kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6064 Commits
1 Branch
68 Tags
6.7 MiB
Tree: 909961d048
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '909961d048'
${ noResults }
dracut/modules.d/90crypt/module-setup.sh

168 lines
5.8 KiB
Raw Normal View History Unescape

replaced check,install,installkernel with module-info.sh
14 years ago
#!/bin/bash
*/module-setup.sh: add comments for dracut called functions
11 years ago
# called by dracut
replaced check,install,installkernel with module-info.sh
14 years ago
check() {
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
local fs
replaced check,install,installkernel with module-info.sh
14 years ago
# if cryptsetup is not installed, then we cannot support encrypted devices.
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
require_any_binary "$systemdutildir"/systemd-cryptsetup cryptsetup || return 1
replaced check,install,installkernel with module-info.sh
14 years ago
make host_fs_types a hashmap This requires bash >= 4, but hash maps are so much more comfortable
11 years ago
[[ $hostonly ]] || [[ $mount_needs ]] && {
for fs in "${host_fs_types[@]}"; do
style: shfmt -s reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w -s . ```
3 years ago
[[ $fs == "crypto_LUKS" ]] && return 0
make host_fs_types a hashmap This requires bash >= 4, but hash maps are so much more comfortable
11 years ago
done
return 255
}
return 0
}
*/module-setup.sh: add comments for dracut called functions
11 years ago
# called by dracut
make host_fs_types a hashmap This requires bash >= 4, but hash maps are so much more comfortable
11 years ago
depends() {
echo dm rootfs-block
return 0
}
*/module-setup.sh: add comments for dracut called functions
11 years ago
# called by dracut
make host_fs_types a hashmap This requires bash >= 4, but hash maps are so much more comfortable
11 years ago
installkernel() {
crypt: install drbg unconditionally in hostonly mode older kernels had the drbg kernel module and didn't need it (cherry picked from commit 89948e58fd0f80def0912c18c503912873aa9c48)
9 years ago
hostonly="" instmods drbg
Install crypto modules in 90kernel-modules We don't want to play catch up with hash and encryption algorithms. To be safe, just use the hammer and include all crypto. Fixes https://github.com/dracutdevs/dracut/issues/802
4 years ago
instmods dm_crypt
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
# in case some of the crypto modules moved from compiled in
# to module based, try to install those modules
# best guess
fix(crypt): install all crypto modules in the generic initrd Just install all `=crypto` drivers in the generic initramfs, because who are we to decide which combinations are allowed in current and future `cryptsetup`. We only could install blacklist filter in the future, if there are modules, which are definetely not used and are huge in size.
3 years ago
if [[ $hostonly ]] || [[ $mount_needs ]]; then
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
# dmsetup returns s.th. like
# cryptvol: 0 2064384 crypt aes-xts-plain64 :64:logon:cryptsetup:....
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
dmsetup table | while read -r name _ _ is_crypt cipher _; do
[[ $is_crypt == "crypt" ]] || continue
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
# get the device name
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
name=/dev/$(dmsetup info -c --noheadings -o blkdevname "${name%:}")
# check if the device exists as a key in our host_fs_types (even with null string)
# shellcheck disable=SC2030 # this is a shellcheck bug
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
if [[ ${host_fs_types[$name]+_} ]]; then
# split the cipher aes-xts-plain64 in pieces
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
IFS='-:' read -ra mods <<< "$cipher"
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
# try to load the cipher part with "crypto-" prepended
# in non-hostonly mode
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
hostonly='' instmods "${mods[@]/#/crypto-}" "crypto-$cipher"
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
fi
done
fix(crypt): install all crypto modules in the generic initrd Just install all `=crypto` drivers in the generic initramfs, because who are we to decide which combinations are allowed in current and future `cryptsetup`. We only could install blacklist filter in the future, if there are modules, which are definetely not used and are huge in size.
