Configurable timeout before automatic poweroff

README.md

@@ -14,8 +14,16 @@ As explained upon installation, the following things need to be done:
 
 The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.
 
-The SSH listening port (22 by default) can be changed by setting the `sshcs_opt_listen` option in `/etc/dropbear/initrd.env` (file is sourced in initrd shell).
+
+Some options can be set in `/etc/dropbear/initrd.env` (file is sourced in initrd shell):
+  * `sshcs_opt_listen`: SSH listening port
+    - default: 22
+  * `sshcs_opt_timeout_poweroff`: time (in seconds) to unlock devices before automatic powering off
+    - default (and minimum value): 2 minutes
+    - negative value to deactivate
+
 For example:
 
     sshcs_opt_listen=2222
+    sshcs_opt_timeout_poweroff=-1
 

src/hooks/ssh-cryptsetup

@@ -36,7 +36,41 @@ sshcs_net_start() {
     [ -n "${net_address}" ]
 }
 
+sshcs_trapped_timeout() {
+    err "Timeout reached! Powering off."
+    poweroff -f
+    exit
+}
+
+sshcs_trap_timeout() {
+    local pid_init=$$
+
+    if [ ${sshcs_opt_timeout_poweroff} -gt 0 ]; then
+        echo ""
+        echo "WARNING! Automatic poweroff will be triggered in ${sshcs_opt_timeout_poweroff}s"
+        echo "To deactivate, please unlock devices"
+        echo ""
+        trap sshcs_trapped_timeout SIGALRM
+        (
+            sleep ${sshcs_opt_timeout_poweroff}
+            kill -SIGALRM ${pid_init}
+            # Signal is not processed if cryptsetup is waiting for the password
+            killall cryptsetup > /dev/null 2>&1
+        ) &
+        pid_timeout=$!
+    fi
+}
+
+sshcs_untrap_timeout() {
+    [ -z "${pid_timeout}" ] && return 0
+    kill ${pid_timeout}
+    trap - SIGALRM
+    msg "Timeout cleared."
+}
+
 sshcs_dropbear_unlock() {
+    local timeout_poweroff_min=120
+    local pid_timeout=
     local dev_pts_mounted=0
     local listen=
 
@@ -81,14 +115,20 @@ EOF
 
     [ -e "${dropbear_env}" ] && . "${dropbear_env}"
     [ -n "${sshcs_opt_listen}" ] && sshcs_opt_listen="-p ${sshcs_opt_listen}"
+    [ -z "${sshcs_opt_timeout_poweroff}" ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
+    [ ${sshcs_opt_timeout_poweroff} -ge 0 ] && [ ${sshcs_opt_timeout_poweroff} -lt ${timeout_poweroff_min} ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
 
 
     msg "Starting dropbear ..."
     dropbear -Emsgjk -P "${path_dropbear_pid}" ${sshcs_opt_listen}
 
+    sshcs_trap_timeout
+
     # actual script (shared with SSH login) unlocking encrypted devices
     . "${dropbear_cryptsetup_script}"
 
+    sshcs_untrap_timeout
+
     # cleanup dropbear
     if [ -f "${path_dropbear_pid}" ]; then
         msg "Stopping dropbear ..."
@@ -178,7 +218,6 @@ EOF
     fi
 }
 
-
 run_hook() {
     local etc_crypttab="/etc/crypttab"
     local dropbear_env="/etc/dropbear/initrd.env"

src/install/ssh-cryptsetup

@@ -101,8 +101,13 @@ Network is configured with 'ip=' kernel parameter (see 'mkinitcpio-nfs-utils').
 Authorized SSH key(s) must be present in '/etc/dropbear/initrd.authorized_keys'.
 LUKS encrypted devices to unlock are derived from '/etc/crypttab', which must
 be present.
-Listening port (if not 22) can be set with the option 'sshcs_opt_listen' in
-'/etc/dropbear/initrd.env' (file is sourced in initrd shell).
+Some options can be set in '/etc/dropbear/initrd.env' (file is sourced in
+initrd shell):
+ * 'sshcs_opt_listen': listening port (22 by default)
+ * 'sshcs_opt_timeout_poweroff': time (s) to unlock devices before automatic
+   powering off
+   - default (and minimum value): 2 minutes
+   - negative value to deactivate
 
 Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and
 'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH