Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 269101 Details for
Bug 124789
[PATCH] Add encrypted root filesystem support to mkinitrd
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to add support for encrypted root filesystems to mkinitrd
mkinitrd-6.0.19-encroot-1.patch (text/plain), 22.12 KB, created by
W. Michael Petullo
on 2007-11-26 17:29:12 UTC
(
hide
)
Description:
Patch to add support for encrypted root filesystems to mkinitrd
Filename:
MIME Type:
Creator:
W. Michael Petullo
Created:
2007-11-26 17:29:12 UTC
Size:
22.12 KB
patch
obsolete
>diff -u --recursive --new-file mkinitrd-6.0.19-vanilla/grubby/grubby.c mkinitrd-6.0.19/grubby/grubby.c >--- mkinitrd-6.0.19-vanilla/grubby/grubby.c 2007-11-12 06:46:17.000000000 -0600 >+++ mkinitrd-6.0.19/grubby/grubby.c 2007-11-26 09:57:17.000000000 -0600 >@@ -29,6 +29,7 @@ > #include <sys/stat.h> > #include <unistd.h> > #include <libgen.h> >+#include <libdevmapper.h> > #include <execinfo.h> > #include <signal.h> > >@@ -49,6 +50,8 @@ > > #define CODE_SEG_SIZE 128 /* code segment checked by --bootloader-probe */ > >+#define CRYPT_TARGET "crypt" >+ > /* comments get lumped in with indention */ > struct lineElement { > char * item; >@@ -1041,6 +1044,32 @@ > return i; > } > >+/* returns true if dev seems to be encrypted using dmcrypt -- if this is >+ true then dev (ie: /dev/hdaX) will not be the same as sb2's dev >+ (ie: /dev/mapper/Y) */ >+static int isRootEnc(const dev_t statdev, const char *configdev) { >+ void *next = NULL; >+ struct dm_task *dmt; >+ struct dm_info dmi; >+ uint64_t start, length; >+ char *target_type = NULL, *params; >+ // Check if current root device is dm device. >+ if (statdev >> 8 != 253) >+ return 0; >+ if (!(dmt = dm_task_create(DM_DEVICE_STATUS))) >+ return 0; >+ if (!dm_task_set_name(dmt, "root")) >+ return 0; >+ if (!dm_task_run(dmt)) >+ return 0; >+ if (!dm_task_get_info(dmt, &dmi)) >+ return 0; >+ next = dm_get_next_target(dmt, next, &start, &length, &target_type, ¶ms); >+ if (target_type == NULL || strcmp(target_type, CRYPT_TARGET) != 0 || start != 0 || next) >+ return 0; >+ return 1; >+} >+ > int suitableImage(struct singleEntry * entry, const char * bootPrefix, > int skipRemoved, int flags) { > struct singleLine * line; >@@ -1104,7 +1133,7 @@ > > stat("/", &sb2); > >- if (sb.st_rdev != sb2.st_dev) >+ if (! isRootEnc(sb2.st_dev, dev) && sb.st_rdev != sb2.st_dev) > return 0; > > return 1; >diff -u --recursive --new-file mkinitrd-6.0.19-vanilla/grubby/new-kernel-pkg mkinitrd-6.0.19/grubby/new-kernel-pkg >--- mkinitrd-6.0.19-vanilla/grubby/new-kernel-pkg 2007-11-12 06:46:17.000000000 -0600 >+++ mkinitrd-6.0.19/grubby/new-kernel-pkg 2007-11-12 06:57:59.000000000 -0600 >@@ -11,6 +11,8 @@ > > PATH=/sbin:/bin:$PATH > >+. /etc/rc.d/init.d/functions >+ > lilo=/sbin/lilo > > # some defaults that are sane for most arches >@@ -87,6 +89,35 @@ > exit 1 > } > >+get_traditional_devnod() { >+ majmin=$(get_numeric_dev dec $1) >+ find /sys/block -name dev | while read device ; do \ >+ echo "$majmin" | cmp -s $device && echo $device ; done \ >+ | sed -e 's,.