3 years ago
else
instmods "=crypto"
fi
90crypt/module-setup.sh: try to catch kernel config changes If a crypto kernel module changes from compiled in to module, the encrypted disk might fail to open, because the kernel module was not included in the initramfs. This patch tries heuristically to catch such modules. Fixes https://github.com/dracutdevs/dracut/issues/706
4 years ago
return 0
make host_fs_types a hashmap This requires bash >= 4, but hash maps are so much more comfortable
11 years ago
}
*/module-setup.sh: add comments for dracut called functions
11 years ago
# called by dracut
add parameter --print-cmdline This prints the kernel command line parameters for the current disk layout. $ dracut --print-cmdline rd.luks.uuid=luks-e68c8906-6542-4a26-83c4-91b4dd9f0471 rd.lvm.lv=debian/root rd.lvm.lv=debian/usr root=/dev/mapper/debian-root rootflags=rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered rootfstype=ext4
11 years ago
cmdline() {
local dev UUID
fix: shellcheck 0.7.2 github action `luizm/action-sh-checker@v0.2.2` uses `shellcheck-0.7.2`, which detects more non-posix shell code and complains accordingly.
3 years ago
# shellcheck disable=SC2031
add parameter --print-cmdline This prints the kernel command line parameters for the current disk layout. $ dracut --print-cmdline rd.luks.uuid=luks-e68c8906-6542-4a26-83c4-91b4dd9f0471 rd.lvm.lv=debian/root rd.lvm.lv=debian/usr root=/dev/mapper/debian-root rootflags=rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered rootfstype=ext4
11 years ago
for dev in "${!host_fs_types[@]}"; do
style: shfmt -s reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w -s . ```
3 years ago
[[ ${host_fs_types[$dev]} != "crypto_LUKS" ]] && continue
add parameter --print-cmdline This prints the kernel command line parameters for the current disk layout. $ dracut --print-cmdline rd.luks.uuid=luks-e68c8906-6542-4a26-83c4-91b4dd9f0471 rd.lvm.lv=debian/root rd.lvm.lv=debian/usr root=/dev/mapper/debian-root rootflags=rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered rootfstype=ext4
11 years ago
UUID=$(
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
blkid -u crypto -o export "$dev" \
| while read -r line || [ -n "$line" ]; do
[[ ${line#UUID} == "$line" ]] && continue
style: shfmt reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w . ```
3 years ago
printf "%s" "${line#UUID=}"
break
done
add parameter --print-cmdline This prints the kernel command line parameters for the current disk layout. $ dracut --print-cmdline rd.luks.uuid=luks-e68c8906-6542-4a26-83c4-91b4dd9f0471 rd.lvm.lv=debian/root rd.lvm.lv=debian/usr root=/dev/mapper/debian-root rootflags=rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered rootfstype=ext4
11 years ago
)
[[ ${UUID} ]] || continue
printf "%s" " rd.luks.uuid=luks-${UUID}"
done
}
*/module-setup.sh: add comments for dracut called functions
11 years ago
# called by dracut
add parameter --print-cmdline This prints the kernel command line parameters for the current disk layout. $ dracut --print-cmdline rd.luks.uuid=luks-e68c8906-6542-4a26-83c4-91b4dd9f0471 rd.lvm.lv=debian/root rd.lvm.lv=debian/usr root=/dev/mapper/debian-root rootflags=rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered rootfstype=ext4
11 years ago
install() {
replaced check,install,installkernel with module-info.sh
14 years ago
Add flag to toggle hostonly cmdline storing in the initramfs --hostonly-cmdline: Store kernel command line arguments needed in the initramfs --no-hostonly-cmdline: Do not store kernel command line arguments needed in the initramfs
10 years ago
if [[ $hostonly_cmdline == "yes" ]]; then
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
local _cryptconf
_cryptconf=$(cmdline)
Don't create lots of empty cmdline files for hostonly-cmdline case This aligns other places piping cmdline() output to cmdline.d files with the earlier fix for 95rootfs-block. Signed-off-by: Thorsten Behrens <tbehrens@suse.com> Signed-off-by: Thomas Renninger <trenn@suse.de>
10 years ago
[[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf"
Add flag to toggle hostonly cmdline storing in the initramfs --hostonly-cmdline: Store kernel command line arguments needed in the initramfs --no-hostonly-cmdline: Do not store kernel command line arguments needed in the initramfs
10 years ago
fi
replaced check,install,installkernel with module-info.sh
14 years ago
inst_hook cmdline 30 "$moddir/parse-crypt.sh"
crypt: do not cleanup in systemd mode
11 years ago
if ! dracut_module_included "systemd"; then
crypt: with systemd cryptsetup is not needed
7 years ago
inst_multiple cryptsetup rmdir readlink umount
inst_script "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
inst_script "$moddir"/probe-keydev.sh /sbin/probe-keydev
