From d94d257cf60bd5a016283443256bcdf654d24bd8 Mon Sep 17 00:00:00 2001
From: Julien Coloos <julien.coloos@gmail.com>
Date: Sun, 25 Jun 2017 20:07:07 +0200
Subject: [PATCH] Fix cryptsetup additional arguments handling

Quoting used in script prevented them ot be properly passed.
Also added a debug mode to print some more messages about ongoing actions.
---
 ChangeLog                |  6 ++++++
 PKGBUILD                 |  4 ++--
 README.md                |  3 +++
 src/hooks/ssh-cryptsetup | 25 +++++++++++++++++++++----
 4 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3129977..bafc537 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.5-1
+        Fixed cryptsetup additional arguments handling: were not properly passed
+
+
 2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.4-1
diff --git a/PKGBUILD b/PKGBUILD
index 49741a7..3cba633 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.4
+pkgver=0.5
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('fab9d0ffc14a6cd7bcb79fa1b9411336'
+md5sums=('d87a35adbef55db89f32a89f4966a27a'
          'ac60109d80e7bb2af0d66e69aaf178a6')
 
 package() {
diff --git a/README.md b/README.md
index 5ac1b0c..719fdec 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,9 @@ The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.
 
 
 Some options can be set in `/etc/initcpio/sshcs_env` (file is sourced in initrd shell):
+   * `sshcs_opt_debug`: whether to be more verbose about ongoing actions
+      - default: 0
+      - any non-zero value to enable
    * `sshcs_opt_timeout_ipconfig`: time (in seconds) to configure IP
       - default: 10 seconds
    * `sshcs_opt_listen`: SSH listening port
diff --git a/src/hooks/ssh-cryptsetup b/src/hooks/ssh-cryptsetup
index 273b344..33b4cbb 100644
--- a/src/hooks/ssh-cryptsetup
+++ b/src/hooks/ssh-cryptsetup
@@ -1,10 +1,16 @@
 #!/usr/bin/ash
 
+dbg () {
+    [ ${sshcs_opt_debug} != 0 ] && echo "$@"
+}
+
 sshcs_env_load() {
+    local debug_default=0
     local timeout_ipconfig_default=10
     local timeout_poweroff_min=120
 
     [ -e "${sshcs_env}" ] && . "${sshcs_env}"
+    [ -z "${sshcs_opt_debug}" ] && sshcs_opt_debug=${debug_default}
     [ -z "${sshcs_opt_timeout_ipconfig}" ] && sshcs_opt_timeout_ipconfig=${timeout_ipconfig_default}
     [ -n "${sshcs_opt_listen}" ] && sshcs_opt_listen="-p ${sshcs_opt_listen}"
     [ -z "${sshcs_opt_timeout_poweroff}" ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
@@ -14,10 +20,16 @@ sshcs_env_load() {
 sshcs_net_start() {
     # we must have an 'ip' setting, and a device in it
     [ -z "${ip}" ] && [ -n "${nfsaddrs}" ] && ip="${nfsaddrs}"
-    [ -z "${ip}" ] && return 1
+    [ -z "${ip}" ] && {
+        dbg "No ip setting to setup network"
+        return 1
+    }
 
     net_device=$(echo ${ip} | cut -d: -f6)
-    [ -z "${net_device}" ] && return 1
+    [ -z "${net_device}" ] && {
+        dbg "No network device to setup"
+        return 1
+    }
 
     # Setup network and save some values
     # Note: some useful redirection means ('< <(...)' and '<<< "$(...)"') are
@@ -59,6 +71,7 @@ sshcs_net_start() {
 sshcs_net_done() {
     # we are done with the network
     if [ -n "${net_device}" ]; then
+        dbg "Setting network device=${net_device} down"
         ip addr flush dev "${net_device}"
         ip link set dev "${net_device}" down
     fi
@@ -196,6 +209,7 @@ sshcs_cryptpart_process() {
     cryptdev_orig=${cryptdev}
     if cryptdev=$(resolve_device "${cryptdev_orig}" ${rootdelay}); then
         if cryptsetup isLuks "${cryptdev}" >/dev/null 2>&1; then
+            dbg "Adding crypt device=${cryptdev} type=${crypttype} name=${cryptname} args=<${cryptargs}> in setup script"
 
             # update script used to unlock device either in console or SSH
             [ -s "${sshcs_cryptsetup_script}" ] || cat <<EOF > "${sshcs_cryptsetup_script}"
@@ -215,7 +229,7 @@ EOF
             cat <<EOF >> "${sshcs_cryptsetup_script}"
 # loop until device is available
 while [ ! -e "/dev/mapper/${cryptname}" ]; do
-    if cryptsetup open --type "${crypttype}" "${cryptdev}" "${cryptname}" "${cryptargs}" "\${CSQUIET}"; then
+    if cryptsetup open --type "${crypttype}" "${cryptdev}" "${cryptname}" ${cryptargs} "\${CSQUIET}"; then
         if poll_device "/dev/mapper/${cryptname}" ${rootdelay}; then
             killall cryptsetup > /dev/null 2>&1
             break
@@ -250,7 +264,10 @@ run_hook() {
     sshcs_env_load
 
     # sanity check: crypttab should be present
-    [ ! -e "${etc_crypttab}" ] && return 0
+    [ ! -e "${etc_crypttab}" ] && {
+        dbg "No crypttab configuration to process"
+        return 0
+    }
 
     modprobe -a -q dm-crypt >/dev/null 2>&1
     [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"