*/\([^/]\+\)/dev,\1,' >+} >+ >+# Given /dev/dm-?: >+# 1. Find the devnod in /dev/mapper that has the same major and minor number. >+# 2. Find the link in /dev/VolGroup?? that points to this /dev/mapper device. >+# 3. Print /dev/VolGroup??/LogVol?? >+get_logvol_devnod() { >+ majmin=$(get_numeric_dev dec $1) >+ >+ # 1: >+ for device in /dev/mapper/*; do >+ [ "$majmin" = "$(get_numeric_dev dec $device)" ] && mapperdev=$device >+ done >+ # 2: >+ vgdevices=`/sbin/lvm vgdisplay | awk '/VG Name/ { print $3; }'` >+ if [ -n "$vgdevices" ]; then >+ for device in /dev/$vgdevices/*; do >+ [ "$mapperdev" = "$(ls -l $device | awk '{ print $11 }')" ] && logvol=$device >+ done >+ fi >+ # 3: >+ echo $logvol >+} >+ > install() { > # XXX kernel should be able to be specified also (or work right on ia64) > if [ ! -f $bootPrefix/$kernelName-$version ] ; then >@@ -130,6 +161,42 @@ > cfgLilo="" > fi > >+ # check if root is encrypted and convert /dev/mapper/root to real >+ # block device if it is (inverse of code in mkinitrd) >+ if [ ${rootdevice%/*} = /dev/mapper ] \ >+ && cryptsetup status $rootdevice | grep cipher >/dev/null; then >+ # cryptsetup prints the first device node it finds that matches the device type, >+ # major number and minor number; this may be /dev/root and not, e.x., /dev/hda1. >+ cryptsetupdevice=$(cryptsetup status $rootdevice | grep device | awk '{ print $2 }') >+ traditionaldevice=$(get_traditional_devnod $cryptsetupdevice) >+ >+ # If the backing device is not a valid block device, then check if the >+ # cryptdevice is a valid block device and use it instead. >+ # This helps cover the case where newer rules have disabled the >+ # dm-# devices but the LVM mappings point to a valid block device. >+ if [ ! -b "/dev/$traditionaldevice" ] && [ -b "$cryptsetupdevice" ] ; then >+ traditionaldevice=$cryptsetupdevice >+ fi >+ >+ if [ -n "$traditionaldevice" ]; then >+ if [ "dm-" = ${traditionaldevice%[^-]} ]; then >+ logvoldevice=$(get_logvol_devnod /dev/$traditionaldevice) >+ echo "Found backing device $logvoldevice ($traditionaldevice) for $rootdevice" >+ rootdevice=$logvoldevice >+ elif [[ "$traditionaldevice" =~ "^/dev/" ]] ; then >+ logvoldevice=$(get_logvol_devnod $traditionaldevice) >+ echo "Found backing device $logvoldevice ($traditionaldevice) for $rootdevice" >+ rootdevice=$logvoldevice >+ else >+ echo "Found backing device $traditionaldevice for $rootdevice" >+ rootdevice=/dev/$traditionaldevice >+ fi >+ else >+ echo "Could not determine traditional device for $cryptsetupdevice" >+ exit 1 >+ fi >+ fi >+ > if [ -n "$cfgGrub" ]; then > [ -n "$verbose" ] && echo "adding $version to $grubConfig" > >diff -u --recursive --new-file mkinitrd-6.0.19-vanilla/mkinitrd mkinitrd-6.0.19/mkinitrd >--- mkinitrd-6.0.19-vanilla/mkinitrd 2007-11-12 06:46:17.000000000 -0600 >+++ mkinitrd-6.0.19/mkinitrd 2007-11-12 07:41:11.000000000 -0600 >@@ -171,6 +171,46 @@ > echo nash-resolveDevice "$1" | /sbin/nash --forcequiet > } > >+get_traditional_devnod() { >+ majmin=$(get_numeric_dev dec $1) >+ findall /sys/block -name dev | while read device ; do \ >+ echo "$majmin" | cmp -s $device && echo $device ; done \ >+ | sed -e 's,.