From fda9f25fdb9b4ede985e4d0bb82ba7bc2fde2073 Mon Sep 17 00:00:00 2001 From: Ole Tange Date: Tue, 14 Sep 2021 22:10:28 +0200 Subject: [PATCH 1/5] bwlimit: Initial release. --- Makefile | 22 +++++------ bwlimit/bwlimit | 99 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 11 deletions(-) create mode 100755 bwlimit/bwlimit diff --git a/Makefile b/Makefile index dcc9a32..1614c22 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,15 @@ -CMD = blink 2grep 2search burncpu drac duplicate-packets em emoticons \ - encdir fanspeed field find-first-fail forever fxkill G \ - gitnext gitundo goodpasswd histogram Loffice mtrr mirrorpdf \ - neno not off pdfman pidcmd pidtree plotpipe puniq ramusage \ - rand rclean rina rn rrm seekmaniac shython sound-reload \ - splitvideo stdout swapout T teetime timestamp tracefile \ - transpose upsidedown vid w4it-for-port-open whitehash \ - wifi-reload wssh youtube-lbry ytv yyyymmdd +CMD = 2grep 2search blink burncpu bwlimit drac duplicate-packets em \ + emoticons encdir fanspeed field find-first-fail forever \ + fxkill G gitnext gitundo goodpasswd histogram Loffice mtrr \ + mirrorpdf neno not off pdfman pidcmd pidtree plotpipe puniq \ + ramusage rand rclean rina rn rrm seekmaniac shython \ + sound-reload splitvideo stdout swapout T teetime timestamp \ + tracefile transpose upsidedown vid w4it-for-port-open \ + whitehash wifi-reload wssh youtube-lbry ytv yyyymmdd -all: blink/blink.1 2search/2grep.1 2search/2search.1 \ - burncpu/burncpu.1 drac/drac.1 encdir/encdir.1 \ - fanspeed/fanspeed.1 field/field.1 \ +all: 2search/2grep.1 2search/2search.1 blink/blink.1 \ + burncpu/burncpu.1 bwlimit/bwlimit.1 drac/drac.1 \ + encdir/encdir.1 fanspeed/fanspeed.1 field/field.1 \ find-first-fail/find-first-fail.1 G/G.1 gitnext/gitnext.1 \ gitundo/gitundo.1 goodpasswd/goodpasswd.1 \ histogram/histogram.1 mirrorpdf/mirrorpdf.1 neno/neno.1 \ diff --git a/bwlimit/bwlimit b/bwlimit/bwlimit new file mode 100755 index 0000000..ef799d6 --- /dev/null +++ b/bwlimit/bwlimit @@ -0,0 +1,99 @@ +#!/bin/bash + +: <<=cut +=pod + +=head1 NAME + +bwlimit - Limit bandwidth based on interface and port + + +=head1 SYNOPSIS + +B I I [I] + + +=head1 DESCRIPTION + +B limits incoming trafic to I megabits/second. + +If I is not given, B will look for B in +B. + +=head1 EXAMPLE + +Limit eth0 to 2 megabits/seconds on port 9001 + + bwlimit eth0 2 9001 + + +=head1 AUTHOR + +Copyright (C) 2021 Ole Tange, +http://ole.tange.dk and Free Software Foundation, Inc. + + +=head1 LICENSE + +Copyright (C) 2012 Free Software Foundation, Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 3 of the License, or +at your option any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . + + +=head1 DEPENDENCIES + +B uses B. + + +=head1 SEE ALSO + +B + + +=cut + +bwlimit() { + help() { + echo "Limit bandwidth of interface" + echo + echo "$0 interface mbps [port]" + echo "E.g. $0 eth0 10 9001" + return 255 + } + bwlimitport() { + iface="$1" + port="$2" + mbps="$3" + tc filter add dev "$iface" ingress protocol ip \ + basic match "cmp(u16 at 2 layer transport eq $port)" \ + action police rate "$mbps"mibit burst 256k + } + iface="$1" + mbps="$2" + port="$3" + + orporttorrc=$(grep -E ^ORPort /etc/tor/torrc | awk '{print $2}') + ORPort=${port:-$orporttorrc} + if [[ "$iface" = "--help" ]] ; then + help + return $! + fi + if [[ "$mbps" = "off" ]] ; then + tc qdisc del dev "$iface" ingress + else + tc qdisc add dev "$iface" ingress + bwlimitport "$iface" "$ORPort" "$mbps" + fi +} +bwlimit "$@" From cb49a0997a4aabe814aef7bd7787219d58cc9b85 Mon Sep 17 00:00:00 2001 From: Ole Tange Date: Mon, 27 Dec 2021 19:34:00 +0100 Subject: [PATCH 2/5] plotpipe: Allow expressions. --- plotpipe/plotpipe | 122 +++++++++++++++++++++++++++++++++------------- 1 file changed, 89 insertions(+), 33 deletions(-) diff --git a/plotpipe/plotpipe b/plotpipe/plotpipe index 5baeda0..ecd191b 100755 --- a/plotpipe/plotpipe +++ b/plotpipe/plotpipe @@ -9,7 +9,7 @@ plotpipe - Plot CSV data from a pipe =head1 SYNOPSIS -I | B [-n] [-H] [-0] [--log axis] [-C str] [-h] [-V] +I | B [-n] [-H] [-0] [--log axis] [-C str] [-h] [-V] [I] =head1 DESCRIPTION @@ -24,6 +24,16 @@ titles on the plot. =over 4 +=item I + +Evaluate I. I consists of parts separated by +,. Each part is evaluated as a Perl expression. You can use {I} as +the column value: + + seq 10 | plotpipe '{1},{1},{1}**2,sqrt({1})' + (echo x y;paste <(seq 10) <(seq 11 20)) | + plotpipe {1},{2},{2}/{1} + =item B<--colsep> I =item B<-C> I @@ -76,7 +86,7 @@ Use \0 (NUL) instead of newline (\n) as record separator. =item B<-s> I -Smooth values. Take the average of I y-values. +Smooth values. Take the median of I y-values. =item B<--version> @@ -91,15 +101,15 @@ Show version =head1 EXAMPLE -Plot the points (1,100) .. (100,1): +Plot (1,100) .. (100,1): paste <(seq 100 -1 1) | plotpipe -Plot the points (1,101) .. (100,200): +Plot (1,101) .. (100,200): paste <(seq 100) <(seq 101 200) | plotpipe -Plot the points (1,101) .. (100,200) and (1,300) .. (100,102): +Plot (1,101) .. (100,200) and (1,300) .. (100,102): paste <(seq 100) <(seq 101 200) <(seq 300 -2 102) | plotpipe @@ -146,11 +156,10 @@ input.csv: You are not limited to a simple graph, but can also do XY-line plots. seq 0 0.001 6.29 | - perl -nE 'say sin($_*100)*0.3+0.5*cos($_*2),",", - sin($_*2)-cos($_*100)*0.3,",", - sin($_)+cos($_*99),",", - sin($_*3)-cos($_*101)' | - plotpipe + plotpipe 'sin({1}*100)*0.3+0.5*cos({1}*2), + sin({1}*2)-cos({1}*100)*0.3, + sin({1})+cos({1}*99), + sin({1}*3)-cos({1}*101)' =head1 LIMITS @@ -189,7 +198,10 @@ B uses B and B. =head1 SEE ALSO -B, B +B, B, B +(http://ploticus.sourceforge.net/doc/welcome.html), B +(https://github.com/dkogan/feedgnuplot), B +(https://github.com/tenox7/ttyplot) =cut @@ -368,13 +380,15 @@ if(not GetOptions(options_hash())) { } $Global::progname = "plotpipe"; -$Global::version = 20210222; +$Global::version = 20210302; if($opt::version) { version(); exit 0; } if($opt::help) { help(); exit 0; } if($opt::null) { $/ = "\0"; } +my @eval_function = split/,/, join(" ",@ARGV); + # Read csv -my @csv = <>; +my @csv = ; # Title = lines starting with # my @title = map { s/^#//; s/"/''/g; $_ } map { "$_" } grep { /^#/ } @csv; @@ -408,22 +422,41 @@ if($opt::header) { } # Convert input to perl table -my $ncols = split /$opt::colsep/, $csv[0]; my @tbl; -if($ncols >= 