[arch-commits] Commit in cryptsetup/trunk (encrypt_hook encrypt_install)

[Dave Reisner]

    Date: Thursday, May 10, 2012 @ 17:58:54
  Author: dreisner
Revision: 158813

more hook cleanup

- document cryptdevice= and cryptkey= parameters
- grab cryptsetup binary by PATH
- standard modelines

Modified:
  cryptsetup/trunk/encrypt_hook
  cryptsetup/trunk/encrypt_install

-----------------+
 encrypt_hook    |    7 ++++---
 encrypt_install |   37 +++++++++++++++++++++++++------------
 2 files changed, 29 insertions(+), 15 deletions(-)

Modified: encrypt_hook
===================================================================
--- encrypt_hook	2012-05-10 19:18:57 UTC (rev 158812)
+++ encrypt_hook	2012-05-10 21:58:54 UTC (rev 158813)
@@ -1,6 +1,5 @@
-# vim: set ft=sh:
-# TODO this one needs some work to work with lots of different
-#       encryption schemes
+#!/usr/bin/ash
+
 run_hook() {
     /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
     [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
@@ -134,3 +133,5 @@
     fi
     rm -f ${ckeyfile}
 }
+
+# vim: set ft=sh ts=4 sw=4 et:

Modified: encrypt_install
===================================================================
--- encrypt_install	2012-05-10 19:18:57 UTC (rev 158812)
+++ encrypt_install	2012-05-10 21:58:54 UTC (rev 158813)
@@ -1,26 +1,39 @@
-# vim: set ft=sh:
+#!/bin/bash
 
-build()
-{
+build() {
     if [ -z "${CRYPTO_MODULES}" ]; then
-        MODULES=" dm-crypt $(all_modules "/crypto/") "
+        MODULES=" dm-crypt $(all_modules "/crypto/")"
     else
-        MODULES=" dm-crypt ${CRYPTO_MODULES} "
+        MODULES=" dm-crypt $CRYPTO_MODULES"
     fi
     FILES=""
     SCRIPT="encrypt"
-    [ -f "/sbin/cryptsetup" ] && add_binary "/sbin/cryptsetup" "/sbin/cryptsetup"
-    [ -f "/usr/sbin/cryptsetup" ] && add_binary "/usr/sbin/cryptsetup" "/sbin/cryptsetup"
-    add_binary "/sbin/dmsetup"
+
+    add_binary "cryptsetup"
+    add_binary "dmsetup"
     add_file "/usr/lib/udev/rules.d/10-dm.rules"
     add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
     add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
     add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
 }
 
-help ()
-{
-cat<<HELPEOF
-  This hook allows for an encrypted root device.
+help() {
+  cat <<HELPEOF
+This hook allows for an encrypted root device. Users should specify the device
+to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
+where 'device' is the path to the raw device, and 'dmname' is the name given to
+the device after unlocking, and will be available as /dev/mapper/lvname.
+
+For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
+the kernel cmdline, where 'device' represents the raw block device where the key
+exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
+the absolute path of the keyfile within the device.
+
+Without specifying a keyfile, you will be prompted for the password at runtime.
+This means you must have a keyboard available to input it, and you may need
+the keymap hook as well to ensure that the keyboard is using the layout you
+expect.
 HELPEOF
 }
+
+# vim: set ft=sh ts=4 sw=4 et: