2bb2f918ee
A recent patch[1] added --pbkdf-memory to the cryptsetup command line to limit the memory cryptsetup is using. However, some distros use an older version of cryptsetup that does not need this setting. This patch adds logic to detect this and run the commands without --pbkdf-memory. [1] https://review.opendev.org/663784 Change-Id: I9e0debcbfe6ceeff0012c827d70d80d938b5a2fb Story: 2006066 Task: 34782
20 lines
708 B
Bash
Executable File
20 lines
708 B
Bash
Executable File
#!/bin/bash
|
|
|
|
modprobe brd
|
|
passphrase=$(head /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 32 | head -n 1)
|
|
certs_path=$(awk "/base_cert_dir / {printf \$3}" /etc/octavia/amphora-agent.conf)
|
|
mkdir -p "${certs_path}"
|
|
|
|
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksFormat /dev/ram0 -
|
|
# Some distrobutions have an old cryptsetup, try without --pbkdf-memory
|
|
if [ $? -eq 0 ]
|
|
then
|
|
echo -n "${passphrase}" | cryptsetup --pbkdf-memory=262144 luksOpen /dev/ram0 certfs-ramfs -
|
|
else
|
|
echo -n "${passphrase}" | cryptsetup luksFormat /dev/ram0 -
|
|
echo -n "${passphrase}" | cryptsetup luksOpen /dev/ram0 certfs-ramfs -
|
|
fi
|
|
|
|
mkfs.ext2 /dev/mapper/certfs-ramfs
|
|
mount /dev/mapper/certfs-ramfs "${certs_path}"
|