[arch-projects] [RFC 14/23] Add support to ct_map for key devices
Tom Gundersen
teg at jklm.no
Fri May 18 19:07:42 EDT 2012
On Fri, May 18, 2012 at 6:22 PM, Matthew Monaco <dgbaley27 at 0x01b.net> wrote:
> From: Matthew Monaco <matthew.monaco at 0x01b.net>
>
> The key field may be device:key:fstype or device:key in which case the
> device is resolved and mounted if necessary. For these, key must be
> relative to the root of the filesystem on the device.
>
> The keydevice is mounted to $(mktemp -d). It is only unmounted if we
> mounted it.
This mounts your device to /tmp/<something>. Are we sure that we never
overmount something on /tmp between we mount and unmount the device?
I guess it would be safer to create a folder under /run (e.g.
/run/cryptmount) and use that as --tmpdir when using mktemp. Or maybe
I'm overly paranoid...
> cryptmount.sh | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 74 insertions(+), 2 deletions(-)
>
> diff --git a/cryptmount.sh b/cryptmount.sh
> index 03699d0..a8a0ec8 100755
> --- a/cryptmount.sh
> +++ b/cryptmount.sh
> @@ -341,8 +341,8 @@ ct_unmap() {
>
> ct_map() {
>
> -<<<<<<< HEAD
> local name="$1" dev="$2" key="$3" args="" swap=0
> + local key_dev="" key_fstype="" key_mntpnt="" key_dev_umount=0
> shift 3
>
> if [ -e "/dev/mapper/$name" ]; then
> @@ -363,8 +363,71 @@ ct_map() {
> return 1
> fi
>
> + # parse various key formats
> + case "$key" in
> + *:*:*)
> + key_dev="${key%%:*}"
> + key="${key#*:}"
> + key_fstype="${key%%:*}"
> + key="${key#*:}"
> + ;;
> + *:*)
> + key_dev="${key%%:*}"
> + key="${key#*:}"
> + ;;
> + ""|-)
> + unset key_dev
> + unset key
> + ;;
> + *)
> + unset key_dev
> + ;;
> + esac
> +
> + # resolve any needed key device and mount if necessary
> + if [ "$key_dev" ]; then
> +
> + if key_dev="$(ct_resolve_device "$key_dev")"; then
> +
> + if key_mntpnt="$(findmnt -cfmnoTARGET "$key_dev")"; then
> +
> + key="$key_mntpnt/$key"
> +
> + elif key_mntpnt="$(mktemp -d)"; then
> +
> + [ -n "$key_fstype" ] && key_fstype="-t $key_fstype"
> +
> + if run mount -r $key_fstype "$key_dev" "$key_mntpnt"; then
> + key="$key_mntpnt/$key"
> + key_dev_umount=1
> + else
> + error "unable to mount key device '$key_dev',"
> + error " falling back on interactive password"
> + unset key
> + fi
> + else
> + error "unable to find or create mountpoint for key device,"
> + error " falling back on interactive password"
> + unset key
> + fi
> + else
> + error "key device '$key_dev' not found"
> + error " falling back on interactive password"
> + unset key
> + fi
> +
> + elif [ -n "$key" -a "$key" != "-" ]; then
> +
> + if ! key="$(ct_resolve_device "$key")"; then
> + error "key '$key' not found"
> + error " falling back on interactive password"
> + unset key
> + fi
> +
> + fi
> +
> if [ "$key" ]; then
> - key="--key-file=\"$key\""
> + key=--key-file="$key"
> fi
>
> local ret=0
> @@ -409,6 +472,15 @@ ct_map() {
>
> fi
>
> + # clean up after ourselves
> + if [ $key_dev_umount -eq 1 ]; then
> + if ! run umount "$key_dev"; then
> + warn "unable to mount key device '$key_dev'"
> + else
> + run rmdir "$key_mntpnt"
> + fi
> + fi
> +
> return $ret
> }
>
> --
> 1.7.10.2
>
More information about the arch-projects
mailing list