Re-write of crypttab/cryptsetup handling - Request for peer review, wider testing.
I don't know whether Pat will be interested in this or not (but if he is, he's welcome to it).
After the shellshock stuff occurred I started looking at the Slackware system scripts for bashisms with an eye to making them shell agnostic. One of the first I noticed was the crypttab handling code in rc.S which uses arrays. What I expected to be a quick fix, ended up as an extensive rewrite, including adding support for the more useful subset of the options on the freedesktop.org/systemd crypttab page. Anyway, the results of my labour are here, for any who feel adventurous and want to help me out with feedback and testing,(but don't apply it untested to any boxes you care about, just in case I got something wrong. ;) ). UPDATE 20/10: Updated the rc.cryptsetup to include the safety-check suggested by Eric. Now split into two separate patch files, one per package. |
I like this, and you have my blessing :-) Pat will hopefully also be convinced and apply it.
The one thing that has always been missing in my LUKS implementation in rc.S, was a check right before encrypting a swap volume and enabling it. I have had one bug report in the past where someone added an extra harddisk to his computer, as a result the disk numbering changed and at boot, rc.S overwrote a data partition and turned it into swap. Can you add a check for the existence of partitions with filesystems on the volume right before LUKS-ifying it as an encrypted swap? Eric |
Thanks for the feedback.
The unconditionally nuke-it if its tagged 'swap' approach has always concerned me too. Might be able to do something with 'blkid' in order to preform a sanity check. Leave it with me. :) |
You seem to be good at bash, but if you cannot solve it, post it in the programming forum and solution will be found.
|
I think adding a construct like this at the appropriate place will do the job:
Code:
blkid -p -n noswap $DEV && { echo "Not on your nelly!" ; continue ;} A Swap partition or an empty partition will return 2. The only thing that could be an issue is that as the partition may be left containing random data under some circumstances, though not in normal operation, its possible that blkid could be fooled into thinking that its a filesystem and trigger the fail-safe. Need to do a bit more testing, but I think this is the best I'm going to come up with. If anyone has a better approach, I'm open to suggestions. |
Quote:
|
Quote:
|
Updated the rc.cryptsetup attached to post #1 to include the safety-check suggested by Eric.
|
Can you re-attach your files? The link no longer works.
|
Yep, I tend to treat LQ attachments as transitory and housekeep them after a few months to avoid leaving 'stale' stuff around. I really should sign up with github for these sorts of things.
I don't have the nicely formatted patch files anymore, but here's the raw rc.cryptsetup taken from my system. |
There's a bug in that version with quoting. Here is a patch to fix it and to allow it to run with /bin/ash:
Code:
--- rc.cryptsetup.txt 2015-03-02 12:40:10.992298601 -0600 |
That section runs fine with both bash and ash here as is. What symptoms are you seeing and for what input?
Code:
root@ws1:/tmp# cat crypttab |
P.S. I chose the quoting carefully as the different shell implementations can be inconsistent when escaping within double quotes. Here, see what happens when you use your "${a#\'}" in ash:
Code:
bash-4.2$ a="'word'" |
Well, the original seems to run, but in geany the quoting is reported as being off. checkbashisms also reports this:
Code:
bash-4.2$ checkbash -p -x rc.cryptsetup |
Yeah, I'm not surprised that syntax highlighters/checkers are having a hard time with it.
Though my original code works, that quoting is definitely ugly. Thinking about it, using a couple of intermediate variables should avoid the need for double-quoting and ought to work. So, Code:
for word in $line |
All times are GMT -5. The time now is 05:09 PM. |