnoinsys $slaveno)) + cryptsetup isLuks "/dev/$slavedev" 2>/dev/null + if [ $? -ne 0 ]; then + # only LUKS is supported + return + fi + find_base_dm_mods + mods="$(echo $line | awk '{print $4}' | sed 's,-\([^-]\+:\)\?, ,g')" + findmodule dm-crypt + for mod in $mods; do + findmodule $mod + done + cryptodevs="$cryptodevs /dev/$slavedev:$(basename $1)" + findstoragedriver "$slavedev" + ;; + esac +} + handleiscsi() { vecho "Found iscsi component $1" findmodule iscsi_tcp @@ -1081,7 +1121,7 @@ if [ "x$PROBE" == "xyes" ]; then "$rootdev" != "${rootdev##UUID=}" ]; then rootopts=$(echo $rootopts | sed -e 's/^r[ow],//' -e 's/,_netdev//' -e 's/_netdev//' -e 's/,r[ow],$//' -e 's/,r[ow],/,/' -e 's/^r[ow]$/defaults/' -e 's/$/,ro/') physdev=$(findblockdevinsys "$rootdev") - physdev=${physdev##*/} + physdev=${physdev##*/dev/} if [ -n "$physdev" ]; then vecho "Found root device $physdev for $rootdev" else @@ -1099,10 +1139,16 @@ if [ "x$PROBE" == "xyes" ]; then # find the first swap dev which would get used for swsusp swsuspdev=$(awk '/^[ \t]*[^#]/ { if ($3 == "swap") { print $1; exit }}' $fstab) - if [ "$swsuspdev" == "${swsuspdev##LABEL=}" -o \ - "$swsuspdev" == "${swsuspdev##UUID=}" ]; then - handlelvordev $swsuspdev + if [ "$swsuspdev" != "${swsuspdev##LABEL=}" -o \ + "$swsuspdev" != "${swsuspdev##UUID=}" ]; then + suspdev=$(findblockdevinsys "$swsuspdev") + suspdev=${suspdev##*/dev/} + if [ -n "$suspdev" ]; then + swsuspdev="$suspdev" + fi + unset suspdev fi + handlelvordev "$swsuspdev" fi if [ -n "$forcescsi" -o -z "$noscsi" -a "x$PROBE" == "xyes" ]; then @@ -1373,6 +1419,10 @@ if [ -z "$nolvm" -a -n "$vg_list" ]; then fi fi +if [ -n "$cryptodevs" ]; then + inst /sbin/cryptsetup "$MNTIMAGE" +fi + echo -n >| $RCFILE cemit << EOF #!/bin/nash @@ -1497,7 +1547,7 @@ EOF done unset usb_mounted -if [ -z "$nolvm" -a -n "$vg_list" ]; then +if [ -z "$nolvm" -a -n "$vg_list" -o -n "$cryptodevs" ]; then emit "echo Making device-mapper control node" emit "mkdmnod" fi @@ -1530,6 +1580,13 @@ if [ -n "$raiddevices" ]; then done fi +for crypt in $cryptodevs; do + cryptdev=$(echo $crypt | cut -d: -f1) + cryptname=$(echo $crypt | cut -d: -f2) + emit "echo Setting up disk encryption: $cryptdev" + emit "cryptsetup luksOpen $cryptdev $cryptname" +done + if [ -z "$nolvm" -a -n "$vg_list" ]; then emit "echo Scanning logical volumes" emit "lvm vgscan --ignorelockingfailure"