From 00847763df79db9ceb1c17236a4f3e7f16cb9bf0 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 19 May 2023 17:09:03 +0200 Subject: [slx-dmsetup] Fix dm-crypt usage by making sure we get an encryption key --- modules.d/slx-dmsetup/scripts/dmsetup-slx-device | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/modules.d/slx-dmsetup/scripts/dmsetup-slx-device b/modules.d/slx-dmsetup/scripts/dmsetup-slx-device index 65ee94b5..e01b1f97 100755 --- a/modules.d/slx-dmsetup/scripts/dmsetup-slx-device +++ b/modules.d/slx-dmsetup/scripts/dmsetup-slx-device @@ -142,7 +142,7 @@ parse_config_int() { # dmsetup_create_noudevsync [table] dmsetup_create_noudevsync() { ( - set -o errexit + set -eo pipefail if [ -n "$2" ]; then printf "%s\n" "$2" | dmsetup create "$1" --noudevsync else @@ -151,6 +151,7 @@ dmsetup_create_noudevsync() { dmsetup mknodes --noudevsync "$1" ) local ret=$? + [ -b "/dev/mapper/$1" ] || ret=99 [ $ret -ne 0 ] && dmsetup remove --noudevsync "$1" return $ret } @@ -162,7 +163,12 @@ encrypt_device() { [ -b "$1" ] || return 1 [ -n "$2" ] || return 1 [ -z "$3" ] && local size="$( blockdev --getsz "$1" )" - local key="$(head -c32 /dev/random | xxd -c32 -p)" + local key + key="$( < /dev/urandom xxd -c32 -p -l32 )" + [ -z "$key" ] && key="$( < /dev/urandom tr -c -d 'a-f0-9' | dd count=1 bs=32 )" + [ -z "$key" ] && key="$( < /dev/urandom head -c32 | xxd -c32 -p )" + [ -z "$key" ] && key="$( < /dev/urandom xxd -c32 -p | head -n 1 )" + [ -z "$key" ] && echo "$0: ERROR: Could not generate encryption key" if ! dmsetup_create_noudevsync "$2" \ "0 ${3:-${size}} crypt aes-xts-plain64 $key 0 $1 0 1 allow_discards"; then echo "$0: Failed to encrypt $1." -- cgit v1.2.3-55-g7522