*/\([^/]\+\)/dev,\1,' >+} >+ >+get_mapper_dev() { >+ majmin=$(get_numeric_dev dec "$1") >+ >+ for device in /dev/mapper/*; do >+ [ "$majmin" = "$(get_numeric_dev dec $device)" ] && mapperdev=$device >+ done >+ echo $mapperdev >+} >+ >+# Given /dev/dm-?: >+# 1. Find the devnod in /dev/mapper that has the same major and minor number. >+# 2. Find the link in /dev/VolGroup?? that points to this /dev/mapper device. >+# 3. Print /dev/VolGroup??/LogVol?? >+get_logvol_devnod() { >+ majmin=$(get_numeric_dev dec $1) >+ >+ # 1: >+ for device in /dev/mapper/*; do >+ [ "$majmin" = "$(get_numeric_dev dec $device)" ] && mapperdev=$device >+ done >+ # 2: >+ vgdevices=`/sbin/lvm vgdisplay | awk '/VG Name/ { print $3; }'` >+ if [ -n "$vgdevices" ]; then >+ for devicepath in /dev/$vgdevices; do >+ for device in $devicepath/*; do >+ [ "$mapperdev" = "$(ls -l $device | awk '{ print $10 }')" ] && logvol=$device >+ done >+ done >+ fi >+ # 3: >+ echo $logvol >+} >+ > DSO_DEPS="" > LDSO="" > get_dso_deps() { >@@ -478,27 +518,12 @@ > return $RET > } > >-finddevnoinsys() { >- majmin="$1" >- if [ -n "$majmin" ]; then >- dev=$(findall /sys/block -name dev | while read device ; do \ >- echo "$majmin" | cmp -s $device && echo $device ; done) >- if [ -n "$dev" ]; then >- dev=${dev%%/dev} >- echo "$dev" >- return 0 >- fi >- fi >- return 1 >-} >- > findblockdevinsys() { > devname=$(resolve_device_name "$1") > if [[ "$devname" =~ ^/sys/block/ ]]; then > echo "$devname" > fi >- majmin=$(get_numeric_dev dec $devname) >- finddevnoinsys "$majmin" >+ get_traditional_devnod $devname > } > > findstoragedriverinsys () { >@@ -540,8 +565,7 @@ > fi > vecho "Looking for driver for device $device" > if [[ "$device" =~ ^mapper/ ]]; then >- majmin=$(get_numeric_dev dec "/dev/$device") >- sysfs=$(finddevnoinsys $majmin) >+ sysfs=$(get_traditional_devnod "/dev/$device") > else > sysfs=$(findone -type d /sys/block -name $device) > fi >@@ -1090,18 +1114,205 @@ > else > rootopts=$(echo $rootopts | sed -e 's/^r[ow],//' -e 's/,_netdev//' -e 's/_netdev//' -e 's/,r[ow],$//' -e 's/,r[ow],/,/' -e 's/^r[ow]$/defaults/' -e 's/$/,ro/') > fi >- if [ "$rootfs" != "nfs" ]; then >- if [ -n "$physdev" -a "$physdev" != "$rootdev" ]; then >- handlelvordev "$physdev" >+ >+ # Check if root is encrypted, first if as an encrypted Physical Volume, >+ # then if encrypted upon a Logical Volume or normal block device >+ root_enc="" >+ root_enc_pv="" >+ >+ # Get the underlying PVs for $rootdev - if it has any >+ root_pvs=$(lvdisplay -m $rootdev 2>/dev/null | awk '/Physical volume/ {print $3}') >+ # If any PVs were found, check iff one is encrypted >+ if [[ -n "${root_pvs}" ]] ; then >+ for test_pv in $root_pvs; do >+ # vgdisplay will return the first matching device (e.g. /dev/dm-X) >+ # whilst cryptsetup needs a /dev/mapper/* device. Any valid crypt >+ # device will have an entry in /dev/mapper/ anyway, of course. >+ mapper_test_pv=$(get_mapper_dev $test_pv) >+ if [ -n "${mapper_test_pv}" ] \ >+ && cryptsetup status $mapper_test_pv |grep cipher >/dev/null; then >+ if [ -n "${crypt_pv}" ] ; then >+ echo "$rootdev has multiple encrypted Physical Volumes; only one is supported. Aborting." >+ exit 1 >+ else >+ crypt_pv=$mapper_test_pv >+ fi >+ fi >+ done >+ fi >+ >+ if [ -n "${crypt_pv}" ] ; then >+ # Find the backingdev of the encrypted PV >+ backingdev=$(cryptsetup status $crypt_pv | awk '/device/ { print $2 }') >+ vecho "Found encrypted PV $backingdev for $rootdev" >+ >+ if ! cryptsetup isLuks ${backingdev}; then >+ echo "Encryption on $rootdev (backing PV device ${backingdev} does not use LUKS, aborting." >&2 >+ exit 1 > fi >+ root_enc_pv="yes" >+ findmodule -dm-crypt >+ findmodule -blkcipher >+ findmodule -cbc >+ findmodule -aes >+ findmodule -sha256 >+ handlelvordev $backingdev > handlelvordev $rootdev >+ >+ elif [ ${rootdev%/*} = /dev/mapper ] \ >+ && cryptsetup status $rootdev | grep cipher >/dev/null; then >+ # cryptsetup prints the first device node it finds that matches the device type, >+ # major number and minor number; this may be /dev/root and not, e.x., /dev/hda1. >+ cryptsetupdev=`cryptsetup status $rootdev | grep device | awk '{ print $2 }'` >+ traditionaldev=$(get_traditional_devnod $cryptsetupdev) >+ >+ # If the backing device is not a valid block device, then check if the >+ # cryptdevice is a valid block device and use it instead. >+ # This helps cover the case where newer rules have disabled the >+ # dm-# devices but the LVM mappings point to a valid block device. >+ if [ ! -b "/dev/$traditionaldev" ] && [ -b "$cryptsetupdev" ] ; then >+ traditionaldev=$cryptsetupdev >+ fi >+ >+ if [ -n "$traditionaldev" ]; then >+ if [ "dm-" = ${traditionaldev%[^-]} ]; then >+ backingdev=$(get_logvol_devnod /dev/$traditionaldev) >+ elif [[ "$traditionaldev" =~ "^/dev/" ]] ; then >+ backingdev=$(get_logvol_devnod $traditionaldev) >+ else >+ backingdev=/dev/$traditionaldev >+ fi >+ vecho "Found backing device $backingdev for $rootdev" >+ else >+ echo "Could not determine backing device, aborting." >&2 >+ exit 1 >+ fi >+ if ! cryptsetup isLuks ${backingdev}; then >+ echo "Encryption on $rootdev (backing device ${backingdev} does not use LUKS, aborting." >&2 >+ exit 1 >+ fi >+ root_enc="yes" >+ findmodule -dm-crypt >+ findmodule -blkcipher >+ findmodule -cbc >+ findmodule -aes >+ findmodule -sha256 >+ handlelvordev $backingdev >+ else >+ [ "$rootfs" != "nfs" ] && handlelvordev $rootdev > fi > > # find the first swap dev which would get used for swsusp > swsuspdev=$(awk '/^[ \t]*[^#]/ { if ($3 == "swap") { print $1; exit }}' $fstab) >- if [ "$swsuspdev" == "${swsuspdev##LABEL=}" -o \ >- "$swsuspdev" == "${swsuspdev##UUID=}" ]; then >- handlelvordev $swsuspdev >+ >+ # Check if swsuspend is encrypted, first as an encrupted PV, then if >+ # encrypted upon a Logical Volume or normal block device >+ swsusp_enc="" >+ swsusp_env_pv="" >+ >+ # Get the underlying PVs reported for $swsuspdev >+ swsusp_pvs=$(lvdisplay -m $swsuspdev 2>/dev/null | awk '/Physical volume/ {print $3}') >+ # If any PVs were found, check iff one is encrypted and if matched that for rootdev >+ if [[ -n "${swsusp_pvs}" ]] ; then >+ for test_pv in $swsusp_pvs; do >+ # vgdisplay will return the first matching device (e.g. /dev/dm-X) >+ # whilst cryptsetup needs a /dev/mapper/* device. Any valid crypt >+ # device will have an entry in /dev/mapper/ anyway, of course. >+ mapper_test_pv=$(get_mapper_dev $test_pv) >+ if [ -n "${mapper_test_pv}" ] \ >+ && cryptsetup status $mapper_test_pv |grep cipher >/dev/null; then >+ if [ -n "${scrypt_pv}" ] ; then >+ echo "$swsuspdev has multiple encrypted Physical Volumes; only one is supported. Aborting." >+ exit 1 >+ else >+ scrypt_pv=$mapper_test_pv >+ if [ -n "$root_enc_pv" ] && [ "$scrypt_pv" != "$crypt_pv" ] ; then >+ echo "$rootdev and $swsuspdev are split across different encrypted PVs. Aborting." >+ exit 1 >+ fi >+ fi >+ fi >+ done >+ fi >+ >+ if [ -n "${scrypt_pv}" ] ; then >+ if [ -n "${root_enc_pv}" ]; then >+ # If root is also encrypted, the backing device must be the same >+ sbackingdev=$backingdev >+ vecho "Matching encrypted PV $sbackingdev for $swsuspdev" >+ else >+ # Find the backingdev of the encrypted PV >+ sbackingdev=$(cryptsetup status $scrypt_pv | awk '/device/ { print $2 }') >+ vecho "Found encrypted PV $sbackingdev for $swsuspdev" >+ >+ if ! cryptsetup isLuks ${sbackingdev}; then >+ echo "Encryption on $swsuspdev (backing PV device ${sbackingdev}) does not use LUKS, aborting." >&2 >+ exit 1 >+ fi >+ >+ findmodule -dm-crypt >+ findmodule -blkcipher >+ findmodule -cbc >+ findmodule -aes >+ findmodule -sha256 >+ >+ fi >+ >+ handlelvordev $sbackingdev >+ swsusp_env_pv="yes" >+ >+ if [ "$swsuspdev" == "${swsuspdev##LABEL=}" -o \ >+ "$swsuspdev" == "${swsuspdev##UUID=}" ]; then >+ handlelvordev $swsuspdev >+ fi >+ >+ elif [ ${swsuspdev%/*} = /dev/mapper ] \ >+ && cryptsetup status $swsuspdev | grep cipher >/dev/null; then >+ # cryptsetup prints the first device node it finds that matches the >+ # device type, major number and minor number . >+ cryptsetupdev=`cryptsetup status $swsuspdev | grep device | awk '{ print $2 }'` >+ traditionaldev=$(get_traditional_devnod $cryptsetupdev) >+ >+ # If the backing device is not a valid block device, then check if the >+ # cryptdevice is a valid block device and use it instead. >+ # This helps cover the case where newer rules have disabled the >+ # dm-# devices but the LVM mappings point to a valid block device. >+ if [ ! -b "/dev/$traditionaldev" ] && [ -b "$cryptsetupdev" ] ; then >+ traditionaldev=$cryptsetupdev >+ fi >+ >+ if [ -n "$traditionaldev" ]; then >+ if [ "dm-" = ${traditionaldev%[^-]} ]; then >+ sbackingdev=$(get_logvol_devnod /dev/$traditionaldev) >+ elif [[ "$traditionaldev" =~ "^/dev/" ]] ; then >+ sbackingdev=$(get_logvol_devnod $traditionaldev) >+ else >+ sbackingdev=/dev/$traditionaldev >+ fi >+ vecho "Found backing device $sbackingdev for $swsuspdev" >+ else >+ echo "Could not determine backing device, aborting." >&2 >+ exit 1 >+ fi >+ if ! cryptsetup isLuks ${sbackingdev}; then >+ tmpdsk=${sbackingdev//[[:digit:]]} >+ if [ "`fdisk -l $tmpdsk | grep $sbackingdev | cut -c 57-66`" != "Linux swap" ]; then >+ echo "Encryption on $swsuspdev (backing device ${sbackingdev} does not use LUKS, aborting." >&2 >+ exit 1 >+ fi >+ fi >+ swsusp_enc="yes" >+ findmodule -dm-crypt >+ findmodule -blkcipher >+ findmodule -cbc >+ findmodule -aes >+ findmodule -sha256 >+ handlelvordev $sbackingdev >+ else >+ if [ "$swsuspdev" == "${swsuspdev##LABEL=}" -o \ >+ "$swsuspdev" == "${swsuspdev##UUID=}" ]; then >+ handlelvordev $swsuspdev >+ fi > fi > fi > >@@ -1497,9 +1708,11 @@ > done > unset usb_mounted > >-if [ -z "$nolvm" -a -n "$vg_list" ]; then >- emit "echo Making device-mapper control node" >- emit "mkdmnod" >+if [ -z "$nolvm" ]; then >+ if [ -n "$vg_list" -o -n "$root_enc" -o -n "$swsusp_enc" -o -n "$root_env_pv" -o -n "$swsusp_env_pv" ]; then >+ emit "echo Making device-mapper control node" >+ emit "mkdmnod" >+ fi > fi > > if [ -n "$net_list" ]; then >@@ -1530,6 +1743,22 @@ > done > fi > >+if [ -n "$root_enc_pv" -o -n "$swsusp_enc_pv" ]; then >+ inst /sbin/cryptsetup "$MNTIMAGE" "/bin/cryptsetup" >+ emit "echo Unlocking encrypted PV" >+ >+ # unlock device, and make accesible at /dev/mapper/cryptpv >+ if [ -f /etc/pv-key ]; then >+ vecho "Found swsusp key at /etc/pv-key, installing at $MNTIMAGE/pv-key" >+ vecho "Initrd's volume MUST BE REMOVABLE AND PROTECTED" >+ cp /etc/pv-key $MNTIMAGE/pv-key >+ emit "cryptsetup -d /pv-key luksOpen ${backingdev} cryptpv" >+ else >+ vecho "Assuming manual passphrase entry for encrypted PV" >+ emit "cryptsetup luksOpen ${backingdev} cryptpv < /dev/console > /dev/console" >+ fi >+fi >+ > if [ -z "$nolvm" -a -n "$vg_list" ]; then > emit "echo Scanning logical volumes" > emit "lvm vgscan --ignorelockingfailure" >@@ -1538,6 +1767,20 @@ > fi > > if [ -z "$noresume" -a -n "$swsuspdev" ]; then >+ if [ "$swsusp_enc" = "yes" ]; then >+ inst /sbin/cryptsetup "$MNTIMAGE" "/bin/cryptsetup" >+ >+ # unlock device, make accesible at /dev/mapper/whatever >+ if [ -f /etc/swsusp-key ]; then >+ vecho "Found swsusp key at /etc/swsusp-key, installing at $MNTIMAGE/swsusp-key" >+ vecho "Initrd's volume MUST BE REMOVABLE AND PROTECTED" >+ cp /etc/swsusp-key $MNTIMAGE/swsusp-key >+ emit "cryptsetup -d /swsusp-key luksOpen ${sbackingdev} ${swsuspdev##/dev/mapper/}" >+ else >+ vecho "Assuming manual passphrase entry" >+ emit "cryptsetup luksOpen ${sbackingdev} ${swsuspdev##/dev/mapper/} < /dev/console > /dev/console" >+ fi >+ fi > emit "resume $swsuspdev" > fi > >@@ -1549,10 +1792,43 @@ > emit "losetup /dev/loop0 /tmpmount/$looppath" > fi > >-emit "echo Creating root device." >-# mkrootdev does "echo /dev/root /sysroot ext3 defaults,ro 0 0 >/etc/fstab" >-emit "mkrootdev -t $rootfs -o $rootopts $rootdev" >-rootdev=/dev/root >+if [ -n "$root_enc_pv" ]; then >+ emit "echo Creating root device" >+ # unlocking $backingdev and making accesible was completed above >+ emit "mkrootdev -n $rootdev -t $rootfs -o $rootopts $backingdev" >+ >+elif [ -n "$root_enc" ]; then >+ inst /sbin/cryptsetup "$MNTIMAGE" "/bin/cryptsetup" >+ emit "echo Creating root device" >+ >+ # FIXME: I need some advice here. In the case of encrypted filesystems, >+ # the "backing" root device is something like /dev/hda6 ($backingdev) and >+ # the "used" root device is something like /dev/mapper/root ($rootdev). >+ # mkrootdev should create the "backing" root device but should write >+ # the "used" root device to /etc/fstab. I modified mkrootdev to allow >+ # this but the result is ugly: >+ emit "mkrootdev -n $rootdev -t $rootfs -o $rootopts $backingdev" >+ >+ # unlock /dev/root, make accesible at /dev/mapper/root >+ if [ -f /etc/root-key ]; then >+ vecho "Found root key at /etc/root-key, installing at $MNTIMAGE/root-key" >+ vecho "Initrd's volume MUST BE REMOVABLE AND PROTECTED" >+ cp /etc/root-key $MNTIMAGE/root-key >+ emit "cryptsetup -d /root-key luksOpen /dev/root root" >+ else >+ vecho "Assuming manual passphrase entry" >+# KH test: >+ emit "cryptsetup luksOpen /dev/root root < /dev/console > /dev/console" >+ fi >+ >+ # /dev/root is encrypted, /dev/mapper/root is plaintext >+ rootdev=/dev/mapper/root >+else >+ emit "echo Creating root device." >+ # mkrootdev does "echo /dev/root /sysroot ext3 defaults,ro 0 0 >/etc/fstab" >+ emit "mkrootdev -n $rootdev -t $rootfs -o $rootopts $rootdev" >+ rootdev=/dev/root >+fi > > emit "echo Mounting root filesystem." > emit "mount /sysroot" >diff -u --recursive --new-file mkinitrd-6.0.19-vanilla/nash/nash.c mkinitrd-6.0.19/nash/nash.c >--- mkinitrd-6.0.19-vanilla/nash/nash.c 2007-11-12 06:46:17.000000000 -0600 >+++ mkinitrd-6.0.19/nash/nash.c 2007-11-12 07:43:11.000000000 -0600 >@@ -1535,7 +1535,7 @@ > int i; > FILE *fstab; > struct mntent mnt = { >- .mnt_fsname = "/dev/root", >+ .mnt_fsname = NULL, > .mnt_dir = "/sysroot", > .mnt_type = NULL, > .mnt_opts = NULL, >@@ -1558,7 +1558,14 @@ > > i = 0; > while ((cmd = getArg(cmd, end, &chptr))) { >- if (!strcmp(chptr, "-t")) { >+ if (!strcmp(chptr, "-n")) { >+ cmd = getArg(cmd, end, &mnt.mnt_fsname); >+ if (!cmd) { >+ eprintf("mkrootdev: expected real mount device name\n"); >+ return 1; >+ } >+ } else if (!strcmp(chptr, "-t")) { >+ > cmd = getArg(cmd, end, &mnt.mnt_type); > if (!cmd) { > eprintf("mkrootdev: expected fs type\n"); >@@ -1592,6 +1599,10 @@ > return 1; > } > >+ if (!mnt.mnt_fsname) { >+ eprintf("mkrootdev: expected real mount device name\n"); >+ return 1; >+ } > if (!mnt.mnt_type) { > eprintf("mkrootdev: expected fs type\n"); > return 1;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=269101">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 124789
:
100700
|
101270
|
101644
|
102779
|
103215
|
103216
|
103419
|
105456
|
107752
|
107778
|
108173
|
113508
|
115668
|
117763
|
133932
|
134108
|
134534
|
134535
|
134536
|
134537
|
134538
|
135006
|
135462
|
135894
|
136049
|
141591
|
143860
|
144351
|
147835
|
148297
|
154948
|
155547
|
155901
|
159957
|
161831
|
161832
|
161909
|
161910
|
161912
|
255221
|
269101
|
289833