kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

cryptroot-ask.sh: use key file, if specified in crypttab and present 

if a key file is specified in crypttab and present in the initramfs use
it to open the device.

https://bugzilla.redhat.com/show_bug.cgi?id=751640
master
Harald Hoyer 13 years ago
parent
dd03dea22e
commit
4e05cb4023
1 changed files with 37 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 67
      modules.d/90crypt/cryptroot-ask.sh

67
modules.d/90crypt/cryptroot-ask.sh
Unescape View File

@ -34,7 +34,7 @@ fi


# TODO: improve to support what cmdline does # TODO: improve to support what cmdline does
if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then
while read name dev rest; do while read name dev luksfile rest; do
# ignore blank lines and comments # ignore blank lines and comments
if [ -z "$name" -o "${name#\#}" != "$name" ]; then if [ -z "$name" -o "${name#\#}" != "$name" ]; then
continue continue
@ -64,37 +64,44 @@ fi
# Open LUKS device # Open LUKS device
# #


info "luksOpen $device $luksname" info "luksOpen $device $luksname $luksfile"


while [ -n "$(getarg rd.luks.key)" ]; do if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
if tmp=$(getkey /tmp/luks.keys $device); then if cryptsetup --key-file "$luksfile" luksOpen "$device" "$luksname"; then
keydev="${tmp%%:*}" ask_passphrase=0
keypath="${tmp#*:}" fi
else else
if [ $# -eq 3 ]; then while [ -n "$(getarg rd.luks.key)" ]; do
if [ $3 -eq 0 ]; then if tmp=$(getkey /tmp/luks.keys $device); then
info "No key found for $device. Fallback to passphrase mode." keydev="${tmp%%:*}"
break keypath="${tmp#*:}"
fi
info "No key found for $device. Will try $3 time(s) more later."
set -- "$1" "$2" "$(($3 - 1))"
else else
info "No key found for $device. Will try later." if [ $# -eq 3 ]; then
if [ $3 -eq 0 ]; then
info "No key found for $device. Fallback to passphrase mode."
break
fi
info "No key found for $device. Will try $3 time(s) more later."
set -- "$1" "$2" "$(($3 - 1))"
else
info "No key found for $device. Will try later."
fi
initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@"
exit 0
fi fi
initqueue --unique --onetime --settled \ unset tmp
--name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@" info "Using '$keypath' on '$keydev'"
exit 0 readkey "$keypath" "$keydev" "$device" \
fi | cryptsetup -d - luksOpen "$device" "$luksname"
unset tmp unset keypath keydev

ask_passphrase=0
info "Using '$keypath' on '$keydev'" break
readkey "$keypath" "$keydev" "$device" \ done
| cryptsetup -d - luksOpen "$device" "$luksname" fi
unset keypath keydev
ask_passphrase=0
break
done
if [ $ask_passphrase -ne 0 ]; then if [ $ask_passphrase -ne 0 ]; then
luks_open="$(command -v cryptsetup) luksOpen" luks_open="$(command -v cryptsetup) luksOpen"
ask_for_password --ply-tries 5 \ ask_for_password --ply-tries 5 \
@ -105,7 +112,7 @@ if [ $ask_passphrase -ne 0 ]; then
unset luks_open unset luks_open
fi fi


unset device luksname unset device luksname luksfile


# mark device as asked # mark device as asked
>> /tmp/cryptroot-asked-$2 >> /tmp/cryptroot-asked-$2

Write Preview
Loading…
Cancel
Save