diff --git a/dracut.8 b/dracut.8 index 155c4719..4a117e62 100644 --- a/dracut.8 +++ b/dracut.8 @@ -146,6 +146,8 @@ disable crypto LUKS detection .TP .B rd_LUKS_UUID= only activate the LUKS partitions with the given UUID +.B rd_NO_CRYPTTAB +do not check if LUKS partition is in /etc/crypttab .SH MD .TP diff --git a/modules.d/50plymouth/cryptroot-ask.sh b/modules.d/50plymouth/cryptroot-ask.sh index ff286601..b0599af6 100755 --- a/modules.d/50plymouth/cryptroot-ask.sh +++ b/modules.d/50plymouth/cryptroot-ask.sh @@ -10,6 +10,21 @@ [ -f /tmp/cryptroot-asked-$2 ] && exit 0 . /lib/dracut-lib.sh + +luksname=$2 + +if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then + found=0 + while read name dev rest; do + cdev=$(readlink -f $dev) + mdev=$(readlink -f $1) + if [ "$cdev" = "$mdev" ]; then + luksname="$name" + break + fi + done < /etc/crypttab +fi + LUKS=$(getargs rd_LUKS_UUID=) ask=1 @@ -18,8 +33,9 @@ if [ -n "$LUKS" ]; then luuid=${2##luks-} for luks in $LUKS; do luks=${luks##luks-} - if [ "${luuid##$luks}" != "$luuid" ]; then + if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then ask=1 + break fi done fi @@ -30,7 +46,7 @@ if [ $ask -gt 0 ]; then { flock -s 9; /bin/plymouth ask-for-password \ --prompt "$1 is password protected" \ - --command="/sbin/cryptsetup luksOpen -T1 $1 $2" + --command="/sbin/cryptsetup luksOpen -T1 $1 $luksname" } 9>/.console.lock fi diff --git a/modules.d/50plymouth/install b/modules.d/50plymouth/install index 96cb818c..86d8efd7 100755 --- a/modules.d/50plymouth/install +++ b/modules.d/50plymouth/install @@ -13,3 +13,4 @@ inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh inst_hook pre-trigger 10 "$moddir"/plymouth-pretrigger.sh inst_hook emergency 50 "$moddir"/plymouth-emergency.sh inst "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask +inst readlink \ No newline at end of file diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh index f945d543..3a20d22f 100755 --- a/modules.d/90crypt/cryptroot-ask.sh +++ b/modules.d/90crypt/cryptroot-ask.sh @@ -10,6 +10,20 @@ [ -f /tmp/cryptroot-asked-$2 ] && exit 0 . /lib/dracut-lib.sh + +luksname=$2 +if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then + found=0 + while read name dev rest; do + cdev=$(readlink -f $dev) + mdev=$(readlink -f $1) + if [ "$cdev" = "$mdev" ]; then + luksname="$name" + break + fi + done < /etc/crypttab +fi + LUKS=$(getargs rd_LUKS_UUID=) ask=1 @@ -18,8 +32,9 @@ if [ -n "$LUKS" ]; then luuid=${2##luks-} for luks in $LUKS; do luks=${luks##luks-} - if [ "${luuid##$luks}" != "$luuid" ]; then + if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then ask=1 + break fi done fi @@ -29,7 +44,7 @@ if [ $ask -gt 0 ]; then # flock against other interactive activities { flock -s 9; echo -n "$1 is password protected " - /sbin/cryptsetup luksOpen -T1 $1 $2 + /sbin/cryptsetup luksOpen -T1 $1 $luksname } 9>/.console.lock fi diff --git a/modules.d/90crypt/install b/modules.d/90crypt/install index 17fba37c..2bfb0a84 100755 --- a/modules.d/90crypt/install +++ b/modules.d/90crypt/install @@ -7,3 +7,4 @@ inst_hook cmdline 30 "$moddir/parse-crypt.sh" inst_hook pre-pivot 30 "$moddir/crypt-cleanup.sh" inst_hook pre-pivot 31 "$moddir/crypt-cleanup.sh" inst_rules 10-dm.rules 95-dm-notify.rules +inst /etc/crypttab