dracut/modules.d/90crypt/parse-crypt.sh

#!/bin/sh

type crypttab_contains >/dev/null 2>&1 || . /lib/dracut-crypt-lib.sh


_cryptgetargsname() {
    debug_off
    local _o _found _key
    unset _o
    unset _found
    CMDLINE=$(getcmdline)
    _key="$1"
    set --
    for _o in $CMDLINE; do
        if [ "$_o" = "$_key" ]; then
            _found=1;
        elif [ "${_o%=*}" = "${_key%=}" ]; then
            [ -n "${_o%=*}" ] && set -- "$@" "${_o#*=}";
            _found=1;
        fi
    done
    if [ -n "$_found" ]; then
        [ $# -gt 0 ] && printf '%s' "$*"
        return 0
    fi
    return 1;
}

if ! getargbool 1 rd.luks -d -n rd_NO_LUKS; then
    info "rd.luks=0: removing cryptoluks activation"
    rm -f -- /etc/udev/rules.d/70-luks.rules
else
    {
        echo 'SUBSYSTEM!="block", GOTO="luks_end"'
        echo 'ACTION!="add|change", GOTO="luks_end"'
    } > /etc/udev/rules.d/70-luks.rules.new

    PARTUUID=$(getargs rd.luks.partuuid -d rd_LUKS_PARTUUID)
    SERIAL=$(getargs rd.luks.serial -d rd_LUKS_SERIAL)
    LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID)
    tout=$(getarg rd.luks.key.tout)

    if [ -e /etc/crypttab ]; then
        while read -r _ _dev _ || [ -n "$_dev" ]; do
            set_systemd_timeout_for_dev "$_dev"
        done < /etc/crypttab
    fi

    if [ -n "$PARTUUID" ]; then
        for uuid in $PARTUUID; do

            uuid=${uuid##luks-}
            if luksname=$(_cryptgetargsname "rd.luks.name=$uuid="); then
                luksname="${luksname#$uuid=}"
            else
                luksname="luks-$uuid"
            fi

            if [ -z "$DRACUT_SYSTEMD" ]; then
                {
                    printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
                } >> /etc/udev/rules.d/70-luks.rules.new
            else
                luksname=$(dev_unit_name "$luksname")
                luksname="$(str_replace "$luksname" '\' '\\')"

                if ! crypttab_contains "$uuid"; then
                    {
                        printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
                    } >> /etc/udev/rules.d/70-luks.rules.new
                fi
            fi
        done

    elif [ -n "$SERIAL" ]; then
        for serialid in $SERIAL; do

            serialid=${serialid##luks-}
            if luksname=$(_cryptgetargsname "rd.luks.name=$serialid="); then
                luksname="${luksname#$serialid=}"
            else
                luksname="luks-$serialid"
            fi

            if [ -z "$DRACUT_SYSTEMD" ]; then
                {
                    printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
                } >> /etc/udev/rules.d/70-luks.rules.new
            else
                luksname=$(dev_unit_name "$luksname")
                luksname="$(str_replace "$luksname" '\' '\\')"

                if ! crypttab_contains "$serialid"; then
                    {
                        printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
                    } >> /etc/udev/rules.d/70-luks.rules.new
                fi
            fi
        done

    elif [ -n "$LUKS" ]; then
        for luksid in $LUKS; do

            luksid=${luksid##luks-}
            if luksname=$(_cryptgetargsname "rd.luks.name=$luksid="); then
                luksname="${luksname#$luksid=}"
            else
                luksname="luks-$luksid"
            fi

            if [ -z "$DRACUT_SYSTEMD" ]; then
                {
                    printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
                    printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid"
                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
                } >> /etc/udev/rules.d/70-luks.rules.new
            else
                luksname=$(dev_unit_name "$luksname")
                luksname="$(str_replace "$luksname" '\' '\\')"

                if ! crypttab_contains "$luksid"; then
                    {
                        printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
                        printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid"
                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
                    } >> /etc/udev/rules.d/70-luks.rules.new
                fi
            fi

            uuid=$luksid
            while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done
            printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' $uuid \
                >> "$hookdir/initqueue/finished/90-crypt.sh"

