nathanbw/Patch to Slackware's rc.S.md

## Patch to Slackware's rc.S.md

      
    Raw
  

              Patch to Slackware's rc.S.md
            
          
    This patch to Slackware 14.1's init scripts improves its handling of /etc/crypttab
crypttab now supports the 'discard' option, as well as handling the "none" password correctly for non-swap volumes.
The attached script and test-crypttab file represent a small test to see the script will behave with different crypttab lines.
Some notes on /etc/crypttab in Slackware:
Only luks formatted volumes are supported (except for swap)
crypttab follows the following format: <luks name> <device> <password> <options>
<luks name>: This is the name of your luks volume. For instance: crypt-home
<device>: This is the device containing your luks volume. For instance: /dev/sda2
<password>: This is either the volume password in plain text, or the name of a key file. Use 'none' to interactively enter password on boot.
<options>: Comma-separated list of options. Note that there must be a password field for any options to be picked up (use a password of 'none' to get a password prompt at boot.) The following options are supported:


discard
This will cause --allow-discards to be passed to the cryptsetup program while opening the luks volume


ro
This will cause --readonly to be passed to the cryptsetup program while opening the luks volume


swap
This option cannot be used with other options. The device given will be formatted as a new encrypted volume with a random key on boot, and used as swap.


## rc.S.patch
--- a/rc.d/rc.S
+++ b/rc.d/rc.S
@@ -113,19 +113,22 @@ if [ -f /etc/crypttab -a -x /sbin/cryptsetup ]; then
     OPTS="${LUKSARRAY[3]}"
     LUKSOPTS=""
     if echo $OPTS | grep -wq ro ; then LUKSOPTS="${LUKSOPTS} --readonly" ; fi
+    if echo $OPTS | grep -wq discard ; then LUKSOPTS="${LUKSOPTS} --allow-discards" ; fi

     # Skip LUKS volumes that were already unlocked (in the initrd):
     /sbin/cryptsetup status $LUKS 2>/dev/null | head -n 1 | grep -q "is active" && continue
     if /sbin/cryptsetup isLuks $DEV 2>/dev/null ; then
-      echo "Unlocking LUKS crypt volume '${LUKS}' on device '$DEV':"
-      if [ -n "${PASS}" ]; then
-        if [ -f ${PASS} ]; then
+      echo "Unlocking LUKS crypt volume '${LUKS}' on device '$DEV' with '${LUKSOPTS}':"
+      if [ -n "${PASS}" -a "${PASS}" != "none" ]; then
+        if [ -f "${PASS}" ]; then
+          # A password was given a key-file filename
           /sbin/cryptsetup ${LUKSOPTS} --key-file=${PASS} luksOpen $DEV $LUKS
-        elif [ "${PASS}" != "none" ]; then
-          # A password field of 'none' indicates a line for swap:
+        else
+          # A password was provided in plain text
           echo "${PASS}" | /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
         fi
       else
+        # No password was given, or a password of 'none' was given
         /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS </dev/tty0 >/dev/tty0 2>&1
       fi
     elif echo $OPTS | grep -wq swap ; then

## test-crypttab
working    /dev/sda2  none                 discard
nopassword /dev/sda2  discard,ro
spaces     /dev/sda2  "this is a password" discard
pass-file  /dev/sda2  test-crypttab        discard,ro
multi-opts /dev/sda2  none                 discard,ro

