summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2023-05-19 17:09:03 +0200
committerSimon Rettberg2023-05-19 17:09:03 +0200
commit00847763df79db9ceb1c17236a4f3e7f16cb9bf0 (patch)
tree099e31c79b8e19fcb2fdc82e566403bd4ecc657f
parent[slx-clock] Cannot check for ntpd - supplied by busybox (diff)
downloadsystemd-init-00847763df79db9ceb1c17236a4f3e7f16cb9bf0.tar.gz
systemd-init-00847763df79db9ceb1c17236a4f3e7f16cb9bf0.tar.xz
systemd-init-00847763df79db9ceb1c17236a4f3e7f16cb9bf0.zip
[slx-dmsetup] Fix dm-crypt usage by making sure we get an encryption key
-rwxr-xr-xmodules.d/slx-dmsetup/scripts/dmsetup-slx-device10
1 files changed, 8 insertions, 2 deletions
diff --git a/modules.d/slx-dmsetup/scripts/dmsetup-slx-device b/modules.d/slx-dmsetup/scripts/dmsetup-slx-device
index 65ee94b5..e01b1f97 100755
--- a/modules.d/slx-dmsetup/scripts/dmsetup-slx-device
+++ b/modules.d/slx-dmsetup/scripts/dmsetup-slx-device
@@ -142,7 +142,7 @@ parse_config_int() {
# dmsetup_create_noudevsync <name> [table]
dmsetup_create_noudevsync() {
(
- set -o errexit
+ set -eo pipefail
if [ -n "$2" ]; then
printf "%s\n" "$2" | dmsetup create "$1" --noudevsync
else
@@ -151,6 +151,7 @@ dmsetup_create_noudevsync() {
dmsetup mknodes --noudevsync "$1"
)
local ret=$?
+ [ -b "/dev/mapper/$1" ] || ret=99
[ $ret -ne 0 ] && dmsetup remove --noudevsync "$1"
return $ret
}
@@ -162,7 +163,12 @@ encrypt_device() {
[ -b "$1" ] || return 1
[ -n "$2" ] || return 1
[ -z "$3" ] && local size="$( blockdev --getsz "$1" )"
- local key="$(head -c32 /dev/random | xxd -c32 -p)"
+ local key
+ key="$( < /dev/urandom xxd -c32 -p -l32 )"
+ [ -z "$key" ] && key="$( < /dev/urandom tr -c -d 'a-f0-9' | dd count=1 bs=32 )"
+ [ -z "$key" ] && key="$( < /dev/urandom head -c32 | xxd -c32 -p )"
+ [ -z "$key" ] && key="$( < /dev/urandom xxd -c32 -p | head -n 1 )"
+ [ -z "$key" ] && echo "$0: ERROR: Could not generate encryption key"
if ! dmsetup_create_noudevsync "$2" \
"0 ${3:-${size}} crypt aes-xts-plain64 $key 0 $1 0 1 allow_discards"; then
echo "$0: Failed to encrypt $1."