X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=misc%2Fdracut_90reencrypt%2Freencrypt.sh;h=db09e64e69ad2ccf307fe7296d7f08d2c2c94ee9;hb=refs%2Ftags%2Fupstream%2F2.3.3;hp=d0a5f35f51a5e8b8bf5d54cdebda02c6c5e013f7;hpb=53e269c5f10871cfd6cee55d57966737c424e721;p=platform%2Fupstream%2Fcryptsetup.git

diff --git a/misc/dracut_90reencrypt/reencrypt.sh b/misc/dracut_90reencrypt/reencrypt.sh
index d0a5f35..db09e64 100755
--- a/misc/dracut_90reencrypt/reencrypt.sh
+++ b/misc/dracut_90reencrypt/reencrypt.sh
@@ -1,10 +1,12 @@
 #!/bin/sh
 #
-# $1=$device [$2=keyfile|none [$3=size]]
+# $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
 #
 
 [ -d /sys/module/dm_crypt ] || modprobe dm_crypt
 
+[ -d /sys/module/loop ] || modprobe loop
+
 [ -f /tmp/reencrypted ] && exit 0
 
 . /lib/dracut-lib.sh
@@ -16,43 +18,67 @@ else
     device="$1"
 fi
 
-PARAMS="$device -T 1 --use-fsync -B 32"
-if [ -n "$3" ]; then
-    PARAMS="$PARAMS --device-size $3"
+PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32"
+if [ "$3" != "any" ]; then
+    PARAMS="$PARAMS -S $3"
+fi
+
+if [ -n "$4" ]; then
+    PARAMS="$PARAMS --device-size $4"
 fi
 
 reenc_readkey() {
-    local keypath="${1#*:}"
-    local keydev="${1%%:*}"
+    keypath="${1#*:}"
+    keydev="${1%%:*}"
 
-    local mntp=$(mkuniqdir /mnt keydev)
-    mount -r "$keydev" "$mntp" || return
-    cat "$mntp/$keypath"
+    mntp="/tmp/reencrypted-mount-tmp"
+    mkdir "$mntp"
+    mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
     umount "$mntp"
-    rmdir "$mntp"
+    rm -r "$mntp"
 }
 
+# shellcheck disable=SC2086
+# shellcheck disable=SC2164
 reenc_run() {
-    local cwd=$(pwd)
+    cwd=$(pwd)
+    _prompt="LUKS password for REENCRYPTING $device"
     cd /tmp
+    udevadm settle
     if [ "$1" = "none" ] ; then
+	if [ "$2" != "any" ]; then
+		_prompt="$_prompt, using keyslot $2"
+	fi
         /bin/plymouth ask-for-password \
-        --prompt "LUKS password for REENCRYPTING $device" \
-        --command="/sbin/cryptsetup-reencrypt $PARAMS"
+        --prompt "$_prompt" \
+        --command="/sbin/cryptsetup-reencrypt-verbose $PARAMS"
     else
         info "REENCRYPT using key $1"
-        reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
+        reenc_readkey "$1" | /sbin/cryptsetup-reencrypt-verbose -d - $PARAMS
     fi
+    _ret=$?
     cd $cwd
 }
 
 info "REENCRYPT $device requested"
 # flock against other interactive activities
+# shellcheck disable=SC2086
 { flock -s 9;
-    reenc_run $2
-} 9>/.console.lock
+    reenc_run $2 $3
+} 9>/.console_lock
 
-# do not ask again
->> /tmp/reencrypted
+if [ $_ret -eq 0 ]; then
+    # do not ask again
+    # shellcheck disable=SC2188
+    >> /tmp/reencrypted
+    warn "Reencryption of device $device has finished successfully. Use previous"
+    warn "initramfs image (without reencrypt module) to boot the system. When"
+    warn "you leave the emergency shell, the system will reboot."
+
+    emergency_shell -n "(reboot)"
+    [ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
+    [ -x /sbin/shutdown ] && /sbin/shutdown -r now
+fi
 
-exit 0
+# panic the kernel otherwise
+exit 1