/lib/partman/choose_partition/35crypto/do_option is in ubiquity 18.04.14.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 | #!/bin/sh
# "Setup encrypted volumes" in the main menu.
# 1. Checks required tools
# 2. Checks for valid cipher options
# 3. Commits partman changes
# 4. Checks for safe swap
# 5. Creates keyfiles
# 6. Erases to-be-encrypted partitions
# 7. Does losetup/dmsetup
# 8. Restarts partman
. /lib/partman/lib/crypto-base.sh
get_passphrase () {
db_set partman-crypto/activate/passphrase-existing ""
db_fset partman-crypto/activate/passphrase-existing seen false
db_subst partman-crypto/activate/passphrase-existing DEVICE "$1"
db_input critical partman-crypto/activate/passphrase-existing
db_go || return 1
db_get partman-crypto/activate/passphrase-existing || RET=''
echo -n "$RET"
}
do_cryptsetup () {
local dev num id size path
local dump cipher keysize ivalgorithm keytype keyhash
local cryptdev pass
dev=$1
num=$2
id=$3
size=$4
path=$5
dump="$(cryptsetup luksDump "$path")"
cipher="$(echo "$dump" | sed -n '/^Cipher name:/s/.*[[:space:]]//p')"
if [ "$cipher" ]; then
crypto_load_udebs "cdebconf-$DEBIAN_FRONTEND-entropy" \
partman-crypto-dm
crypto_check_required_tools dm-crypt
crypto_load_modules dm-crypt "$cipher"
fi
keysize="$(echo "$dump" | sed -n '/^MK bits:/s/.*[[:space:]]//p')"
ivalgorithm="$(echo "$dump" | sed -n '/^Cipher mode:/s/.*[[:space:]]//p')"
keytype=passphrase
keyhash="$(echo "$dump" | sed -n '/^Hash spec:/s/.*[[:space:]]//p')"
cryptdev="${path##*/}_crypt"
if ! cryptsetup status "$cryptdev" >/dev/null 2>&1; then
while :; do
pass="$(get_passphrase "$path")" || return 1
if [ -z "$pass" ]; then
return 1
fi
echo -n "$pass" | log-output -t partman-crypto \
cryptsetup -d - luksOpen "$path" "$cryptdev" \
&& break
done
cryptdev="/dev/mapper/$cryptdev"
echo dm-crypt > $id/crypto_type
echo "$keysize" > $id/keysize
echo "$ivalgorithm" > $id/ivalgorithm
echo "$keytype" > $id/keytype
echo "$keyhash" > $id/keyhash
echo cipher > $id/cipher
echo crypto_keep > $id/method
echo "$cryptdev" > $id/crypt_active
db_subst partman-crypto/text/in_use DEV "${cryptdev##*/}"
db_metaget partman-crypto/text/in_use description
partman_lock_unit "$(mapdevfs "$path")" "$RET"
fi
}
do_activate () {
local found_luks dev partitions num id size type fs path name part
found_luks=0
for dev in $DEVICES/*; do
[ -d "$dev" ] || continue
cd "$dev"
partitions=
open_dialog PARTITIONS
while { read_line num id size type fs path name; [ "$id" ]; }; do
[ "$fs" != free ] || continue
partitions="$partitions $id,$path"
done
close_dialog
for part in $partitions; do
id="${part%%,*}"
path="${part#*,}"
if cryptsetup isLuks "$path" 2>/dev/null; then
found_luks=1
do_cryptsetup "$dev" "$num" "$id" "$size" \
"$path" || continue
fi
done
done
if [ "$found_luks" = 0 ]; then
db_input critical partman-crypto/activate/no_luks
db_go || true
return
fi
# Encrypted devices as configured by d-i usually contain LVM PVs
export LVM_SUPPRESS_FD_WARNINGS=1
log-output -t partman-crypto pvscan
log-output -t partman-crypto vgscan
log-output -t partman-crypto vgchange -a y
# Tell partman to detect filesystems again.
rm -f /var/lib/partman/filesystems_detected
stop_parted_server
restart_partman
exit 0
}
do_create () {
local parts line pv output vg pathmap
parts=""
pathmap=""
# Look for free partitions
IFS="$NL"
for line in $(crypto_list_allowed_free); do
restore_ifs
local dev="${line%%$TAB*}"
line="${line#*$TAB}"
local id="${line%%$TAB*}"
line="${line#*$TAB}"
local size="${line%%$TAB*}"
local path="${line#*$TAB}"
cd $dev
if [ -s "$id/visual_filesystem" ]; then
local visual="$(cat "$id/visual_filesystem")"
output=$(printf "%-30s (%sMB; %s)" "$path" "$(convert_to_megabytes $size)" "$visual")
else
output=$(printf "%-30s (%sMB)" "$path" "$(convert_to_megabytes $size)")
fi
parts="${parts:+$parts, }$output"
pathmap="${pathmap:+$pathmap$NL}$path$TAB$dev//$id"
IFS="$NL"
done
restore_ifs
if [ -z "$parts" ]; then
db_input critical partman-crypto/nothing_to_setup
db_go || true
return
fi
db_subst partman-crypto/create/partitions PARTITIONS "$parts"
db_reset partman-crypto/create/partitions
db_input critical partman-crypto/create/partitions
db_go || return
db_get partman-crypto/create/partitions
if [ -z "$RET" ]; then
db_input critical partman-crypto/create/nosel
db_go || true
return
fi
parts=$(echo "$RET" | sed -e "s/ *([^)]*) *//g; s/ *, */\\$NL/g")
local newparts=
local need_commit=
IFS="$NL"
for part in $parts; do
for line in $pathmap; do
restore_ifs
if [ "${line%%$TAB*}" = "$part" ]; then
local devid="${line#*$TAB}"
local path
if path="$(crypto_prepare "${devid%//*}" "${devid#*//}")"; then
need_commit=true
fi
newparts="${newparts:+$newparts }$path"
break
fi
IFS="$NL"
done
IFS="$NL"
done
restore_ifs
parts="$newparts"
if [ "$need_commit" ]; then
confirm_changes partman-crypto || exit 0
commit_changes partman-crypto/commit_failed || exit $?
fi
}
confirm_changes partman-crypto || exit 0
commit_changes partman-crypto/commit_failed || exit $?
while :; do
db_input critical partman-crypto/mainmenu
db_go || exit 10
db_get partman-crypto/mainmenu
case $RET in
activate) do_activate ;; # exits if any volumes were activated
create) do_create ;;
finish) break ;;
*)
logger -t partman-crypto "Unknown selection '$RET'"
break ;;
esac
done
crypto_check_setup || exit 1
crypto_setup yes || exit 1
|