[arch-projects] [RFC initscripts 28/29] Split encrypted mappings to before and after rand seed

[Matthew Monaco]

From: Matthew Monaco <matthew.monaco at 0x01b.net>

For encryped volumes with a random passphrase -- typically those used
for swap space -- it's desireable to set up AFTER the random seed has
been restored. Unfortunately, in many situations the random seed is
stored on another encrypted volume.

To solve this only map non-random volumes in the current location. Later
on, map the random volumes after the random seed has been loaded. This
also involves moving swapon down a few lines.
---
 rc.sysinit |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/rc.sysinit b/rc.sysinit
index b95defc..270f384 100755
--- a/rc.sysinit
+++ b/rc.sysinit
@@ -152,8 +152,8 @@ activate_cryptos() {
 	(( unlocked )) && activate_vgs
 }
 
-# Map any unmapped encrypted volumes in crypttab
-activate_cryptos
+# Map any unmapped encrypted volumes in crypttab, non-random
+activate_cryptos -O \!%random
 
 # Check filesystems
 run_hook sysinit_prefsck
@@ -184,13 +184,16 @@ run_hook sysinit_postmount
 	status "Activating monitoring of LVM2 groups" \
 		vgchange --monitor y >/dev/null
 
-status "Activating Swap" swapon -a
-
 [[ $TIMEZONE ]] && status "Configuring Time Zone" set_timezone "$TIMEZONE"
 
 status "Initializing Random Seed" load_random_seed
 status "Storing new Random Seed" store_random_seed
 
+# Map any unmapped encrypted volumes in crypttab, only random
+activate_cryptos -O %random
+
+status "Activating Swap" swapon -a
+
 # Remove leftover files
 remove_leftover
 
-- 
1.7.10.2