diff options
author | Simon Rettberg | 2023-05-19 17:09:03 +0200 |
---|---|---|
committer | Simon Rettberg | 2023-05-19 17:09:03 +0200 |
commit | 00847763df79db9ceb1c17236a4f3e7f16cb9bf0 (patch) | |
tree | 099e31c79b8e19fcb2fdc82e566403bd4ecc657f | |
parent | [slx-clock] Cannot check for ntpd - supplied by busybox (diff) | |
download | systemd-init-00847763df79db9ceb1c17236a4f3e7f16cb9bf0.tar.gz systemd-init-00847763df79db9ceb1c17236a4f3e7f16cb9bf0.tar.xz systemd-init-00847763df79db9ceb1c17236a4f3e7f16cb9bf0.zip |
[slx-dmsetup] Fix dm-crypt usage by making sure we get an encryption key
-rwxr-xr-x | modules.d/slx-dmsetup/scripts/dmsetup-slx-device | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules.d/slx-dmsetup/scripts/dmsetup-slx-device b/modules.d/slx-dmsetup/scripts/dmsetup-slx-device index 65ee94b5..e01b1f97 100755 --- a/modules.d/slx-dmsetup/scripts/dmsetup-slx-device +++ b/modules.d/slx-dmsetup/scripts/dmsetup-slx-device @@ -142,7 +142,7 @@ parse_config_int() { # dmsetup_create_noudevsync <name> [table] dmsetup_create_noudevsync() { ( - set -o errexit + set -eo pipefail if [ -n "$2" ]; then printf "%s\n" "$2" | dmsetup create "$1" --noudevsync else @@ -151,6 +151,7 @@ dmsetup_create_noudevsync() { dmsetup mknodes --noudevsync "$1" ) local ret=$? + [ -b "/dev/mapper/$1" ] || ret=99 [ $ret -ne 0 ] && dmsetup remove --noudevsync "$1" return $ret } @@ -162,7 +163,12 @@ encrypt_device() { [ -b "$1" ] || return 1 [ -n "$2" ] || return 1 [ -z "$3" ] && local size="$( blockdev --getsz "$1" )" - local key="$(head -c32 /dev/random | xxd -c32 -p)" + local key + key="$( < /dev/urandom xxd -c32 -p -l32 )" + [ -z "$key" ] && key="$( < /dev/urandom tr -c -d 'a-f0-9' | dd count=1 bs=32 )" + [ -z "$key" ] && key="$( < /dev/urandom head -c32 | xxd -c32 -p )" + [ -z "$key" ] && key="$( < /dev/urandom xxd -c32 -p | head -n 1 )" + [ -z "$key" ] && echo "$0: ERROR: Could not generate encryption key" if ! dmsetup_create_noudevsync "$2" \ "0 ${3:-${size}} crypt aes-xts-plain64 $key 0 $1 0 1 allow_discards"; then echo "$0: Failed to encrypt $1." |