diff options
| author | Erich Eckner <git@eckner.net> | 2018-07-12 08:37:33 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2018-07-12 08:37:33 +0200 |
| commit | 63fe016b230b6a4eb5da59476f277bdd696bf029 (patch) | |
| tree | d2f9a5d8f54abd362eaab23553ec76d3ef1a4e68 /cryptfs.bin.in | |
| parent | 588dcffdbcb70843ccf7ada36acc8b78ac2c555f (diff) | |
| download | cryptfs-daemon-63fe016b230b6a4eb5da59476f277bdd696bf029.tar.xz | |
cryptfs.bin.in: allow specification of keyslot; cryptfs.8.in: document this
Diffstat (limited to 'cryptfs.bin.in')
| -rw-r--r-- | cryptfs.bin.in | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/cryptfs.bin.in b/cryptfs.bin.in index 435058f..f00417b 100644 --- a/cryptfs.bin.in +++ b/cryptfs.bin.in @@ -225,10 +225,17 @@ do_crypt_close() { } do_crypt_open() { + local key local max_tries - if ! is_unlocked "$1"; then + local name + local raw + name="$1" + raw="$2" + key="$3" + shift 3 + if ! is_unlocked "${name}"; then max_tries=10 - while ! cryptsetup luksOpen "$2" "$1" --key-file="$3"; do + while ! cryptsetup luksOpen "${raw}" "${name}" --key-file="${key}" "$@"; do sleep 1 max_tries=$((max_tries-1)) if [ ${max_tries} -le 0 ]; then @@ -242,6 +249,13 @@ printf '%s\n' "${crypttab}" | \ grep -vxF '' | \ while read -r name raw key; do key="${key%% *}" + if [ "${key#\[*]}" != "${key}" ]; then + key_slot_option="${key%%]*}" + key_slot_option='--key-slot='"${key_slot_option#\[}"'' + key="${key#\[*]}" + else + unset key_slot_option + fi key_mount=$(mountpoint_to_file "${key}") mount_order=$(mountorder_to_device "#MAPDIR#/${name}") @@ -250,7 +264,7 @@ printf '%s\n' "${crypttab}" | \ do_crypt_close "${name}" else do_mount "${key_mount}" - do_crypt_open "${name}" "${raw}" "${key}" + do_crypt_open "${name}" "${raw}" "${key}" ${key_slot_option} do_unmount -l "${key_mount}" do_mount "${mount_order}" fi |