init- script/hook rewrote:

- plymouth compatible - cleaned up the initrd hook
author: toni <matzeton@googlemail.com> 2015-02-05 11:05:32 +0100
committer: toni <matzeton@googlemail.com> 2015-02-07 03:45:13 +0100
commit: 590d34f183c9abc60068a767426edbfec30cda3e (patch)
tree: 7f084d1346d934a316ad12f4dac1d350587f49c1
parent: 997103f7218b82f8364fc41e9b744d5ab282516c (diff)
9 files changed, 71 insertions, 53 deletions
diff --git a/config.h b/config.h
new file mode 100644
index 0000000..26fdb3c
--- /dev/null
+++ b/config.h
@@ -0,0 +1,12 @@
+#define AUTHOR "Toni Uhlig"
+#define AUTHOR_EMAIL "matzeton@googlemail.com"
+#define PKGNAME "naskpass"
+#define PKGDESC "A NCurses replacement for cryptsetup's askpass."
+#define DEFAULT_FIFO "/lib/cryptsetup/passfifo"
+#define SHTDWN_CMD "echo 'o' >/proc/sysrq-trigger"
+
+#ifdef _VERSION
+#define VERSION _VERSION
+#else
+#define VERSION "unknown"
+#endif
diff --git a/debian/changelog b/debian/changelog
index c820b65..5f36cc5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-naskpass (1.1-0) UNRELEASED; urgency=low
+naskpass (1.1-1) UNRELEASED; urgency=low
 
   * UI rewritten
   * maintainer scripts/configs renewed
+  * working initrd script
 
- -- Toni Uhlig <matzeton@googlemail.com>  Thu, 25 Dec 2014 03:32:43 +0100
+ -- Toni Uhlig <matzeton@googlemail.com>  Sat, 07 Feb 2015 03:43:50 +0100
 
 naskpass (1.0-3) unstable; urgency=low
 
diff --git a/debian/control b/debian/control
index 6956421..d85a5ec 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,6 @@ Homepage: https://github.com/freecoding/naskpass.git
 
 Package: naskpass
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, cryptsetup (= 2:1.4.3-4), libncurses5, libtinfo5
-Conflicts: plymouth
+Depends: ${shlibs:Depends}, ${misc:Depends}, cryptsetup (= 2:1.4.3-4), libncurses5, libtinfo5, coreutils
 Description: Ncurses based cryptsetup askpass replacement
  NULL.
diff --git a/debian/postinst b/debian/postinst
index b951d83..4306174 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -17,11 +17,14 @@ case "$1" in
         db_go
         db_get naskpass/activate
         if [ "$RET" = "true" ]; then
-          nask_activate
+          nask_activate || true
+          if [ "x${ERRMSG}" != "x" ]; then
+            echo "* ${ERRMSG}" >&2
+            nask_deactivate
+          fi
         else
           nask_deactivate
         fi
-	echo
         update-initramfs -u
     ;;
 
diff --git a/main.c b/main.c
index f0c99d3..0bcaf39 100644
--- a/main.c
+++ b/main.c
@@ -13,20 +13,7 @@
 #include "ui_input.h"
 #include "ui_statusbar.h"
 #include "ui.h"
-
-#define AUTHOR "Toni Uhlig"
-#define AUTHOR_EMAIL "matzeton@googlemail.com"
-#define PKGNAME "naskpass"
-#define PKGDESC "A NCurses replacement for cryptsetup's askpass."
-#ifdef _VERSION
-#define VERSION _VERSION
-#else
-#define VERSION "unknown"
-#endif
-
-#define DEFAULT_FIFO "/lib/cryptsetup/passfifo"
-#define SHTDWN_CMD "echo 'o' >/proc/sysrq-trigger"
-
+#include "config.h"
 
 
 static void
@@ -85,7 +72,7 @@ run_cryptcreate(char *pass, char *crypt_cmd)
   int retval;
   char *cmd;
 
-  if (crypt_cmd == NULL || pass != NULL) return (-1);
+  if (crypt_cmd == NULL || pass == NULL) return (-1);
   asprintf(&cmd, "echo '%s' | %s", pass, crypt_cmd);
   retval = system(cmd);
   return (retval);
@@ -146,7 +133,9 @@ main(int argc, char **argv)
     stop_ui();
     wait(&c_status);
     if (read(ffd, pbuf, MAX_PASSWD_LEN) > 0) {
-      run_cryptcreate(pbuf, crypt_cmd);
+      if (run_cryptcreate(pbuf, crypt_cmd) != 0) {
+        fprintf(stderr, "cryptcreate error\n");
+      }
     }
     memset(pbuf, '\0', MAX_PASSWD_LEN+1);
   } else {
diff --git a/scripts/naskconf b/scripts/naskconf
index 8c66b77..2452799 100644
--- a/scripts/naskconf
+++ b/scripts/naskconf
@@ -1,24 +1,31 @@
 #!/bin/sh
 