            {
                printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' $luksid
                printf -- 'warn "crypto LUKS UUID "%s" not found"\n' $luksid
            } >> "$hookdir/emergency/90-crypt.sh"
        done
    elif getargbool 0 rd.auto; then
        if [ -z "$DRACUT_SYSTEMD" ]; then
            {
                printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
                printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
                printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' "$(command -v cryptroot-ask)" "$tout"
            } >> /etc/udev/rules.d/70-luks.rules.new
        else
            {
                printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
                printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '
                printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)"
            } >> /etc/udev/rules.d/70-luks.rules.new
        fi
    fi

    echo 'LABEL="luks_end"' >> /etc/udev/rules.d/70-luks.rules.new
    mv /etc/udev/rules.d/70-luks.rules.new /etc/udev/rules.d/70-luks.rules
fi
All module scripts should have a shebang 15 years ago			`#!/bin/sh`
set DRACUT_SYSTEMD for systemd mode in the initramfs 13 years ago
crypt: only manually activate systemd-cryptsetup, if not in crypttab Only additional rd.luks.UUID have to be manually activated. 12 years ago			`type crypttab_contains >/dev/null 2>&1 \|\| . /lib/dracut-crypt-lib.sh`

crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago
			`_cryptgetargsname() {`
			`debug_off`
			`local _o _found _key`
			`unset _o`
			`unset _found`
			`CMDLINE=$(getcmdline)`
			`_key="$1"`
			`set --`
			`for _o in $CMDLINE; do`
			`if [ "$_o" = "$_key" ]; then`
			`_found=1;`
			`elif [ "${_o%=*}" = "${_key%=}" ]; then`
			`[ -n "${_o%=}" ] && set -- "$@" "${_o#=}";`
			`_found=1;`
			`fi`
			`done`
			`if [ -n "$_found" ]; then`
			`[ $# -gt 0 ] && printf '%s' "$*"`
			`return 0`
			`fi`
			`return 1;`
			`}`

