From 53f420ae16bfe3fbf673eaf352fd729e64e4e740 Mon Sep 17 00:00:00 2001 From: Tobias Powalowski Date: Sat, 25 Jul 2009 10:23:59 +0200 Subject: [PATCH] added advanced root detection if root= was specified --- etc/archboot/allinone-lowmem.conf | 2 +- etc/archboot/allinone.conf | 2 +- etc/archboot/default-ftp-pxelinux.conf | 2 +- etc/archboot/default-ftp.conf | 2 +- etc/archboot/default-pxelinux.conf | 2 +- etc/archboot/default.conf | 2 +- etc/archboot/lowmem.conf | 2 +- lib/initcpio/hooks/arch_advanced_root | 24 +++ lib/initcpio/hooks/arch_encrypt | 222 ++++++++++++------------ lib/initcpio/hooks/arch_lvm2 | 26 +-- lib/initcpio/hooks/arch_mdadm | 96 +++++----- lib/initcpio/install/arch_advanced_root | 17 ++ 12 files changed, 223 insertions(+), 176 deletions(-) create mode 100644 lib/initcpio/hooks/arch_advanced_root create mode 100644 lib/initcpio/install/arch_advanced_root diff --git a/etc/archboot/allinone-lowmem.conf b/etc/archboot/allinone-lowmem.conf index fd249ac8f..5649b90ea 100644 --- a/etc/archboot/allinone-lowmem.conf +++ b/etc/archboot/allinone-lowmem.conf @@ -9,7 +9,7 @@ FILES="" # # Please change the other hooks only if you know what you are doing. # hooks for lowmem image -HOOKS="arch_core_install arch_installer arch_bootmessage_allinone arch_acpi arch_motd arch_memtest arch_pam arch_shadow_lowmem arch_base_lowmem arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata usb arch_cdrom arch_pcspkr usbinput arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems_lowmem arch_pacman_lowmem arch_licenses" +HOOKS="arch_core_install arch_installer arch_bootmessage_allinone arch_acpi arch_motd arch_memtest arch_pam arch_shadow_lowmem arch_base_lowmem arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata usb arch_cdrom arch_pcspkr usbinput arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems_lowmem arch_pacman_lowmem arch_licenses" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/etc/archboot/allinone.conf b/etc/archboot/allinone.conf index b369ded48..5ad19f50d 100644 --- a/etc/archboot/allinone.conf +++ b/etc/archboot/allinone.conf @@ -8,7 +8,7 @@ FILES="" # SETUP # # Please change the hooks only if you know what you are doing. -HOOKS="arch_ftp_install arch_installer arch_bootmessage_allinone arch_tz arch_keymap arch_acpi arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_wipe arch_testdisk arch_ddrescue arch_clamav" +HOOKS="arch_ftp_install arch_installer arch_bootmessage_allinone arch_tz arch_keymap arch_acpi arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_wipe arch_testdisk arch_ddrescue arch_clamav" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/etc/archboot/default-ftp-pxelinux.conf b/etc/archboot/default-ftp-pxelinux.conf index 9cd5de9ee..87cb7ac02 100644 --- a/etc/archboot/default-ftp-pxelinux.conf +++ b/etc/archboot/default-ftp-pxelinux.conf @@ -8,7 +8,7 @@ FILES="" # SETUP # # Please change the hooks only if you know what you are doing. -HOOKS="arch_ftp_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_pxelinux" +HOOKS="arch_ftp_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_pxelinux" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/etc/archboot/default-ftp.conf b/etc/archboot/default-ftp.conf index 22946d191..0e761bc56 100644 --- a/etc/archboot/default-ftp.conf +++ b/etc/archboot/default-ftp.conf @@ -8,7 +8,7 @@ FILES="" # SETUP # # Please change the hooks only if you know what you are doing. -HOOKS="arch_ftp_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_wipe arch_testdisk arch_ddrescue arch_clamav" +HOOKS="arch_ftp_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_wipe arch_testdisk arch_ddrescue arch_clamav" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/etc/archboot/default-pxelinux.conf b/etc/archboot/default-pxelinux.conf index 5cc2e4e1c..ac134dccb 100644 --- a/etc/archboot/default-pxelinux.conf +++ b/etc/archboot/default-pxelinux.conf @@ -8,7 +8,7 @@ FILES="" # SETUP # # Please change the hooks only if you know what you are doing. -HOOKS="arch_core_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_pxelinux arch_wipe arch_testdisk arch_ddrescue arch_clamav" +HOOKS="arch_core_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_addons arch_vim arch_pxelinux arch_wipe arch_testdisk arch_ddrescue arch_clamav" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/etc/archboot/default.conf b/etc/archboot/default.conf index 042be7d08..67efaae48 100644 --- a/etc/archboot/default.conf +++ b/etc/archboot/default.conf @@ -8,7 +8,7 @@ FILES="" # SETUP # # Please change the hooks only if you know what you are doing. -HOOKS="arch_core_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_vim arch_addons arch_wipe arch_testdisk arch_ddrescue arch_clamav" +HOOKS="arch_core_install arch_installer arch_tz arch_keymap arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow arch_base arch_intel_wireless arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata arch_cdrom arch_pcspkr arch_net arch_isdn arch_pcmcia arch_rtc arch_sound usb usbinput arch_fw arch_floppy arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems arch_remote arch_cpufreq arch_fb arch_links arch_pacman arch_kexec arch_ppp arch_pppoe arch_lilo arch_grub arch_syslinux arch_iptables arch_capi4k arch_pciutils arch_usbutils arch_openvpn arch_vpnc arch_pptpclient arch_licenses arch_wireless arch_linux_atm arch_tiacx_wireless arch_netcfg arch_fsarchiver arch_vim arch_addons arch_wipe arch_testdisk arch_ddrescue arch_clamav" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/etc/archboot/lowmem.conf b/etc/archboot/lowmem.conf index 58b4b64e6..c97a25f8a 100644 --- a/etc/archboot/lowmem.conf +++ b/etc/archboot/lowmem.conf @@ -9,7 +9,7 @@ FILES="" # # Please change the hooks only if you know what you are doing. # hooks for lowmem image -HOOKS="arch_core_install arch_installer arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow_lowmem arch_base_lowmem arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata usb arch_cdrom arch_pcspkr usbinput arch_virtio arch_dmraid arch_mdadm arch_lvm2 arch_encrypt arch_filesystems_lowmem arch_pacman_lowmem arch_licenses" +HOOKS="arch_core_install arch_installer arch_acpi arch_bootmessage arch_motd arch_memtest arch_pam arch_shadow_lowmem arch_base_lowmem arch_udev arch_hwdetect arch_udevtrigger ide pata scsi sata usb arch_cdrom arch_pcspkr usbinput arch_virtio arch_dmraid arch_advanced_root arch_mdadm arch_lvm2 arch_encrypt arch_filesystems_lowmem arch_pacman_lowmem arch_licenses" ### NETWORK SETUP # the default install media creating process, uses latest files from svn! diff --git a/lib/initcpio/hooks/arch_advanced_root b/lib/initcpio/hooks/arch_advanced_root new file mode 100644 index 000000000..0e334a46c --- /dev/null +++ b/lib/initcpio/hooks/arch_advanced_root @@ -0,0 +1,24 @@ +# vim: set ft=sh: +run_hook () +{ +if ! [ "${root}" = "" -a "${ip}" = "" ]; then + HOOKS="$(hwdetect --rootdevice=${root} --advanced)" + echo $HOOKS | grep -q lvm && export LVMRUN=1 + echo $HOOKS | grep -q mdadm && export MDADMRUN=1 + echo $HOOKS | grep -q encrypt && export ENCRYPTRUN=1 + if [ -e "/hooks" ]; then + for h in ${HOOKS}; do + TST="" + eval "TST=\$hook_${h}" + if [ "${TST}" != "disabled" ]; then + run_hook () { msg "${h}: no run function defined"; } + if [ -e "/hooks/${h}" ]; then + . /hooks/${h} + msg ":: Running Hook [${h}]" + run_hook + fi + fi + done + fi +fi +} \ No newline at end of file diff --git a/lib/initcpio/hooks/arch_encrypt b/lib/initcpio/hooks/arch_encrypt index e30c2eb6d..91c41b0e1 100644 --- a/lib/initcpio/hooks/arch_encrypt +++ b/lib/initcpio/hooks/arch_encrypt @@ -3,127 +3,129 @@ # encryption schemes run_hook () { - /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1 - if [ -e "/sys/class/misc/device-mapper" ]; then - if [ ! -c "/dev/mapper/control" ]; then - read dev_t < /sys/class/misc/device-mapper/dev - /bin/mknod "/dev/mapper/control" c $(/bin/replace "${dev_t}" ':') - fi - [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" - - # Get keyfile if specified - ckeyfile="/crypto_keyfile.bin" - if [ "x${cryptkey}" != "x" ]; then - set -- $(/bin/replace "${cryptkey}" ':'); ckdev=$1; ckarg1=$2; ckarg2=$3 - if poll_device "${ckdev}" ${rootdelay}; then - case ${ckarg1} in - *[!0-9]*) - # Use a file on the device - # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path - mkdir /ckey - mount -r -t ${ckarg1} ${ckdev} /ckey - dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1 - umount /ckey - ;; - *) - # Read raw data from the block device - # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1 - ;; - esac + if [ "$ENCRYPTRUN" = "1" ]; then + /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1 + if [ -e "/sys/class/misc/device-mapper" ]; then + if [ ! -c "/dev/mapper/control" ]; then + read dev_t < /sys/class/misc/device-mapper/dev + /bin/mknod "/dev/mapper/control" c $(/bin/replace "${dev_t}" ':') fi - [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." - fi + [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" - if [ -n "${cryptdevice}" ]; then - DEPRECATED_CRYPT=0 - set -- $(/bin/replace "${cryptdevice}" ':'); cryptdev="$1"; cryptname="$2"; - else - DEPRECATED_CRYPT=1 - cryptdev="${root}" - cryptname="root" - fi - - warn_deprecated() { - echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" - echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." - } - - if poll_device "${cryptdev}" ${rootdelay}; then - if /usr/sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - dopassphrase=1 - # If keyfile exists, try to use that - if [ -f ${ckeyfile} ]; then - if eval /usr/sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then - dopassphrase=0 - else - echo "Invalid keyfile. Reverting to passphrase." - fi + # Get keyfile if specified + ckeyfile="/crypto_keyfile.bin" + if [ "x${cryptkey}" != "x" ]; then + set -- $(/bin/replace "${cryptkey}" ':'); ckdev=$1; ckarg1=$2; ckarg2=$3 + if poll_device "${ckdev}" ${rootdelay}; then + case ${ckarg1} in + *[!0-9]*) + # Use a file on the device + # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path + mkdir /ckey + mount -r -t ${ckarg1} ${ckdev} /ckey + dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1 + umount /ckey + ;; + *) + # Read raw data from the block device + # ckarg1 is numeric: ckarg1=offset, ckarg2=length + dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1 + ;; + esac + fi + [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." fi - # Ask for a passphrase - if [ ${dopassphrase} -gt 0 ]; then - echo "" - echo "A password is required to access the ${cryptname} volume:" - #loop until we get a real password - while ! eval /usr/sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do - sleep 2; - done - fi - if [ -e "/dev/mapper/${cryptname}" ]; then - if [ ${DEPRECATED_CRYPT} -eq 1 ]; then - export root="/dev/mapper/root" - fi + if [ -n "${cryptdevice}" ]; then + DEPRECATED_CRYPT=0 + set -- $(/bin/replace "${cryptdevice}" ':'); cryptdev="$1"; cryptname="$2"; else - err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 + DEPRECATED_CRYPT=1 + cryptdev="${root}" + cryptname="root" fi - elif [ "x${crypto}" != "x" ]; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - do_oldcrypto () - { - if [ $# -ne 5 ]; then - err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" - err "Non-LUKS decryption not attempted..." - return 1 - fi - exe="/usr/sbin/cryptsetup create ${cryptname} ${cryptdev}" - [ "x$(eval echo ${1})" != "x" ] && exe="${exe} --hash \"$(eval echo ${1})\"" - [ "x$(eval echo ${2})" != "x" ] && exe="${exe} --cipher \"$(eval echo ${2})\"" - [ "x$(eval echo ${3})" != "x" ] && exe="${exe} --key-size \"$(eval echo ${3})\"" - [ "x$(eval echo ${4})" != "x" ] && exe="${exe} --offset \"$(eval echo ${4})\"" - [ "x$(eval echo ${5})" != "x" ] && exe="${exe} --skip \"$(eval echo ${5})\"" - if [ -f ${ckeyfile} ]; then - exe="${exe} --key-file ${ckeyfile}" - else - exe="${exe} --verify-passphrase" - echo "" - echo "A password is required to access the ${cryptname} volume:" - fi - eval "${exe} ${CSQUIET}" + + warn_deprecated() { + echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" + echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." } - msg "Non-LUKS encrypted device found..." - do_oldcrypto $(/bin/replace -q "${crypto}" ':') + if poll_device "${cryptdev}" ${rootdelay}; then + if /usr/sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + dopassphrase=1 + # If keyfile exists, try to use that + if [ -f ${ckeyfile} ]; then + if eval /usr/sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then + dopassphrase=0 + else + echo "Invalid keyfile. Reverting to passphrase." + fi + fi + # Ask for a passphrase + if [ ${dopassphrase} -gt 0 ]; then + echo "" + echo "A password is required to access the ${cryptname} volume:" - if [ $? -ne 0 ]; then - err "Non-LUKS device decryption failed. verify format: " - err " crypto=hash:cipher:keysize:offset:skip" - exit 1 - fi - if [ -e "/dev/mapper/${cryptname}" ]; then - if [ ${DEPRECATED_CRYPT} -eq 1 ]; then - export root="/dev/mapper/root" + #loop until we get a real password + while ! eval /usr/sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do + sleep 2; + done + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + exit 1 + fi + elif [ "x${crypto}" != "x" ]; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + do_oldcrypto () + { + if [ $# -ne 5 ]; then + err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" + err "Non-LUKS decryption not attempted..." + return 1 + fi + exe="/usr/sbin/cryptsetup create ${cryptname} ${cryptdev}" + [ "x$(eval echo ${1})" != "x" ] && exe="${exe} --hash \"$(eval echo ${1})\"" + [ "x$(eval echo ${2})" != "x" ] && exe="${exe} --cipher \"$(eval echo ${2})\"" + [ "x$(eval echo ${3})" != "x" ] && exe="${exe} --key-size \"$(eval echo ${3})\"" + [ "x$(eval echo ${4})" != "x" ] && exe="${exe} --offset \"$(eval echo ${4})\"" + [ "x$(eval echo ${5})" != "x" ] && exe="${exe} --skip \"$(eval echo ${5})\"" + if [ -f ${ckeyfile} ]; then + exe="${exe} --key-file ${ckeyfile}" + else + exe="${exe} --verify-passphrase" + echo "" + echo "A password is required to access the ${cryptname} volume:" + fi + eval "${exe} ${CSQUIET}" + } + + msg "Non-LUKS encrypted device found..." + do_oldcrypto $(/bin/replace -q "${crypto}" ':') + + if [ $? -ne 0 ]; then + err "Non-LUKS device decryption failed. verify format: " + err " crypto=hash:cipher:keysize:offset:skip" + exit 1 + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + exit 1 + fi + else + err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." fi - else - err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 - fi - else - err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." fi + nuke ${ckeyfile} fi - nuke ${ckeyfile} fi } diff --git a/lib/initcpio/hooks/arch_lvm2 b/lib/initcpio/hooks/arch_lvm2 index 66c4eaf10..e153ca795 100644 --- a/lib/initcpio/hooks/arch_lvm2 +++ b/lib/initcpio/hooks/arch_lvm2 @@ -1,18 +1,20 @@ run_hook () { - /sbin/modprobe -q dm-mod >/dev/null 2>&1 - # fix if udev initialises /dev/mapper/control - sleep 0.5 - if [ -e "/sys/class/misc/device-mapper" ]; then - if [ ! -c "/dev/mapper/control" ]; then - read dev_t < /sys/class/misc/device-mapper/dev - if [ ! -e "/dev/mapper/control" ]; then - /bin/mknod "/dev/mapper/control" c $(/bin/replace "${dev_t}" ':') + if ! [ "$LVMRUN" = "1" ]; then + /sbin/modprobe -q dm-mod >/dev/null 2>&1 + # fix if udev initialises /dev/mapper/control + sleep 0.5 + if [ -e "/sys/class/misc/device-mapper" ]; then + if [ ! -c "/dev/mapper/control" ]; then + read dev_t < /sys/class/misc/device-mapper/dev + if [ ! -e "/dev/mapper/control" ]; then + /bin/mknod "/dev/mapper/control" c $(/bin/replace "${dev_t}" ':') + fi fi + msg "Scanning logical volumes..." + /sbin/lvm vgscan --ignorelockingfailure + msg "Activating logical volumes..." + /sbin/lvm vgchange --ignorelockingfailure -ay fi - msg "Scanning logical volumes..." - /sbin/lvm vgscan --ignorelockingfailure - msg "Activating logical volumes..." - /sbin/lvm vgchange --ignorelockingfailure -ay fi } diff --git a/lib/initcpio/hooks/arch_mdadm b/lib/initcpio/hooks/arch_mdadm index 7e59f3769..3e91f0d95 100644 --- a/lib/initcpio/hooks/arch_mdadm +++ b/lib/initcpio/hooks/arch_mdadm @@ -1,52 +1,54 @@ # vim: set ft=sh: run_hook () { - input="$(cat /proc/cmdline)" - mdconfig="/etc/mdadm.conf" - # for partitionable raid, we need to load md_mod first! - modprobe md_mod 2>/dev/null - # if no config file is present create one from command line parameters - if ! [ -e $mdconfig ]; then - #Create initial mdadm.conf - # scan all devices in /proc/partitions - echo DEVICE partitions > $mdconfig - for i in $input; do - case $i in - # raid - md=[0-9]*,/*) - device="$(/bin/replace -s,/ "$i" "=" "")" - array="$(/bin/replace -s/ "$device" "," " devices=")" - echo "ARRAY /dev/$array" >> $mdconfig - RAID_FOUND=1 - ;; - # partitionable raid - md=d[0-9]*,/*) - device="$(/bin/replace -s=d "$i" "md=" "md_")" - array="$(/bin/replace -s/ "$device" "," " devices=")" - echo "ARRAY /dev/$array" >> $mdconfig - RAID_FOUND=1 - ;; - # raid UUID - md=[0-9]*,[0-9,a-z]*) - device="$(/bin/replace -s,/ "$i" "=" "")" - array="$(/bin/replace -s/ "$device" "," " uuid=")" - echo "ARRAY /dev/$array" >> $mdconfig - RAID_FOUND=1 - ;; - # partitionable raid UUID - md=d[0-9]*,[0-9,a-z]*) - device="$(/bin/replace -s=d "$i" "md=" "md_")" - array="$(/bin/replace -s/ "$device" "," " uuid=")" - echo "ARRAY /dev/$array" >> $mdconfig - RAID_FOUND=1 - ;; - esac - done - else - RAID_FOUND=1 - fi - if [ "$RAID_FOUND" = 1 ]; then - # assemble everything - /sbin/mdassemble.static + if ! [ "$MDADMRUN" = "1" ]; then + input="$(cat /proc/cmdline)" + mdconfig="/etc/mdadm.conf" + # for partitionable raid, we need to load md_mod first! + modprobe md_mod 2>/dev/null + # if no config file is present create one from command line parameters + if ! [ -e $mdconfig ]; then + #Create initial mdadm.conf + # scan all devices in /proc/partitions + echo DEVICE partitions > $mdconfig + for i in $input; do + case $i in + # raid + md=[0-9]*,/*) + device="$(/bin/replace -s,/ "$i" "=" "")" + array="$(/bin/replace -s/ "$device" "," " devices=")" + echo "ARRAY /dev/$array" >> $mdconfig + RAID_FOUND=1 + ;; + # partitionable raid + md=d[0-9]*,/*) + device="$(/bin/replace -s=d "$i" "md=" "md_")" + array="$(/bin/replace -s/ "$device" "," " devices=")" + echo "ARRAY /dev/$array" >> $mdconfig + RAID_FOUND=1 + ;; + # raid UUID + md=[0-9]*,[0-9,a-z]*) + device="$(/bin/replace -s,/ "$i" "=" "")" + array="$(/bin/replace -s/ "$device" "," " uuid=")" + echo "ARRAY /dev/$array" >> $mdconfig + RAID_FOUND=1 + ;; + # partitionable raid UUID + md=d[0-9]*,[0-9,a-z]*) + device="$(/bin/replace -s=d "$i" "md=" "md_")" + array="$(/bin/replace -s/ "$device" "," " uuid=")" + echo "ARRAY /dev/$array" >> $mdconfig + RAID_FOUND=1 + ;; + esac + done + else + RAID_FOUND=1 + fi + if [ "$RAID_FOUND" = 1 ]; then + # assemble everything + /sbin/mdassemble.static + fi fi } \ No newline at end of file diff --git a/lib/initcpio/install/arch_advanced_root b/lib/initcpio/install/arch_advanced_root new file mode 100644 index 000000000..470564f47 --- /dev/null +++ b/lib/initcpio/install/arch_advanced_root @@ -0,0 +1,17 @@ +# vim:set ft=sh: + +install () +{ + MODULES="" + BINARIES="hwdetect" + FILES="" + SCRIPT="arch_advanced_root" +} + +help () +{ +cat <