inst_hook cmdline 10 "$moddir/parse-keydev.sh"
crypt: do not cleanup in systemd mode
11 years ago
inst_hook cleanup 30 "$moddir/crypt-cleanup.sh"
fi
crypt/module-setup.sh: filter /etc/crypttab in host-only mode only take those /etc/crypttab entries, which we need to boot the system
11 years ago
Allow running on a cross-compiled rootfs For the shell scripts, new environment variables were introduced. dracutsysrootdir is the root directory, file existence checks use it. DRACUT_LDCONFIG can override ldconfig with a different one that works on the sysroot with foreign binaries. DRACUT_LDD can override ldd with a different one that works with foreign binaries. DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot may use symlinks that are valid only when running on the target so a real file must be provided that exist in the sysroot. DRACUT_INSTALL now supports debugging dracut-install in itself when run by dracut but without debugging the dracut scripts. E.g. DRACUT_INSTALL="valgrind dracut-install or DRACUT_INSTALL="dracut-install --debug". DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA, DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ, DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4, DRACUT_COMPRESS_CAT: All of the compression utilities may be overridden, to support the native binaries in non-standard places. DRACUT_ARCH overrides "uname -m". SYSTEMD_VERSION overrides "systemd --version". The dracut-install utility was overhauled to support sysroot via a new option -r and fixes for clang-analyze. It supports cross-compiler-ldd from https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f DRACUT_INSTALL_PATH was introduced so dracut-install can work with a different PATH. In a cross-compiled environment (e.g. Yocto), PATH points to natively built binaries that are not in the host's /bin, /usr/bin, etc. dracut-install still needs plain /bin and /usr/bin that are relative to the cross-compiled sysroot. The hashmap pool allocate_tile/deallocate_tile code was removed because clang-analyze showed errors in it. hashmap_copy was removed because it wasn't used and clang-analyze showed errors in it. DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were introduced so dracut-install can use different settings from DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL. Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
5 years ago
if [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/crypttab ]]; then
crypt/module-setup.sh: filter /etc/crypttab in host-only mode only take those /etc/crypttab entries, which we need to boot the system
11 years ago
# filter /etc/crypttab for the devices we need
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
while read -r _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
style: shfmt -s reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w -s . ```
3 years ago
[[ $_mapper == \#* ]] && continue
crypt/module-setup.sh: filter /etc/crypttab in host-only mode only take those /etc/crypttab entries, which we need to boot the system
11 years ago
[[ $_dev ]] || continue
crypt/module-setup.sh: also handle UUID= while filtering crypttab The crypttab filter for host-only did not handle UUID= entries. https://bugzilla.redhat.com/show_bug.cgi?id=919752
11 years ago
style: shfmt reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w . ```
3 years ago
[[ $_dev == PARTUUID=* ]] \
&& _dev="/dev/disk/by-partuuid/${_dev#PARTUUID=}"
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
style: shfmt reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w . ```
3 years ago
[[ $_dev == UUID=* ]] \
&& _dev="/dev/disk/by-uuid/${_dev#UUID=}"
crypt/module-setup.sh: also handle UUID= while filtering crypttab The crypttab filter for host-only did not handle UUID= entries. https://bugzilla.redhat.com/show_bug.cgi?id=919752
11 years ago
style: shfmt reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w . ```
3 years ago
[[ $_dev == ID=* ]] \
&& _dev="/dev/disk/by-id/${_dev#ID=}"
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
echo "$_dev $(blkid "$_dev" -s UUID -o value)" >> "${initdir}/etc/block_uuid.map"
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
# loop through the options to check for the force option
luksoptions=${_luksoptions}
OLD_IFS="${IFS}"
IFS=,
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
# shellcheck disable=SC2086
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
set -- ${luksoptions}
IFS="${OLD_IFS}"
90crypt/module-setup.sh: fix force on multiple lines The first line in crypttab with a "force" option causes all subsequent lines to be included as if they also had it set because the variable used to track it is not reset between loop iterations. So fix that by just setting it to empty before the check for the force option.