2 and not $opt::nox) { - # Column 1 = x-axis - for(@csv) { - chomp; - my @row = split /$opt::colsep/, $_; - push @tbl,\@row; +for(@csv) { + chomp; + my @row = split /$opt::colsep/, $_; + push @tbl,\@row; +} + +# Eval +if(@eval_function) { + for(@eval_function) { + my $new_header = $_; + $new_header =~ s/\{(\d+)\}/$header[$1-1] || "\\\\{$1\\\\}"/ge; + push @new_header, $new_header; } + $opt::header = 1; + @header = @new_header; + for my $row (@tbl) { + my @newrow = map { + s/\{(\d+)\}/$row->[$1-1]/g; + eval "$_" + } map { $_ } @eval_function; + $row = \@newrow; + } +} + +# Add x-axis if needed +my $ncols = $#{$tbl[0]}+1; +if($ncols >= 2 and not $opt::nox) { + # Column 1 = x-axis => Data is fine } else { - # All data = y-axis, invent x-axis + # All data = y-axis => Invent x-axis my $x = 0; - for(@csv) { - chomp; - my @row = ($x++, split /$opt::colsep/, $_); - push @tbl,\@row; + for my $row (@tbl) { + my @newrow = ($x++, @$row); + $row = \@newrow; } # Prepend dummy header for x-axis unshift(@header,""); @@ -438,19 +471,42 @@ if($opt::smooth) { exit(255); } my $smooth = $opt::smooth-1; - for(my $x = 0; $x < $smooth; $x++) { - for (my $y = 0; $y <= $#{$tbl[$x]}; $y++) { - $sum[$y] += $tbl[$x][$y] / $opt::smooth; - } + + sub median { + return ((sort { $a <=> $b } @_)[$#_/2]); } - for(my $x = $smooth; $x <= $#tbl; $x++) { + sub avg { + my $s=0; + map { $s += $_ } @_; + return ($s / ($#_+1)); + } + + for(my $x = 0; $x < $#tbl-$smooth; $x++) { for (my $y = 0; $y <= $#{$tbl[$x]}; $y++) { - $sum[$y] += $tbl[$x][$y] / $opt::smooth; - $new[$x-$smooth][$y] = $sum[$y]; - $sum[$y] -= $tbl[$x-$smooth][$y] / $opt::smooth; + my @med; + for(my $m = $x; $m < $x+$smooth; $m++) { + push @med, $tbl[$m][$y]; + } + $new[$x+$smooth/2][$y] = median(@med); } } @tbl = @new; + + sub do_average() { + for(my $x = 0; $x < $smooth; $x++) { + for (my $y = 0; $y <= $#{$tbl[$x]}; $y++) { + $sum[$y] += $tbl[$x][$y] / $opt::smooth; + } + } + for(my $x = $smooth; $x <= $#tbl; $x++) { + for (my $y = 0; $y <= $#{$tbl[$x]}; $y++) { + $sum[$y] += $tbl[$x][$y] / $opt::smooth; + $new[$x-$smooth][$y] = $sum[$y]; + $sum[$y] -= $tbl[$x-$smooth][$y] / $opt::smooth; + } + } + @tbl = @new; + } } # Save data to tmpfile that will be read by Gnuplot From 6fc28084d914ddac75c4d8a264bcbc5bf553dec9 Mon Sep 17 00:00:00 2001 From: Ole Tange Date: Sun, 13 Feb 2022 00:43:32 +0100 Subject: [PATCH 3/5] whitehash: 3x faster. --- whitehash/whitehash | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/whitehash/whitehash b/whitehash/whitehash index 58f1d57..a171936 100755 --- a/whitehash/whitehash +++ b/whitehash/whitehash @@ -47,16 +47,19 @@ def mergeparts(tabs,part): spc = [ i.encode("utf-8") for i in ("", " ", " ", " ", " ", " ", " ", " ") ] -def recur(pre,n): +def recur(m,pre,n): if n == len(part)-1: for i in spc: - sha1 = (hashlib.sha1(pre+i+part[n]).hexdigest())[0:searchlen]; - if sha1 in searchstrings: - print(hashlib.sha1(pre+i+part[n]).hexdigest()) + sub = m.copy() + sub.update(i+part[n]) + if (sub.hexdigest())[0:searchlen] in searchstrings: + print(sub.hexdigest()) print((pre+i+part[n]).decode()) else: for i in spc: - recur(pre+i+part[n],n+1) + sub = m.copy() + sub.update(i+part[n]) + recur(sub,pre+i+part[n],n+1) bits = searchlen*4 part = readparts(); @@ -75,4 +78,6 @@ searchstrings = [ i[0:searchlen] for i in + # Generate 012..f 123..0 .. f01..e [ s[-i:]+s[:-i] for i in range(16)] ] -recur(part[0],1) +m = hashlib.sha1() +m.update(part[0]) +recur(m,part[0],1) From ea4c5308491b7f7335aa414c5b743804ff267b16 Mon Sep 17 00:00:00 2001 From: Ole Tange Date: Sat, 23 Apr 2022 18:58:06 +0200 Subject: [PATCH 4/5] ubuntu-22.04: works on laptop. --- .../scripts/local-top/cryptroot | 8 +- .../scripts/local-top/cryptroot | 294 ++++++++++++++++++ 2 files changed, 300 insertions(+), 2 deletions(-) create mode 100644 decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot diff --git a/decrypt-root-with-usb/ubuntu-20.04/usr/share/initramfs-tools/scripts/local-top/cryptroot b/decrypt-root-with-usb/ubuntu-20.04/usr/share/initramfs-tools/scripts/local-top/cryptroot index 18216ef..c0053d4 100644 --- a/decrypt-root-with-usb/ubuntu-20.04/usr/share/initramfs-tools/scripts/local-top/cryptroot +++ b/decrypt-root-with-usb/ubuntu-20.04/usr/share/initramfs-tools/scripts/local-top/cryptroot @@ -1,5 +1,7 @@ #!/bin/sh +# Search for cryptkey.txt + PREREQ="cryptroot-prepare" # @@ -171,9 +173,11 @@ setup_mapping() { echo -n "Searching for cryptkey.txt on available disks... " local partition for partition in `cat /proc/partitions |awk '{print $4}'|tail -n +3`; do - if mount /dev/$partition /mnt 2>/dev/null; then + echo -n " $partition" + if mount -oro /dev/"$partition" /mnt 2>/dev/null; then + echo -n "(mounted)" cat /mnt/cryptkey.txt >> /tmp/cryptkeys.txt 2>/dev/null - umount /dev/$partition + umount /dev/"$partition" fi done echo "done." diff --git a/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot b/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot new file mode 100644 index 0000000..61e7ec2 --- /dev/null +++ b/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot @@ -0,0 +1,294 @@ +#!/bin/sh + +# Search for cryptkey.txt + +PREREQ="cryptroot-prepare" + +# +# Standard initramfs preamble +# +prereqs() +{ + # Make sure that cryptroot is run last in local-top + local req + for req in "${0%/*}"/*; do + script="${req##*/}" + if [ "$script" != "${0##*/}" ]; then + printf '%s\n' "$script" + fi + done +} + +case $1 in +prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions + +[ -f /lib/cryptsetup/functions ] || return 0 +. /lib/cryptsetup/functions + + +# wait_for_source() +# Wait for encrypted $CRYPTTAB_SOURCE . Set $CRYPTTAB_SOURCE +# to its normalized device name when it shows up; +# return 1 if timeout. +wait_for_source() { + wait_for_udev 10 + + if crypttab_resolve_source; then + # the device is here already, no need to loop + return 0 + fi + + # If the source device hasn't shown up yet, give it a little while + # to allow for asynchronous device discovery (e.g. USB). + # + # We also need to take into account RAID or other devices that may + # only be available on local-block stage. So, wait 5 seconds upfront, + # in local-top; if that fails, end execution relying on local-block + # invocations. Allow $ROOTDELAY/4 invocations with 1s sleep times (with + # a minimum of 20 invocations), and if