deprecate old command line options 13 years ago			`if ! getargbool 1 rd.luks -d -n rd_NO_LUKS; then`
new parameter option names with "rd.*" namespace Renamed Options Here is a list of options, which were used in dracut prior to version 008, and their new replacement. rdbreak rd.break rd_CCW rd.ccw rdcopystate rd.copystate rd_DASD_MOD rd.dasd_mod.dasd rd_DASD rd.dasd rdinitdebug rdnetdebug rd.debug rd_NO_DM rd.dm=0 rd_DM_UUID rd.dm.uuid rdblacklist rd.driver.blacklist rdinsmodpost rd.driver.post rdloaddriver rd.driver.pre rd_NO_FSTAB rd.fstab=0 rdinfo rd.info check rd.live.check rdlivedebug rd.live.debug live_dir rd.live.dir liveimg rd.live.image overlay rd.live.overlay readonly_overlay rd.live.overlay.readonly reset_overlay rd.live.overlay.reset live_ram rd.live.ram rd_NO_CRYPTTAB rd.luks.crypttab=0 rd_LUKS_KEYDEV_UUID rd.luks.keydev.uuid rd_LUKS_KEYPATH rd.luks.keypath rd_NO_LUKS rd.luks=0 rd_LUKS_UUID rd.luks.uuid rd_LUKS_UUID rd.luks.uuid rd_NO_LVMCONF rd.lvm.conf rd_LVM_LV rd.lvm.lv rd_NO_LVM rd.lvm=0 rd_LVM_SNAPSHOT rd.lvm.snapshot rd_LVM_SNAPSIZE rd.lvm.snapsize rd_LVM_VG rd.lvm.vg rd_NO_MDADMCONF rd.md.conf=0 rd_NO_MDIMSM rd.md.imsm=0 rd_NO_MD rd.md=0 rd_MD_UUID rd.md.uuid rd_NFS_DOMAIN rd.nfs.domain rd_NO_PLYMOUTH rd.plymouth=0 rd_retry rd.retry rdshell rd.shell rd_NO_SPLASH rd.splash rdudevdebug rd.udev.debug rdudevinfo rd.udev.info rd_NO_ZFCPCONF rd.zfcp.conf=0 rd_ZFCP rd.zfcp 15 years ago			`info "rd.luks=0: removing cryptoluks activation"`
use "rm --" to guard against filenames beginning with "-" 12 years ago			`rm -f -- /etc/udev/rules.d/70-luks.rules`
crypt: assemble 70-luks.rules dynamically 15 years ago			`else`
			`{`
90crypt: keys on external devices support 99base/dracut-lib.sh: new fun.: getoptcomma, foreach_uuid_until 15 years ago			`echo 'SUBSYSTEM!="block", GOTO="luks_end"'`
			`echo 'ACTION!="add\|change", GOTO="luks_end"'`
crypt/parse-crypt.sh: fixed rule creation "\n" was missing create rules file on tmp file and rename it later 14 years ago			`} > /etc/udev/rules.d/70-luks.rules.new`
90crypt: keys on external devices support 99base/dracut-lib.sh: new fun.: getoptcomma, foreach_uuid_until 15 years ago
crypt: Implement cmdline rd.luks.partuuid Commit bf5c53a implements support for mounting LUKS devices with detached headers; however, it assumes that the LUKS device sits on an unpartitioned disk. Mirroring the `rd.luks.serial` option, this commit implements the `rd.luks.partuuid` cmdline option, supporting headless LUKS devices on drive partitions. 7 years ago			`PARTUUID=$(getargs rd.luks.partuuid -d rd_LUKS_PARTUUID)`
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile. 8 years ago			`SERIAL=$(getargs rd.luks.serial -d rd_LUKS_SERIAL)`
deprecate old command line options 13 years ago			`LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID)`
crypt: changed cmdline arg name from rd.luks.tout to rd.luks.key.tout 14 years ago			`tout=$(getarg rd.luks.key.tout)`
90crypt: keys on external devices support 99base/dracut-lib.sh: new fun.: getoptcomma, foreach_uuid_until 15 years ago
crypt: check for crypttab before reading 10 years ago			`if [ -e /etc/crypttab ]; then`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`while read -r _ _dev _ \|\| [ -n "$_dev" ]; do`
			`set_systemd_timeout_for_dev "$_dev"`
crypt: check for crypttab before reading 10 years ago			`done < /etc/crypttab`
			`fi`
crypt/parse-crypt.sh: hide encrypted devices from systemd timeout warnings. When systemd's crypttab generator parsed crypttab, it tells systemd about several devices which may not appear until later in the boot sequence, and which are not needed while dract is running. This can particularly happen when an md array is encrypted, and the array is newly degraded so that it doesn't appear until dracut runs mdraid_start.sh. This can result in systemd printing warning messages which are inappropriate. So tell systemd that the timeout for each of these is zero. This is involves splitting some functionality out of wait_for_dev() That function does two things: - creates 'finished' hooks so that dracut will wait for the device, and - sets the systemd timeout for the device to zero, so systemd doesn't wait. We only want the second of these for most encrypted devices. So split that out into a new function set_systemd_timeout_for_dev(), and call it from parse-crypt.sh Signed-off-by: NeilBrown <neilb@suse.de> -- This version fixes the missing redirect from /etc/crypttab NeilBrown 10 years ago
crypt: Implement cmdline rd.luks.partuuid Commit bf5c53a implements support for mounting LUKS devices with detached headers; however, it assumes that the LUKS device sits on an unpartitioned disk. Mirroring the `rd.luks.serial` option, this commit implements the `rd.luks.partuuid` cmdline option, supporting headless LUKS devices on drive partitions. 7 years ago			`if [ -n "$PARTUUID" ]; then`
			`for uuid in $PARTUUID; do`

			`uuid=${uuid##luks-}`
			`if luksname=$(_cryptgetargsname "rd.luks.name=$uuid="); then`
			`luksname="${luksname#$uuid=}"`
			`else`
			`luksname="luks-$uuid"`
			`fi`

			`if [ -z "$DRACUT_SYSTEMD" ]; then`
			`{`
			`printf -- 'ENV{ID_PART_ENTRY_UUID}=="%s", ' "$uuid"`
			`printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"`
			`printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"`
			`printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"`
			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`else`
			`luksname=$(dev_unit_name "$luksname")`
			`luksname="$(str_replace "$luksname" '\' '\\')"`