+export ORGCHKSM="5924c70e5c9fabf0398050349c3f4f283ab80091b23ea8c677249ee7bdd41f6e4910ce5e1bc32577e67763dc30d9b96cc3528256e1cc63dba959a5e3866ec21f"
+export ORGFILE="/usr/share/initramfs-tools/scripts/local-top/cryptroot"
+
+
 . /usr/share/debconf/confmodule
 
 _nask_cmd () {
   db_get naskpass/active
   if [ "x$1" = "xACTV" ] && [ "$RET" = "false" ]; then
-    dpkg-divert --package naskpass --add --rename --divert /var/backups/cryptroot.initramfs.bak \
-      /usr/share/initramfs-tools/scripts/local-top/cryptroot
-    ln -s /usr/share/naskpass/naskpass.script.initramfs \
-      /usr/share/initramfs-tools/scripts/local-top/cryptroot
+    if [ "${ORGCHKSM}" != "$(/usr/bin/sha512sum ${ORGFILE} | grep -Eo '^[0-9a-zA-Z]*')" ]; then
+      export ERRMSG="$0: sha512sum mismatch"
+      return 1
+    fi
+    dpkg-divert --package naskpass --add --rename --divert /var/backups/cryptroot.initramfs.bak ${ORGFILE}
+    cp /usr/share/naskpass/naskpass.script.initramfs ${ORGFILE}
     ln -s /usr/share/naskpass/naskpass.hook.initramfs \
       /usr/share/initramfs-tools/hooks/naskpass
     db_set naskpass/active true
   elif [ "x$1" = "xDCTV" ] && [ "$RET" = "true" ]; then
-    rm /usr/share/initramfs-tools/scripts/local-top/cryptroot
+    rm ${ORGFILE}
     rm /usr/share/initramfs-tools/hooks/naskpass
-    dpkg-divert --package naskpass --rename --remove /usr/share/initramfs-tools/scripts/local-top/cryptroot
+    dpkg-divert --package naskpass --rename --remove ${ORGFILE}
     db_set naskpass/active false
   fi
+  return 0
 }
 
-nask_activate ()	{ _nask_cmd "ACTV"; }
-nask_deactivate ()	{ _nask_cmd "DCTV"; }
+nask_activate ()	{ _nask_cmd "ACTV"; return $?; }
+nask_deactivate ()	{ _nask_cmd "DCTV"; return $?; }
diff --git a/scripts/naskpass.inithook b/scripts/naskpass.inithook
index 277203c..083c477 100644
--- a/scripts/naskpass.inithook
+++ b/scripts/naskpass.inithook
@@ -15,24 +15,9 @@ case "$1" in
 	;;
 esac
 
-export RDSUM="5924c70e5c9fabf0398050349c3f4f283ab80091b23ea8c677249ee7bdd41f6e4910ce5e1bc32577e67763dc30d9b96cc3528256e1cc63dba959a5e3866ec21f"
-export DIVFILE="/usr/share/naskpass/cryptroot.orig"
-export ORGFILE="/usr/share/initramfs-tools/scripts/local-top/cryptroot"
 