after that we still fail, then it's + # really time to give-up. Variable $initrd_cnt tracks the re-invocations. + # + # Part of the lines below has been taken from initramfs-tools + # scripts/local's local_device_setup(), as suggested per + # https://launchpad.net/bugs/164044 . + + local slumber=5 + if [ "${CRYPTROOT_STAGE-}" = "local-block" ]; then + slumber=1 + fi + + cryptsetup_message "Waiting for encrypted source device $CRYPTTAB_SOURCE..." + + while [ $slumber -gt 0 ]; do + sleep 1 + + if [ -x /scripts/local-block/lvm2 ]; then + # activate any VG that might hold $CRYPTTAB_SOURCE + /scripts/local-block/lvm2 "$CRYPTTAB_SOURCE" + fi + + if crypttab_resolve_source; then + wait_for_udev 10 + return 0 + fi + + slumber=$(( $slumber - 1 )) + done + return 1 +} + +# setup_mapping() +# Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME, +# $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS. +setup_mapping() { + local dev initrd_cnt + + # We control here the number of re-invocations of this script from + # local-block - the heuristic is $ROOTDELAY/4, with a minimum of 20. + + if [ -f "$CRYPTROOT_COUNT_FILE" ]; then + initrd_cnt="$(cat <"$CRYPTROOT_COUNT_FILE")" + else + initrd_cnt="${ROOTDELAY:-180}" + initrd_cnt=$(( initrd_cnt/4 )) + if [ $initrd_cnt -lt 20 ]; then + initrd_cnt=20 + fi + echo "$initrd_cnt" >"$CRYPTROOT_COUNT_FILE" + fi + + # The same target can be specified multiple times + # e.g. root and resume lvs-on-lvm-on-crypto + if dm_blkdevname "$CRYPTTAB_NAME" >/dev/null; then + return 0 + fi + + crypttab_parse_options --export --missing-path=fail || return 1 + + if ! wait_for_source; then + if [ $initrd_cnt -eq 0 ]; then + # we've given up + if [ -n "$panic" ]; then + panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME." + else + # let the user fix matters if they can + echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME." + echo " Check cryptopts=source= bootarg: cat /proc/cmdline" + echo " or missing modules, devices: cat /proc/modules; ls /dev" + panic "Dropping to a shell." + fi + return 1 # can't continue because environment is lost + else + initrd_cnt=$(( initrd_cnt - 1 )) + echo "$initrd_cnt" >"$CRYPTROOT_COUNT_FILE" + return 0 # allow some attempts on local-block stage + fi + fi + + # our `cryptroot-unlock` script searches for cryptsetup processes + # with a given CRYPTTAB_NAME it their environment + export CRYPTTAB_NAME + + if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ]; then + # no keyscript: interactive unlocking, or key file + + if [ "${CRYPTTAB_KEY#/FIXME-initramfs-rootmnt/}" != "$CRYPTTAB_KEY" ]; then + # skip the mapping for now if the root FS is not mounted yet + sed -rn 's/^\s*[^#[:blank:]]\S*\s+(\S+)\s.