4 years ago
forceentry=""
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
while [ $# -gt 0 ]; do
case $1 in
force)
forceentry="yes"
break
;;
esac
shift
crypt/module-setup.sh: filter /etc/crypttab in host-only mode only take those /etc/crypttab entries, which we need to boot the system
11 years ago
done
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
# include the entry regardless
if [ "${forceentry}" = "yes" ]; then
echo "$_mapper $_dev $_luksfile $_luksoptions"
else
fix: shellcheck 0.7.2 github action `luizm/action-sh-checker@v0.2.2` uses `shellcheck-0.7.2`, which detects more non-posix shell code and complains accordingly.
3 years ago
# shellcheck disable=SC2031
Add basic LUKS detached header support A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS". Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file. - Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test). - Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs. - Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality). - Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}. Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header. Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
7 years ago
for _hdev in "${!host_fs_types[@]}"; do
[[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
echo "$_mapper $_dev $_luksfile $_luksoptions"
break
fi
done
fi
fix: shellcheck for modules.d/90crypt/module-setup.sh
3 years ago
done < "$dracutsysrootdir"/etc/crypttab > "$initdir"/etc/crypttab
Add rd.hostonly kernel command line parameters rd.hostonly=0 will remove all configuration compiled in the initramfs from the host on which it was build
10 years ago
mark_hostonly /etc/crypttab
crypt/module-setup.sh: filter /etc/crypttab in host-only mode only take those /etc/crypttab entries, which we need to boot the system
11 years ago
fi
modules.d/*/module-setup.sh: combine and specify type for installs To speedup image creation, combine dracut_install calls and specify the exact type. E.g. inst_script instead of the generic inst.
12 years ago
inst_simple "$moddir/crypt-lib.sh" "/lib/dracut-crypt-lib.sh"
90crypt: install crypt-run-generator in non-systemd environments
4 years ago
inst_script "$moddir/crypt-run-generator.sh" "/sbin/crypt-run-generator"
replaced check,install,installkernel with module-info.sh
14 years ago
Check for systemd before installing systemd specific files https://bugzilla.redhat.com/show_bug.cgi?id=1282010
9 years ago
if dracut_module_included "systemd"; then
90crypt: pull in remote-cryptsetup.target enablement This should've been part of #964. As mentioned there, the `initrd-cryptsetup.target` approach was reverted in the end, and we went back to relying in `remote-cryptsetup.target`: https://github.com/systemd/systemd/pull/17467 So we do need to ship the enablement symlink for it.
4 years ago
# the cryptsetup targets are already pulled in by 00systemd, but not
# the enablement symlinks
Check for systemd before installing systemd specific files https://bugzilla.redhat.com/show_bug.cgi?id=1282010
9 years ago
inst_multiple -o \
fix(crypt): include cryptsetups tmpfile
3 years ago
"$tmpfilesdir"/cryptsetup.conf \
fix(crypt): shellcheck for modules.d/90crypt
3 years ago
"$systemdutildir"/system-generators/systemd-cryptsetup-generator \
"$systemdutildir"/systemd-cryptsetup \
"$systemdsystemunitdir"/systemd-ask-password-console.path \
"$systemdsystemunitdir"/systemd-ask-password-console.service \
"$systemdsystemunitdir"/cryptsetup.target \
"$systemdsystemunitdir"/sysinit.target.wants/cryptsetup.target \
"$systemdsystemunitdir"/remote-cryptsetup.target \
"$systemdsystemunitdir"/initrd-root-device.target.wants/remote-cryptsetup.target \
style: shfmt reformat reproducible with: ``` $ shfmt_version=3.0.1 $ wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O shfmt $ chmod u+x shfmt $ ./shfmt -w . ```
3 years ago
systemd-ask-password systemd-tty-ask-password-agent
Check for systemd before installing systemd specific files https://bugzilla.redhat.com/show_bug.cgi?id=1282010
9 years ago
fi
crypt: do not cleanup in systemd mode
11 years ago
dracut_need_initqueue
crypt: add systemd crypt support
12 years ago
}