| Age | Commit message (Collapse) | Author |
|---|
|
This adds a sample crypttab file for users to deploy to /etc/crypttab.
This version changes the syntax of the crypttab file. Previously, the
syntax was
<mapper_name> <device_path> <key_path>
The mapper name is now inferred from the device path (replacing all `/`
with `_` so `/dev/sda1` becomes `_dev_sda1` for example). The new syntax
is:
<crypt_device> <key_path> <mount_path>
Note that the mount path is now included. Previously it was expected
that the user would include the mapper path in their fstab file so a
subsequent `mount -a` would mount it once decrypted. This has all kinds
of service start order problems. Now crypttab handles mounting and
unmouting, so the mount path is part of the config file.
This also now makes `lsof` and optional program so stopping mount still
works if lsof is not installed.
|
|
This replaces most calls to `echo` with `printf` to improve
compatibility. This also replaces the bash-specific double bracket
test conditional with the POSIX compliant single bracket.
|
|
Was parsing all lines in the crypttab file as the same line, causing any
line beyond the first to be ignored.
Also updated global variable tab to be all caps to better indicate that
it is a global.
|
|
Since not all init processes allow for something like crypttab to be
executed before the mount command to mount filesystems in /etc/fstab,
added a mount -a command to ensure the crypted filesystems are mounted
on setup.
Added a process kill on stop to ensure the filesystems are freed to
unmount and decrypt before shutting down.
Renamed some ambiguous 'i' variables to 'entry' for clarification.
|
|
Currently supports a very basic crypttab text file (/etc/crypttab). Also
only supports luks devices. More support to be added later.
|