## test-crypttab.sh
#!/usr/bin/bash
cat test-crypttab | grep -v "^#" | grep -v "^$" | while read line; do
  eval LUKSARRAY=( $line )
  LUKS="${LUKSARRAY[0]}"
  DEV="${LUKSARRAY[1]}"
  PASS="${LUKSARRAY[2]}"
  OPTS="${LUKSARRAY[3]}"
  LUKSOPTS=""
  if echo $OPTS | grep -wq ro ; then LUKSOPTS="${LUKSOPTS} --readonly" ; fi
  if echo $OPTS | grep -wq discard ; then LUKSOPTS="${LUKSOPTS} --allow-discards" ; fi
  echo $line
  if [ -n "${PASS}" -a "${PASS}" != "none" ]; then
    if [ -f "${PASS}" ]; then
      echo "    A password was given a key-file filename"
      echo "    ${LUKSOPTS} --key-file=${PASS} luksOpen $DEV $LUKS"
    else
      echo "    A password was provided in plain text"
      echo "    ${PASS} piped to cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS"
    fi
  else
    echo "    No password was given, or a password of 'none' was given"
    echo "    ${LUKSOPTS} luksOpen $DEV $LUKS </dev/tty0 >/dev/tty0 2>&1"
  fi
  # echo "done"
done
	--- a/rc.d/rc.S
	+++ b/rc.d/rc.S
	@@ -113,19 +113,22 @@ if [ -f /etc/crypttab -a -x /sbin/cryptsetup ]; then
	OPTS="${LUKSARRAY[3]}"
	LUKSOPTS=""
	if echo $OPTS \| grep -wq ro ; then LUKSOPTS="${LUKSOPTS} --readonly" ; fi
	+ if echo $OPTS \| grep -wq discard ; then LUKSOPTS="${LUKSOPTS} --allow-discards" ; fi

	# Skip LUKS volumes that were already unlocked (in the initrd):
	/sbin/cryptsetup status $LUKS 2>/dev/null \| head -n 1 \| grep -q "is active" && continue
	if /sbin/cryptsetup isLuks $DEV 2>/dev/null ; then
	- echo "Unlocking LUKS crypt volume '${LUKS}' on device '$DEV':"
	- if [ -n "${PASS}" ]; then
	- if [ -f ${PASS} ]; then
	+ echo "Unlocking LUKS crypt volume '${LUKS}' on device '$DEV' with '${LUKSOPTS}':"
	+ if [ -n "${PASS}" -a "${PASS}" != "none" ]; then
	+ if [ -f "${PASS}" ]; then
	+ # A password was given a key-file filename
	/sbin/cryptsetup ${LUKSOPTS} --key-file=${PASS} luksOpen $DEV $LUKS
	- elif [ "${PASS}" != "none" ]; then
	- # A password field of 'none' indicates a line for swap:
	+ else
	+ # A password was provided in plain text
	echo "${PASS}" \| /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
	fi
	else
	+ # No password was given, or a password of 'none' was given
	/sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS </dev/tty0 >/dev/tty0 2>&1
	fi
	elif echo $OPTS \| grep -wq swap ; then
	working /dev/sda2 none discard
	nopassword /dev/sda2 discard,ro
	spaces /dev/sda2 "this is a password" discard
	pass-file /dev/sda2 test-crypttab discard,ro
	multi-opts /dev/sda2 none discard,ro
	#!/usr/bin/bash
	cat test-crypttab \| grep -v "^#" \| grep -v "^$" \| while read line; do
	eval LUKSARRAY=( $line )
	LUKS="${LUKSARRAY[0]}"
	DEV="${LUKSARRAY[1]}"
	PASS="${LUKSARRAY[2]}"
	OPTS="${LUKSARRAY[3]}"
	LUKSOPTS=""
	if echo $OPTS \| grep -wq ro ; then LUKSOPTS="${LUKSOPTS} --readonly" ; fi
	if echo $OPTS \| grep -wq discard ; then LUKSOPTS="${LUKSOPTS} --allow-discards" ; fi
	echo $line
	if [ -n "${PASS}" -a "${PASS}" != "none" ]; then
	if [ -f "${PASS}" ]; then
	echo " A password was given a key-file filename"
	echo " ${LUKSOPTS} --key-file=${PASS} luksOpen $DEV $LUKS"
	else
	echo " A password was provided in plain text"
	echo " ${PASS} piped to cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS"
	fi
	else
	echo " No password was given, or a password of 'none' was given"
	echo " ${LUKSOPTS} luksOpen $DEV $LUKS </dev/tty0 >/dev/tty0 2>&1"
	fi
	# echo "done"
	done