1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
#!/bin/bash
set -eu
PATH="/usr/bin:/bin:/usr/sbin:/sbin"
export PATH
if [ -d /run/systemd/system ]; then
export SYSTEMCTL_SKIP_REDIRECT="y"
# systemd masks cryptdisks.service and we can't unmask it because /etc/init.d is the only source
rm -f -- $(systemctl show -p FragmentPath --value cryptdisks.service)
systemctl daemon-reload
fi
# create 64M zero devices
dmsetup create disk0 --table "0 $(( 64 * 2*1024)) zero"
dmsetup create disk1 --table "0 $(( 64 * 2*1024)) zero"
dmsetup create disk2 --table "0 $(( 64 * 2*1024)) zero"
dmsetup create disk3 --table "0 $((128 * 2*1024)) zero"
# join disk #1 and #2
dmsetup create disk12 <<-EOF
0 $((64 * 2*1024)) linear /dev/mapper/disk1 0
$((64 * 2*1024)) $((64 * 2*1024)) linear /dev/mapper/disk2 0
EOF
cipher="aes-cbc-essiv:sha256"
size=32 # bytes
cat >/etc/crypttab <<-EOF
crypt_disk0 /dev/mapper/disk0 /dev/urandom plain,cipher=$cipher,size=$((8*size))
crypt_disk0a /dev/mapper/crypt_disk0 /dev/urandom plain,cipher=$cipher,size=$((8*size))
crypt_disk12 /dev/mapper/disk12 /dev/urandom plain,cipher=$cipher,size=$((8*size))
crypt_disk3 /dev/mapper/disk3 /dev/urandom plain,cipher=$cipher,size=$((8*size))
crypt_disk3b /dev/mapper/crypt_disk3 /dev/urandom plain,cipher=$cipher,size=$((8*size)),offset=$(( 64 * 2*1024))
crypt_disk3b0 /dev/mapper/crypt_disk3b /dev/urandom plain,cipher=$cipher,size=$((8*size))
EOF
/etc/init.d/cryptdisks start
# now add crypt_disk3a (preceeding crypt_disk3b) with a size limit (can't do that via crypttab but dmsetup allows it)
dmsetup create crypt_disk3a --uuid "CRYPT-PLAIN-crypt_disk3a" --addnodeoncreate <<-EOF
0 $((64 * 2*1024)) crypt $cipher $(xxd -l$size -ps -c256 </dev/urandom) 0 /dev/mapper/crypt_disk3 0
EOF
lsblk
# disk0 253:0 0 64M 0 dm
# └─crypt_disk0 253:5 0 64M 0 crypt
# └─crypt_disk0a 253:6 0 64M 0 crypt
# disk1 253:1 0 64M 0 dm
# └─disk12 253:4 0 128M 0 dm
# └─crypt_disk12 253:7 0 128M 0 crypt
# disk2 253:2 0 64M 0 dm
# └─disk12 253:4 0 128M 0 dm
# └─crypt_disk12 253:7 0 128M 0 crypt
#disk3 253:3 0 128M 0 dm
#└─crypt_disk3 253:8 0 128M 0 crypt
# ├─crypt_disk3b 253:9 0 64M 0 crypt
# │ └─crypt_disk3b0 253:10 0 64M 0 crypt
# └─crypt_disk3a 253:11 0 64M 0 dm
# check device-mapper table (crypt target only)
# https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt
# <start_sector> <size> "crypt" <target mapping table> <cipher> <key> <iv_offset> <device path> <offset> [<#opt_params> <opt_params>]
dmsetup table --target="crypt" >"$AUTOPKGTEST_TMP/table"
sed -ri "s/\\s+0{$((2*size))}(\\s+[0-9]+)\\s+[0-9]+:[0-9]+(\s|$)/\\1\\2/" -- "$AUTOPKGTEST_TMP/table"
LC_ALL=C sort -t: -k1,1 <"$AUTOPKGTEST_TMP/table" >"$AUTOPKGTEST_TMP/table2"
diff -u --color=auto --label="a/table" --label="b/table" -- - "$AUTOPKGTEST_TMP/table2" <<-EOF
crypt_disk0: 0 $((64 * 2*1024)) crypt $cipher 0 0
crypt_disk0a: 0 $((64 * 2*1024)) crypt $cipher 0 0
crypt_disk12: 0 $((2*64 * 2*1024)) crypt $cipher 0 0
crypt_disk3: 0 $((128 * 2*1024)) crypt $cipher 0 0
crypt_disk3a: 0 $((64 * 2*1024)) crypt $cipher 0 0
crypt_disk3b: 0 $((64 * 2*1024)) crypt $cipher 0 $((64 * 2*1024))
crypt_disk3b0: 0 $((64 * 2*1024)) crypt $cipher 0 0
EOF
# close disks and ensure there no leftover devices
/etc/init.d/cryptdisks stop
dmsetup table --target="crypt" >"$AUTOPKGTEST_TMP/table"
if [ -s "$AUTOPKGTEST_TMP/table" ]; then
echo "ERROR: leftover crypt devices" >&2
cat <"$AUTOPKGTEST_TMP/table"
exit 1
fi
|