*/\1/p' /proc/mounts | grep -Fxq -- "$rootmnt" || return 1 + # substitute the "/FIXME-initramfs-rootmnt/" prefix by the real root FS mountpoint otherwise + CRYPTTAB_KEY="$rootmnt/${CRYPTTAB_KEY#/FIXME-initramfs-rootmnt/}" + fi + + if [ "$CRYPTTAB_KEY" != "none" ]; then + if [ ! -e "$CRYPTTAB_KEY" ]; then + cryptsetup_message "ERROR: Skipping target $CRYPTTAB_NAME: non-existing key file $CRYPTTAB_KEY" + return 1 + fi + # try only once if we have a key file + CRYPTTAB_OPTION_tries=1 + fi + fi + + local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv + while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do + if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then + # unlock via keyfile + unlock_mapping "$CRYPTTAB_KEY" + else + if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ]; then + # Wait for USB to settle + /bin/sleep 3 + + # Test all devices + mkdir /mnt + echo -n "Searching for cryptkey.txt on available disks... " + local partition + for partition in `cat /proc/partitions |awk '{print $4}'|tail -n +3`; do + echo -n " $partition" + if mount -oro /dev/"$partition" /mnt 2>/dev/null; then + echo -n "(mounted)" + cat /mnt/cryptkey.txt >> /tmp/cryptkeys.txt 2>/dev/null + umount /dev/"$partition" + fi + done + echo "done." + fi + + if [ -s /tmp/cryptkeys.txt ]; then + local keyfound + keyfound=0 + echo Trying keys from cryptkey.txt + for key in `cat /tmp/cryptkeys.txt`; do + if echo -n "$key" | unlock_mapping; then + # Found the key + echo Key found in cryptkey.txt + keyfound=1 + key="" + fi + done + # Remove traces of the key + rm /tmp/cryptkeys.txt + unset key + if [ "$keyfound" = "0" ]; then + # Fall back to manual entry + run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping + fi + else + # unlock interactively or via keyscript + run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping + fi + fi + rv=$? + count=$(( $count + 1 )) + + if [ $rv -ne 0 ]; then + cryptsetup_message "ERROR: $CRYPTTAB_NAME: cryptsetup failed, bad password or options?" + sleep 1 + continue + elif ! dev="$(dm_blkdevname "$CRYPTTAB_NAME")"; then + cryptsetup_message "ERROR: $CRYPTTAB_NAME: unknown error setting up device mapping" + return 1 + fi + + if ! fstype="$(get_fstype "$dev")" || [ "$fstype" = "unknown" ]; then + if [ "$CRYPTTAB_TYPE" != "luks" ]; then + # bad password for plain dm-crypt device? or mkfs not run yet? + cryptsetup_message "ERROR: $CRYPTTAB_NAME: unknown fstype, bad password or options?" + wait_for_udev 10 + /sbin/cryptsetup remove -- "$CRYPTTAB_NAME" + sleep 1 + continue + fi + elif [ "$fstype" = lvm2 ]; then + if [ ! -x /sbin/lvm ]; then + cryptsetup_message "WARNING: $CRYPTTAB_NAME: lvm is not available" + return 1 + elif vg="$(lvm pvs --noheadings -o vg_name --config 'log{prefix=""}' -- "$dev")"; then + # activate the VG held by the PV we just unlocked + lvm lvchange -a ay --sysinit -- "$vg" + fi + fi + + cryptsetup_message "$CRYPTTAB_NAME: set up successfully" + wait_for_udev 10 + return 0 + done + + cryptsetup_message "ERROR: $CRYPTTAB_NAME: maximum number of tries exceeded" + exit 1 +} + + +####################################################################### +# Begin real processing + +mkdir -p /cryptroot # might not exist yet if the main system has no crypttab(5) + +# Do we have any kernel boot arguments? +if ! grep -qE '^(.*\s)?cryptopts=' /proc/cmdline; then + # ensure $TABFILE exists and has a mtime greater than the boot time + # (existing $TABFILE is preserved) + touch -- "$TABFILE" +else + # let the read builtin unescape the '\' as GRUB substitutes '\' by '\\' in the cmdline + tr ' ' '\n' "$TABFILE" +fi + +# Do we have any settings from the $TABFILE? +if [ -s "$TABFILE" ]; then + # Create locking directory before invoking cryptsetup(8) to avoid warnings + mkdir -pm0700 /run/cryptsetup + modprobe -q dm_crypt + + crypttab_foreach_entry setup_mapping +fi + +exit 0 From 23562506477881bd506d09a42b1f44c26e5a2abb Mon Sep 17 00:00:00 2001 From: Ole Tange Date: Sat, 21 May 2022 13:01:40 +0200 Subject: [PATCH 5/5] decrypt-root-with-usb: ubuntu-22.04 patch. --- .../ubuntu-22.04/cryptroot.patch | 61 +++++++++++++++++++ .../scripts/local-top/cryptroot | 2 +- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 decrypt-root-with-usb/ubuntu-22.04/cryptroot.patch diff --git a/decrypt-root-with-usb/ubuntu-22.04/cryptroot.patch b/decrypt-root-with-usb/ubuntu-22.04/cryptroot.patch new file mode 100644 index 0000000..b39ec77 --- /dev/null +++ b/decrypt-root-with-usb/ubuntu-22.04/cryptroot.patch @@ -0,0 +1,61 @@ +--- cryptroot.orig 2022-05-21 12:59:09.224162975 +0200 ++++ usr/share/initramfs-tools/scripts/local-top/cryptroot 2022-04-23 19:58:19.872003766 +0200 +@@ -1,5 +1,7 @@ + #!/bin/sh + ++# Search for cryptkey.txt ++ + PREREQ="cryptroot-prepare" + + # +@@ -159,8 +161,48 @@ + # unlock via keyfile + unlock_mapping "$CRYPTTAB_KEY" + else +- # unlock interactively or via keyscript +- run_keyscript "$count" | unlock_mapping ++ if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ]; then ++ # Wait for USB to settle ++ /bin/sleep 3 ++ ++ # Test all devices ++ mkdir /mnt ++ echo -n "Searching for cryptkey.txt on available disks... " ++ local partition ++ for partition in `cat /proc/partitions |awk '{print $4}'|tail -n +3`; do ++ echo -n " $partition" ++ if mount -oro /dev/"$partition" /mnt 2>/dev/null; then ++ echo -n "(mounted)" ++ cat /mnt/cryptkey.txt >> /tmp/cryptkeys.txt 2>/dev/null ++ umount /dev/"$partition" ++ fi ++ done ++ echo "done." ++ fi ++ ++ if [ -s /tmp/cryptkeys.txt ]; then ++ local keyfound ++ keyfound=0 ++ echo "Trying keys from cryptkey.txt for opening $CRYPTTAB_SOURCE as $CRYPTTAB_NAME" ++ for key in `cat /tmp/cryptkeys.txt`; do ++ if echo -n "$key" | unlock_mapping; then ++ # Found the key ++ echo Key found in cryptkey.txt ++ keyfound=1 ++ key="" ++ fi ++ done ++ # Remove traces of the key ++ rm /tmp/cryptkeys.txt ++ unset key ++ if [ "$keyfound" = "0" ]; then ++ # Fall back to manual entry ++ run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping ++ fi ++ else ++ # unlock interactively or via keyscript ++ run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping ++ fi + fi + rv=$? + count=$(( $count + 1 )) diff --git a/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot b/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot index 61e7ec2..374a999 100644 --- a/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot +++ b/decrypt-root-with-usb/ubuntu-22.04/usr/share/initramfs-tools/scripts/local-top/cryptroot @@ -183,7 +183,7 @@ setup_mapping() { if [ -s /tmp/cryptkeys.txt ]; then local keyfound keyfound=0 - echo Trying keys from cryptkey.txt + echo "Trying keys from cryptkey.txt for opening $CRYPTTAB_SOURCE as $CRYPTTAB_NAME" for key in `cat /tmp/cryptkeys.txt`; do if echo -n "$key" | unlock_mapping; then # Found the key