Imported Upstream version 2.3.3

[platform/upstream/cryptsetup.git] / misc / dracut_90reencrypt / reencrypt.sh
diff --git a/misc/dracut_90reencrypt/reencrypt.sh b/misc/dracut_90reencrypt/reencrypt.sh

index c2e2716..db09e64 100755 (executable)
--- a/misc/dracut_90reencrypt/reencrypt.sh
+++ b/misc/dracut_90reencrypt/reencrypt.sh
@@ -1,10 +1,12 @@
  #!/bin/sh
  #
-# $1=$device [$2=keyfile|none [$3=size]]
+# $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
  #
  
  [ -d /sys/module/dm_crypt ] || modprobe dm_crypt
  
+[ -d /sys/module/loop ] || modprobe loop
+
  [ -f /tmp/reencrypted ] && exit 0
  
  . /lib/dracut-lib.sh
@@ -16,43 +18,67 @@ else
      device="$1"
  fi
  
-PARAMS="$device -T 1 --use-fsync -B 32"
-if [ -n "$3" ]; then
-    PARAMS="$PARAMS --device-size $3"
+PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32"
+if [ "$3" != "any" ]; then
+    PARAMS="$PARAMS -S $3"
+fi
+
+if [ -n "$4" ]; then
+    PARAMS="$PARAMS --device-size $4"
  fi
  
  reenc_readkey() {
-    local keypath="${1#*:}"
-    local keydev="${1%%:*}"
+    keypath="${1#*:}"
+    keydev="${1%%:*}"
  
-    local mntp="/tmp/reencrypted-mount-tmp"
+    mntp="/tmp/reencrypted-mount-tmp"
      mkdir "$mntp"
      mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
      umount "$mntp"
      rm -r "$mntp"
  }
  
+# shellcheck disable=SC2086
+# shellcheck disable=SC2164
  reenc_run() {
-    local cwd=$(pwd)
+    cwd=$(pwd)
+    _prompt="LUKS password for REENCRYPTING $device"
      cd /tmp
+    udevadm settle
      if [ "$1" = "none" ] ; then
+       if [ "$2" != "any" ]; then
+               _prompt="$_prompt, using keyslot $2"
+       fi
          /bin/plymouth ask-for-password \
-        --prompt "LUKS password for REENCRYPTING $device" \
-        --command="/sbin/cryptsetup-reencrypt $PARAMS"
+        --prompt "$_prompt" \
+        --command="/sbin/cryptsetup-reencrypt-verbose $PARAMS"
      else
          info "REENCRYPT using key $1"
-        reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
+        reenc_readkey "$1" | /sbin/cryptsetup-reencrypt-verbose -d - $PARAMS
      fi
+    _ret=$?
      cd $cwd
  }
  
  info "REENCRYPT $device requested"
  # flock against other interactive activities
+# shellcheck disable=SC2086
  { flock -s 9;
-    reenc_run $2
-} 9>/.console.lock
+    reenc_run $2 $3
+} 9>/.console_lock
  
-# do not ask again
->> /tmp/reencrypted
+if [ $_ret -eq 0 ]; then
+    # do not ask again
+    # shellcheck disable=SC2188
+    >> /tmp/reencrypted
+    warn "Reencryption of device $device has finished successfully. Use previous"
+    warn "initramfs image (without reencrypt module) to boot the system. When"
+    warn "you leave the emergency shell, the system will reboot."
+
+    emergency_shell -n "(reboot)"
+    [ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
+    [ -x /sbin/shutdown ] && /sbin/shutdown -r now
+fi
  
-exit 0
+# panic the kernel otherwise
+exit 1