crypt: install /etc/crypttab and honor crypttab entries

16 years ago · 349bac4214
5 changed files with 39 additions and 4 deletions
--- a/dracut.8
+++ b/dracut.8
@ -146,6 +146,8 @@ disable crypto LUKS detection
				@@ -146,6 +146,8 @@ disable crypto LUKS detection
 .TP
 .B rd_LUKS_UUID=<luks uuid>
 only activate the LUKS partitions with the given UUID
+.B rd_NO_CRYPTTAB
+do not check if LUKS partition is in /etc/crypttab

 .SH MD
 .TP
--- a/modules.d/50plymouth/cryptroot-ask.sh
+++ b/modules.d/50plymouth/cryptroot-ask.sh
@ -10,6 +10,21 @@
				@@ -10,6 +10,21 @@
 [ -f /tmp/cryptroot-asked-$2 ] && exit 0

 . /lib/dracut-lib.sh
+
+luksname=$2
+
+if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
+    found=0
+    while read name dev rest; do
+	cdev=$(readlink -f $dev)
+	mdev=$(readlink -f $1)
+	if [ "$cdev" = "$mdev" ]; then
+	    luksname="$name"
+	    break
+	fi
+    done < /etc/crypttab
+fi
+
 LUKS=$(getargs rd_LUKS_UUID=)
 ask=1

@ -18,8 +33,9 @@ if [ -n "$LUKS" ]; then
				@@ -18,8 +33,9 @@ if [ -n "$LUKS" ]; then
    luuid=${2##luks-}
    for luks in $LUKS; do
 	luks=${luks##luks-}
-	if [ "${luuid##$luks}" != "$luuid" ]; then
+	if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then
 	    ask=1
+	    break
 	fi
    done
 fi
@ -30,7 +46,7 @@ if [ $ask -gt 0 ]; then
				@@ -30,7 +46,7 @@ if [ $ask -gt 0 ]; then
    { flock -s 9; 
 	/bin/plymouth ask-for-password \
 	    --prompt "$1 is password protected" \
-	    --command="/sbin/cryptsetup luksOpen -T1 $1 $2"
+	    --command="/sbin/cryptsetup luksOpen -T1 $1 $luksname"
    } 9>/.console.lock
 fi

--- a/modules.d/50plymouth/install
+++ b/modules.d/50plymouth/install
@ -13,3 +13,4 @@ inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh
				@@ -13,3 +13,4 @@ inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh
 inst_hook pre-trigger 10 "$moddir"/plymouth-pretrigger.sh
 inst_hook emergency 50 "$moddir"/plymouth-emergency.sh
 inst "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
+inst readlink
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@ -10,6 +10,20 @@
				@@ -10,6 +10,20 @@
 [ -f /tmp/cryptroot-asked-$2 ] && exit 0

 . /lib/dracut-lib.sh
+
+luksname=$2
+if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
+    found=0
+    while read name dev rest; do
+	cdev=$(readlink -f $dev)
+	mdev=$(readlink -f $1)
+	if [ "$cdev" = "$mdev" ]; then
+	    luksname="$name"
+	    break
+	fi
+    done < /etc/crypttab
+fi
+
 LUKS=$(getargs rd_LUKS_UUID=)
 ask=1

@ -18,8 +32,9 @@ if [ -n "$LUKS" ]; then
				@@ -18,8 +32,9 @@ if [ -n "$LUKS" ]; then
    luuid=${2##luks-}
    for luks in $LUKS; do
        luks=${luks##luks-}
-	if [ "${luuid##$luks}" != "$luuid" ]; then
+	if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then
 	    ask=1
+	    break
 	fi
    done
 fi
@ -29,7 +44,7 @@ if [ $ask -gt 0 ]; then
				@@ -29,7 +44,7 @@ if [ $ask -gt 0 ]; then
    # flock against other interactive activities
    { flock -s 9; 
 	echo -n "$1 is password protected " 
-	/sbin/cryptsetup luksOpen -T1 $1 $2 
+	/sbin/cryptsetup luksOpen -T1 $1 $luksname 
    } 9>/.console.lock
 fi

--- a/modules.d/90crypt/install
+++ b/modules.d/90crypt/install
@ -7,3 +7,4 @@ inst_hook cmdline 30 "$moddir/parse-crypt.sh"
				@@ -7,3 +7,4 @@ inst_hook cmdline 30 "$moddir/parse-crypt.sh"
 inst_hook pre-pivot 30 "$moddir/crypt-cleanup.sh"
 inst_hook pre-pivot 31 "$moddir/crypt-cleanup.sh"
 inst_rules 10-dm.rules 95-dm-notify.rules
+inst /etc/crypttab