Fix cryptsetup additional arguments handling

Quoting used in script prevented them ot be properly passed. Also added a debug mode to print some more messages about ongoing actions.
2017-06-25 20:07:07 +02:00 · 2017-06-25 20:07:07 +02:00 · d94d257cf6
parent e5ee05f382
commit d94d257cf6
4 changed files with 32 additions and 6 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.5-1
+        Fixed cryptsetup additional arguments handling: were not properly passed
+
+
 2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>

        * v0.4-1
--- a/4
+++ b/4
@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.4
+pkgver=0.5
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('fab9d0ffc14a6cd7bcb79fa1b9411336'
+md5sums=('d87a35adbef55db89f32a89f4966a27a'
         'ac60109d80e7bb2af0d66e69aaf178a6')

 package() {
--- a/README.md
+++ b/README.md
@ -16,6 +16,9 @@ The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.


 Some options can be set in `/etc/initcpio/sshcs_env` (file is sourced in initrd shell):
+   * `sshcs_opt_debug`: whether to be more verbose about ongoing actions
+      - default: 0
+      - any non-zero value to enable
   * `sshcs_opt_timeout_ipconfig`: time (in seconds) to configure IP
      - default: 10 seconds
   * `sshcs_opt_listen`: SSH listening port
--- a/src/hooks/ssh-cryptsetup
+++ b/src/hooks/ssh-cryptsetup
@ -1,10 +1,16 @@
 #!/usr/bin/ash

+dbg () {
+    [ ${sshcs_opt_debug} != 0 ] && echo "$@"
+}
+
 sshcs_env_load() {
+    local debug_default=0
    local timeout_ipconfig_default=10
    local timeout_poweroff_min=120

    [ -e "${sshcs_env}" ] && . "${sshcs_env}"
+    [ -z "${sshcs_opt_debug}" ] && sshcs_opt_debug=${debug_default}
    [ -z "${sshcs_opt_timeout_ipconfig}" ] && sshcs_opt_timeout_ipconfig=${timeout_ipconfig_default}
    [ -n "${sshcs_opt_listen}" ] && sshcs_opt_listen="-p ${sshcs_opt_listen}"
    [ -z "${sshcs_opt_timeout_poweroff}" ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
@ -14,10 +20,16 @@ sshcs_env_load() {
 sshcs_net_start() {
    # we must have an 'ip' setting, and a device in it
    [ -z "${ip}" ] && [ -n "${nfsaddrs}" ] && ip="${nfsaddrs}"
-    [ -z "${ip}" ] && return 1
+    [ -z "${ip}" ] && {
+        dbg "No ip setting to setup network"
+        return 1
+    }

    net_device=$(echo ${ip} | cut -d: -f6)
-    [ -z "${net_device}" ] && return 1
+    [ -z "${net_device}" ] && {
+        dbg "No network device to setup"
+        return 1
+    }

    # Setup network and save some values
    # Note: some useful redirection means ('< <(...)' and '<<< "$(...)"') are
@ -59,6 +71,7 @@ sshcs_net_start() {
 sshcs_net_done() {
    # we are done with the network
    if [ -n "${net_device}" ]; then
+        dbg "Setting network device=${net_device} down"
        ip addr flush dev "${net_device}"
        ip link set dev "${net_device}" down
    fi
@ -196,6 +209,7 @@ sshcs_cryptpart_process() {
    cryptdev_orig=${cryptdev}
    if cryptdev=$(resolve_device "${cryptdev_orig}" ${rootdelay}); then
        if cryptsetup isLuks "${cryptdev}" >/dev/null 2>&1; then
+            dbg "Adding crypt device=${cryptdev} type=${crypttype} name=${cryptname} args=<${cryptargs}> in setup script"

            # update script used to unlock device either in console or SSH
            [ -s "${sshcs_cryptsetup_script}" ] || cat <<EOF > "${sshcs_cryptsetup_script}"
@ -215,7 +229,7 @@ EOF
            cat <<EOF >> "${sshcs_cryptsetup_script}"
 # loop until device is available
 while [ ! -e "/dev/mapper/${cryptname}" ]; do
-    if cryptsetup open --type "${crypttype}" "${cryptdev}" "${cryptname}" "${cryptargs}" "\${CSQUIET}"; then
+    if cryptsetup open --type "${crypttype}" "${cryptdev}" "${cryptname}" ${cryptargs} "\${CSQUIET}"; then
        if poll_device "/dev/mapper/${cryptname}" ${rootdelay}; then
            killall cryptsetup > /dev/null 2>&1
            break
@ -250,7 +264,10 @@ run_hook() {
    sshcs_env_load

    # sanity check: crypttab should be present
-    [ ! -e "${etc_crypttab}" ] && return 0
+    [ ! -e "${etc_crypttab}" ] && {
+        dbg "No crypttab configuration to process"
+        return 0
+    }

    modprobe -a -q dm-crypt >/dev/null 2>&1
    [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"