			`if ! crypttab_contains "$uuid"; then`
			`{`
			`printf -- 'ENV{ID_PART_ENTRY_UUID}=="%s", ' "$uuid"`
			`printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"`
			`printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"`
			`printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"`
			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`fi`
			`fi`
			`done`

			`elif [ -n "$SERIAL" ]; then`
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile. 8 years ago			`for serialid in $SERIAL; do`

			`serialid=${serialid##luks-}`
			`if luksname=$(_cryptgetargsname "rd.luks.name=$serialid="); then`
			`luksname="${luksname#$serialid=}"`
			`else`
			`luksname="luks-$serialid"`
			`fi`

			`if [ -z "$DRACUT_SYSTEMD" ]; then`
			`{`
			`printf -- 'ENV{ID_SERIAL_SHORT}=="%s", ' "$serialid"`
			`printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"`
			`printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"`
			`printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"`
			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`else`
			`luksname=$(dev_unit_name "$luksname")`
crypt: escape backslashes for systemd unit names b/c udev/initqueue/bash otherwise luks\x2d25e41d19\x2d1580\x2d4e7c\x2d8875\x2d134045008f33 turns to luksx2d25e41d19x2d1580x2d4e7cx2d8875x2d134045008f33 7 years ago			`luksname="$(str_replace "$luksname" '\' '\\')"`

Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile. 8 years ago			`if ! crypttab_contains "$serialid"; then`
			`{`
			`printf -- 'ENV{ID_SERIAL_SHORT}=="%s", ' "$serialid"`
			`printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"`
			`printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"`
			`printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"`
			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`fi`
			`fi`
			`done`

			`elif [ -n "$LUKS" ]; then`
removed trailing whitespaces 14 years ago			`for luksid in $LUKS; do`
crypt: add systemd crypt support 13 years ago
crypt: strip "luks-" from rd_LUKS_UUID 15 years ago			`luksid=${luksid##luks-}`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`if luksname=$(_cryptgetargsname "rd.luks.name=$luksid="); then`
			`luksname="${luksname#$luksid=}"`
			`else`
			`luksname="luks-$luksid"`
			`fi`
crypt: add systemd crypt support 13 years ago
			`if [ -z "$DRACUT_SYSTEMD" ]; then`
			`{`
			`printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`printf -- 'ENV{ID_FS_UUID}=="%s", ' "$luksid"`
			`printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"`
			`printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"`
			`printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"`
crypt: add systemd crypt support 13 years ago			`} >> /etc/udev/rules.d/70-luks.rules.new`
crypt/parse-crypt.sh: create udev rule for systemd Start the systemd-cryptsetup@luks-*.service for the detected crypto_LUKS device in the initqueue, so we block in the initqueue and wait for the password entry. 12 years ago			`else`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`luksname=$(dev_unit_name "$luksname")`
crypt: escape backslashes for systemd unit names b/c udev/initqueue/bash otherwise luks\x2d25e41d19\x2d1580\x2d4e7c\x2d8875\x2d134045008f33 turns to luksx2d25e41d19x2d1580x2d4e7cx2d8875x2d134045008f33 7 years ago			`luksname="$(str_replace "$luksname" '\' '\\')"`