 . /usr/share/initramfs-tools/hook-functions
 
-if [ -f ${DIVFILE} ]; then
-  if [ ${RDSUM} != "$(/usr/bin/sha512sum ${DIVFILE} | grep -Eo '^[0-9a-zA-Z]*')" ]; then
-    echo "********************************" >&2
-    echo "* NASKPASS: sha512sum mismatch *" >&2
-    echo "********************************" >&2
-    echo "  WARNING: Using ORIG-File!" >&2
-    cp /usr/share/naskpass/cryptroot.orig ${DESTDIR}/scripts/local-top/cryptroot
-    echo "* Please re-run update-initramfs!" >&2
-    exit 1
-  fi
-fi
-
 copy_exec /lib/cryptsetup/naskpass /lib/cryptsetup
 mkdir -p ${DESTDIR}/lib/terminfo/l
 cp /lib/terminfo/l/linux ${DESTDIR}/lib/terminfo/l/
diff --git a/scripts/naskpass.initscript b/scripts/naskpass.initscript
index 1216e14..3f9be2c 100755..100644
--- a/scripts/naskpass.initscript
+++ b/scripts/naskpass.initscript
@@ -68,7 +68,7 @@ parse_options()
 	cryptlvm=""
 	cryptkeyscript=""
 	cryptkey="" # This is only used as an argument to an eventual keyscript
-	crypttries=1
+	crypttries=3
 	cryptrootdev=""
 	cryptdiscard=""
 	CRYPTTAB_OPTIONS=""
@@ -101,12 +101,23 @@ parse_options()
 		lvm=*)
 			cryptlvm=${x#lvm=}
 			;;
+		keyscript=*)
+			cryptkeyscript=${x#keyscript=}
+			;;
 		key=*)
 			if [ "${x#key=}" != "none" ]; then
 				cryptkey=${x#key=}
 			fi
 			export CRYPTTAB_KEY="$cryptkey"
 			;;
+		tries=*)
+			crypttries="${x#tries=}"
+			case "$crypttries" in
+			  *[![:digit:].]*)
+				crypttries=3
+				;;
+			esac
+			;;
 		rootdev)
 			cryptrootdev="yes"
 			;;
@@ -262,16 +273,21 @@ setup_mapping()
 				cryptkeyscript="plymouth ask-for-password --prompt"
 				cryptkey=$(printf "$cryptkey")
 			else
-				dmesg -n 1
 				cryptkeyscript="/lib/cryptsetup/naskpass"
 			fi
 		fi
 
 
 		if [ ! -e "$NEWROOT" ]; then
-			if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \
-			     $cryptkeyscript "$cryptcreate" ; then
-				continue;
+			if [ -x /bin/plymouth ] && plymouth --ping; then
+				message "naskpass does not work with playmouth, falling back to default askpass .."
+				if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \
+				     $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then
+					message "cryptsetup: cryptsetup failed, bad password or options?"
+					continue
+				fi
+			else
+				$cryptkeyscript -c "$cryptcreate"
 			fi
 		fi
 
diff --git a/ui.c b/ui.c
index f598d62..1eaf0c0 100644
--- a/ui.c
+++ b/ui.c
@@ -17,6 +17,7 @@
 #include "ui_statusbar.h"
 
 #include "status.h"
+#include "config.h"
 
 #define APP_TIMEOUT 60
 #define APP_TIMEOUT_FMT "%02d"
@@ -258,11 +259,13 @@ do_ui(int fifo_fd)
   struct anic *heartbeat;
   struct statusbar *higher, *lower;
   char key = '\0';
+  char *title;
 
+  asprintf(&title, "/* %s-%s */", PKGNAME, VERSION);
   ffd = fifo_fd;
   if (sem_init(&sem_rdy, 0, 0) == -1) {
     perror("init semaphore");
-    return (DOUI_ERR);
+    goto error;
   }
   init_ui();
   pw_input = init_input((unsigned int)(max_x / 2)-PASSWD_XRELPOS, (unsigned int)(max_y / 2)-PASSWD_YRELPOS, PASSWD_WIDTH, "PASSWORD: ", MAX_PASSWD_LEN, COLOR_PAIR(3), COLOR_PAIR(2));
@@ -274,9 +277,9 @@ do_ui(int fifo_fd)
   register_statusbar(lower);
   register_anic(heartbeat);
   activate_input(wnd_main, pw_input);
-  set_statusbar_text(higher, "/* NASKPASS */");
+  set_statusbar_text(higher, title);
   if (run_ui_thrd() != 0) {
-    return (DOUI_ERR);
+    goto error;
   }
   sem_wait(&sem_rdy);
   wtimeout(wnd_main, 1000);
@@ -304,6 +307,9 @@ do_ui(int fifo_fd)
   free_statusbar(lower);
   free_ui();
   return (DOUI_OK);
+error:
+  free(title);
+  return (DOUI_ERR);
 }
 
 bool
author	toni <matzeton@googlemail.com>	2015-02-05 11:05:32 +0100
committer	toni <matzeton@googlemail.com>	2015-02-07 03:45:13 +0100
commit	590d34f183c9abc60068a767426edbfec30cda3e (patch)
tree	7f084d1346d934a316ad12f4dac1d350587f49c1
parent	997103f7218b82f8364fc41e9b744d5ab282516c (diff)