crypt: assemble 70-luks.rules dynamically

modules.d/50plymouth/cryptroot-ask.sh

@@ -48,42 +48,20 @@ if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
     unset name dev rest
 fi
 
-LUKS=$(getargs rd_LUKS_UUID=)
-ask=1
-num=0
-if [ -n "$LUKS" ]; then
-    ask=0
-    luuid=${2##luks-}
-    for luks in $LUKS; do
-        num=$(($num+1))
-	luks=${luks##luks-}
-	if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" = "$luks" ]; then
-	    ask=1
-	fi
-        [ $num -ge 2 -a "$ask" = "1" ] && break
-    done
+prompt="Password [$device ($luksname)]:" 
+if [ ${#luksname} -gt 8 ]; then
+    sluksname=${sluksname##luks-}
+    sluksname=${luksname%%${luksname##????????}}
+    prompt="Password for $device ($sluksname...)"
 fi
-unset LUKS luks luuid
 
-if [ $ask -gt 0 ]; then
-    info "luksOpen $device $luksname"
-    if [ $num -eq 1 ]; then
-         prompt="Password for filesystem"
-    else
-         prompt="Password [$device ($luksname)]:" 
-         if [ ${#luksname} -gt 8 ]; then
-	     sluksname=${sluksname##luks-}
-             sluksname=${luksname%%${luksname##????????}}
-             prompt="Password for $device ($sluksname...)"
-         fi
-    fi
-    # flock against other interactive activities
-    { flock -s 9; 
-	/bin/plymouth ask-for-password \
-	    --prompt "$prompt" \
-	    --command="/sbin/cryptsetup luksOpen -T1 $device $luksname"
-    } 9>/.console.lock
-fi
+# flock against other interactive activities
+{ flock -s 9; 
+    /bin/plymouth ask-for-password \
+	--prompt "$prompt" \
+	--command="/sbin/cryptsetup luksOpen -T1 $device $luksname"
+} 9>/.console.lock
+
 unset ask device luksname
 
 # mark device as asked

modules.d/90crypt/crypt-cleanup.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 # close everything which is not busy
+rm -f /etc/udev/rules.d/70-luks.rules >/dev/null 2>&1
+
 for i in /dev/mapper/luks-*; do
     cryptsetup luksClose $i >/dev/null 2>&1
 done

modules.d/90crypt/cryptroot-ask.sh

@@ -51,29 +51,12 @@ if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
     unset name dev rest
 fi
 
-LUKS=$(getargs rd_LUKS_UUID=)
-ask=1
-if [ -n "$LUKS" ]; then
-    ask=0
-    luuid=${2##luks-}
-    for luks in $LUKS; do
-	luks=${luks##luks-}
-	if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" = "$luks" ]; then
-	    ask=1
-	    break
-	fi
-    done
-fi
-unset LUKS luks luuid
-
-if [ $ask -gt 0 ]; then
-    info "luksOpen $device $luksname"
-    # flock against other interactive activities
-    { flock -s 9; 
-	echo -n "$device ($luksname) is password protected"
-	cryptsetup luksOpen -T1 $1 $luksname 
-    } 9>/.console.lock
-fi
+info "luksOpen $device $luksname"
+# flock against other interactive activities
+{ flock -s 9; 
+    echo -n "$device ($luksname) is password protected"
+    cryptsetup luksOpen -T1 $1 $luksname 
+} 9>/.console.lock
 
 # mark device as asked
 >> /tmp/cryptroot-asked-$2

modules.d/90crypt/parse-crypt.sh

@@ -2,5 +2,22 @@
 if getarg rd_NO_LUKS; then
     info "rd_NO_LUKS: removing cryptoluks activation"
     rm -f /etc/udev/rules.d/70-luks.rules
+else
+    {
+	echo 'SUBSYSTEM!="block", GOTO="luks_end"'
+	echo 'ACTION!="add|change", GOTO="luks_end"'
+    } > /etc/udev/rules.d/70-luks.rules
+    LUKS=$(getargs rd_LUKS_UUID=)
+    if [ -n "$LUKS" ]; then
+	for luksid in $LUKS; do 
+	printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", ENV{ID_FS_UUID}=="*%s*", RUN+="/sbin/initqueue --unique --onetime --name cryptroot-ask-%%k /sbin/cryptroot-ask $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $luksid \
+	    >> /etc/udev/rules.d/70-luks.rules	
+	done
+    else
+	echo 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue --unique --onetime --name cryptroot-ask-%k /sbin/cryptroot-ask $env{DEVNAME} luks-$env{ID_FS_UUID}"' \
+	    >> /etc/udev/rules.d/70-luks.rules	
+    fi
+    echo LABEL="luks_end" >> /etc/udev/rules.d/70-luks.rules
+
 fi