Fix cryptsetup additional arguments handling

Quoting used in script prevented them ot be properly passed.
Also added a debug mode to print some more messages about ongoing actions.

ChangeLog

@@ -1,3 +1,15 @@
+2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.5-1
+        Fixed cryptsetup additional arguments handling: were not properly passed
+
+
+2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.4-1
+        Fixed TRIM option handling in /etc/crypttab: 'discard' ('allow-discards' being the switch name to use in cryptsetup)
+
+
 2015-11-22 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.3-1

PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.3
+pkgver=0.5
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('a25dbbac5cd82a8d87932e646e38d9c4'
+md5sums=('d87a35adbef55db89f32a89f4966a27a'
          'ac60109d80e7bb2af0d66e69aaf178a6')
 
 package() {

README.md

@@ -16,6 +16,9 @@ The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.
 
 
 Some options can be set in `/etc/initcpio/sshcs_env` (file is sourced in initrd shell):
+   * `sshcs_opt_debug`: whether to be more verbose about ongoing actions
+      - default: 0
+      - any non-zero value to enable
    * `sshcs_opt_timeout_ipconfig`: time (in seconds) to configure IP
       - default: 10 seconds
    * `sshcs_opt_listen`: SSH listening port
@@ -30,3 +33,13 @@ For example:
     sshcs_opt_listen=2222
     sshcs_opt_timeout_poweroff=-1
 
+
+## Building notes
+1. Modify the sources (features in `src`, and/or package building files)
+2. If `src` was modified
+   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src`
+   * upload the archive on the online repository (pointed by `PKGBUILD`)
+3. Update `PKGBUILD`
+   * bump `pkgver` if `src` was modified, or `pkgrel` if building files were modified
+   * refresh `md5sums` if necessary (based on `md5sum initrd-ssh-cryptsetup-*.tar.xz initrd-ssh-cryptsetup.install` output)
+4. Delete generated archive file if any

src/hooks/ssh-cryptsetup

@@ -1,10 +1,16 @@
 #!/usr/bin/ash
 
+dbg () {
+    [ ${sshcs_opt_debug} != 0 ] && echo "$@"
+}
+
 sshcs_env_load() {
+    local debug_default=0
     local timeout_ipconfig_default=10
     local timeout_poweroff_min=120
 
     [ -e "${sshcs_env}" ] && . "${sshcs_env}"
+    [ -z "${sshcs_opt_debug}" ] && sshcs_opt_debug=${debug_default}
     [ -z "${sshcs_opt_timeout_ipconfig}" ] && sshcs_opt_timeout_ipconfig=${timeout_ipconfig_default}
     [ -n "${sshcs_opt_listen}" ] && sshcs_opt_listen="-p ${sshcs_opt_listen}"
     [ -z "${sshcs_opt_timeout_poweroff}" ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
@@ -14,10 +20,16 @@ sshcs_env_load() {
 sshcs_net_start() {
     # we must have an 'ip' setting, and a device in it
     [ -z "${ip}" ] && [ -n "${nfsaddrs}" ] && ip="${nfsaddrs}"
-    [ -z "${ip}" ] && return 1
+    [ -z "${ip}" ] && {
+        dbg "No ip setting to setup network"
+        return 1
+    }
 
     net_device=$(echo ${ip} | cut -d: -f6)
-    [ -z "${net_device}" ] && return 1
+    [ -z "${net_device}" ] && {
+        dbg "No network device to setup"
+        return 1
+    }
 
     # Setup network and save some values
     # Note: some useful redirection means ('< <(...)' and '<<< "$(...)"') are
@@ -59,6 +71,7 @@ sshcs_net_start() {
 sshcs_net_done() {
     # we are done with the network
     if [ -n "${net_device}" ]; then
+        dbg "Setting network device=${net_device} down"
         ip addr flush dev "${net_device}"
         ip link set dev "${net_device}" down
     fi
@@ -179,7 +192,7 @@ sshcs_cryptpart_process() {
     cryptargs=
     for cryptopt in ${cryptoptions//,/ }; do
         case ${cryptopt} in
-            allow-discards)
+            discard)
                 cryptargs="${cryptargs} --allow-discards"
                 ;;
 
@@ -196,6 +209,7 @@ sshcs_cryptpart_process() {
     cryptdev_orig=${cryptdev}
     if cryptdev=$(resolve_device "${cryptdev_orig}" ${rootdelay}); then
         if cryptsetup isLuks "${cryptdev}" >/dev/null 2>&1; then
+            dbg "Adding crypt device=${cryptdev} type=${crypttype} name=${cryptname} args=<${cryptargs}> in setup script"
 
             # update script used to unlock device either in console or SSH
             [ -s "${sshcs_cryptsetup_script}" ] || cat <<EOF > "${sshcs_cryptsetup_script}"
@@ -215,7 +229,7 @@ EOF
             cat <<EOF >> "${sshcs_cryptsetup_script}"
 # loop until device is available
 while [ ! -e "/dev/mapper/${cryptname}" ]; do
-    if cryptsetup open --type "${crypttype}" "${cryptdev}" "${cryptname}" "${cryptargs}" "\${CSQUIET}"; then
+    if cryptsetup open --type "${crypttype}" "${cryptdev}" "${cryptname}" ${cryptargs} "\${CSQUIET}"; then
         if poll_device "/dev/mapper/${cryptname}" ${rootdelay}; then
             killall cryptsetup > /dev/null 2>&1
             break
@@ -250,7 +264,10 @@ run_hook() {
     sshcs_env_load
 
     # sanity check: crypttab should be present
-    [ ! -e "${etc_crypttab}" ] && return 0
+    [ ! -e "${etc_crypttab}" ] && {
+        dbg "No crypttab configuration to process"
+        return 0
+    }
 
     modprobe -a -q dm-crypt >/dev/null 2>&1
     [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"