detect and open LUKS encrypted devices in mountall

2026-01-07 09:10:43 +01:00 · 2022-07-24 19:46:56 +02:00 · 2022-07-24 19:46:56 +02:00 · f38c7ba8ca
parent 2d8bb769c1
commit f38c7ba8ca
1 changed files with 56 additions and 2 deletions
--- a/airootfs/usr/share/sysrescue/bin/mountall
+++ b/airootfs/usr/share/sysrescue/bin/mountall
@ -104,6 +104,41 @@ parse_args()
    true
 }

+is_cryptodev()
+{
+    local DEV="$1"
+
+    [[ $VERBOSE -eq 1 ]] && echo "Checking if $DEV is an encrypted device..."
+
+    BLKID=$(blkid "$DEV")
+    [[ $VERBOSE -eq 1 ]] && echo "blkid output: $BLKID"
+
+    if [[ "$BLKID" != *" TYPE="* ]] && [[ "$BLKID" != "TYPE="* ]]; then
+        # blkid must return a "TYPE" tag for it to be mountable at all
+        [[ $VERBOSE -eq 1 ]] && echo "$DEV is not mountable (no TYPE)"
+        false
+        return
+    fi
+
+    if [[ "$BLKID" != *"TYPE=\"crypto"* ]]; then
+        [[ $VERBOSE -eq 1 ]] && echo "$DEV is not not encrypted"
+        false
+        return
+    fi
+
+    # is the device already opened?
+    DEVNAME=$(basename "$DEV")
+    if /usr/bin/test -d /sys/devices/virtual/block/*/slaves/$DEVNAME ; then
+        [[ $VERBOSE -eq 1 ]] && echo "$DEV is already opened"
+        false
+        return
+    fi
+
+    [[ $VERBOSE -eq 1 ]] && echo "$DEV looks to be an encrypted device that could be opened"
+
+    true
+}
+
 is_mountable()
 {
    local DEV="$1"
@ -122,7 +157,8 @@ is_mountable()
    
    if [[ "$BLKID" == *"TYPE=\"linux_raid_member\""* ]] ||
        [[ "$BLKID" == *"TYPE=\"LVM2_member\""* ]] ||
-        [[ "$BLKID" == *"TYPE=\"swap\""* ]]; then
+        [[ "$BLKID" == *"TYPE=\"swap\""* ]] ||
+        [[ "$BLKID" == *"TYPE=\"crypto"* ]] ; then
        # these are not directly mountable
        [[ $VERBOSE -eq 1 ]] && echo "$DEV is not mountable (swap, RAID or LVM)"
        false
@ -229,6 +265,15 @@ for BLKDEV in $(ls -1 "/sys/class/block"); do
    # handle device mapper / lvm volumes in the 2nd loop for nice names
    [[ -d "/sys/class/block/${BLKDEV}/dm" ]] && continue

+    if is_cryptodev "/dev/${BLKDEV}"; then
+        if /usr/bin/cryptsetup open "/dev/${BLKDEV}" "${BLKDEV}_crypt"; then
+            # we will handle the opened crypto volume in the mapper loop below
+            continue
+        else
+            echo "error opening ${BLKDEV}"
+        fi
+    fi
+
    if is_mountable "/dev/${BLKDEV}"; then
        try_mount "/dev/${BLKDEV}"
    fi
@ -236,8 +281,17 @@ done

 # loop through device mapper / lvm volumes
 for LVMDEV in $(ls -1 "/dev/mapper"); do
-    # there is always one central control entry
+    # there is always one central control entry, skip it
    [[ "$LVMDEV" == "control" ]] && continue
+
+    if is_cryptodev "/dev/mapper/${LVMDEV}"; then
+        if /usr/bin/cryptsetup open "/dev/mapper/${LVMDEV}" "${LVMDEV}_crypt"; then
+            # check if we can mount the opened device below
+            LVMDEV="${LVMDEV}_crypt"
+        else
+            echo "error opening ${LVMDEV}"
+        fi
+    fi
    
    if is_mountable "/dev/mapper/${LVMDEV}"; then
        try_mount "/dev/mapper/${LVMDEV}"