crypt: only manually activate systemd-cryptsetup, if not in crypttab Only additional rd.luks.UUID have to be manually activated. 12 years ago			`if ! crypttab_contains "$luksid"; then`
			`{`
			`printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`printf -- 'ENV{ID_FS_UUID}=="%s", ' "$luksid"`
			`printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"`
			`printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"`
			`printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"`
crypt: only manually activate systemd-cryptsetup, if not in crypttab Only additional rd.luks.UUID have to be manually activated. 12 years ago			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`fi`
crypt: add systemd crypt support 13 years ago			`fi`
90crypt: keys on external devices support 99base/dracut-lib.sh: new fun.: getoptcomma, foreach_uuid_until 15 years ago
luks key on ext dev - wait for luks This really waits for the luks mapper device, so luksOpen can do it job 14 years ago			`uuid=$luksid`
			`while [ "$uuid" != "${uuid#-}" ]; do uuid=${uuid%%-}${uuid#*-}; done`
90crypt/parse-crypt.sh: simplify rd.luks.uuid testing 13 years ago			`printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-%s-* ] \|\| exit 1\n' $uuid \`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`>> "$hookdir/initqueue/finished/90-crypt.sh"`
luks key on ext dev - wait for luks This really waits for the luks mapper device, so luksOpen can do it job 14 years ago
90crypt: keys on external devices support 99base/dracut-lib.sh: new fun.: getoptcomma, foreach_uuid_until 15 years ago			`{`
get rid of absolute PATHs 14 years ago			`printf -- '[ -e /dev/disk/by-uuid/%s ] \|\| ' $luksid`
			`printf -- 'warn "crypto LUKS UUID "%s" not found"\n' $luksid`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`} >> "$hookdir/emergency/90-crypt.sh"`
90crypt: keys on external devices support 99base/dracut-lib.sh: new fun.: getoptcomma, foreach_uuid_until 15 years ago			`done`
add "rd.auto" parameter and switch off automatic assembly No automatic assembly is done anymore by default. You will have to specify exactly what devices to assemble ("rd.md.uuid=" "rd.luks.uuid" ...) or use "rd.auto=1" or "rd.auto" on the kernel command line. For big servers with thousands of disks we don't want to assemble everything by default (error prone, slow). 13 years ago			`elif getargbool 0 rd.auto; then`
crypt: add systemd crypt support 13 years ago			`if [ -z "$DRACUT_SYSTEMD" ]; then`
			`{`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"`
crypt: Wait for udev to settle before unlocking disk To eliminate a race condition that occurs when unlocking one device depends on the result of unlocking a device before it, the crypt module must wait for udev to settle between each unlock attempt. Example /etc/crypttab: keyfile /dev/md1 none luks sda4_crypt /dev/sda4 /dev/mapper/keyfile luks sdb4_crypt /dev/sdb4 /dev/mapper/keyfile luks Without this patch, sometimes /dev/sda4 fails to unlock because udev doesn't have time to create /dev/mapper/keyfile before it's needed. 12 years ago			`printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' "$(command -v cryptroot-ask)" "$tout"`
crypt: add systemd crypt support 13 years ago			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`else`
			`{`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"`
crypt: Wait for udev to settle before unlocking disk To eliminate a race condition that occurs when unlocking one device depends on the result of unlocking a device before it, the crypt module must wait for udev to settle between each unlock attempt. Example /etc/crypttab: keyfile /dev/md1 none luks sda4_crypt /dev/sda4 /dev/mapper/keyfile luks sdb4_crypt /dev/sdb4 /dev/mapper/keyfile luks Without this patch, sometimes /dev/sda4 fails to unlock because udev doesn't have time to create /dev/mapper/keyfile before it's needed. 12 years ago			`printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '`
crypt: handle rd.luks.name systemd supports renaming of dm devices with rd.luks.name. Honor the kernel command line parameter. 8 years ago			`printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)"`
crypt: add systemd crypt support 13 years ago			`} >> /etc/udev/rules.d/70-luks.rules.new`
			`fi`
crypt: assemble 70-luks.rules dynamically 15 years ago			`fi`

crypt/parse-crypt.sh: fixed rule creation "\n" was missing create rules file on tmp file and rename it later 14 years ago			`echo 'LABEL="luks_end"' >> /etc/udev/rules.d/70-luks.rules.new`
			`mv /etc/udev/rules.d/70-luks.rules.new /etc/udev/rules.d/70-luks.rules`
add command line parameters to specify exact actions for root assembly LVM rd_NO_LVM disable LVM detection rd_LVM_VG=<volume group name> only activate the volume groups with the given name crypto LUKS rd_NO_LUKS disable crypto LUKS detection rd_LUKS_UUID=<luks uuid> only activate the LUKS partitions with the given UUID MD rd_NO_MD disable MD RAID detection rd_MD_UUID=<md uuid> only activate the raid sets with the given UUID DMRAID rd_NO_DM disable DM RAID detection rd_DM_UUID=<dmraid uuid> only activate the raid sets with the given UUID 16 years ago			`fi`