kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cryptroot-ask.sh: use key file, if specified in crypttab and present 

if a key file is specified in crypttab and present in the initramfs use
it to open the device.

https://bugzilla.redhat.com/show_bug.cgi?id=751640
master
Harald Hoyer 2011-11-16 11:36:46 +01:00
parent dd03dea22e
commit 4e05cb4023
1 changed files with 37 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
modules.d/90crypt/cryptroot-ask.sh
View File

@ -34,7 +34,7 @@ fi


# TODO: improve to support what cmdline does # TODO: improve to support what cmdline does
if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then
while read name dev rest; do while read name dev luksfile rest; do
# ignore blank lines and comments # ignore blank lines and comments
if [ -z "$name" -o "${name#\#}" != "$name" ]; then if [ -z "$name" -o "${name#\#}" != "$name" ]; then
continue continue
@ -64,37 +64,44 @@ fi
# Open LUKS device # Open LUKS device
# #


info "luksOpen $device $luksname" info "luksOpen $device $luksname $luksfile"


while [ -n "$(getarg rd.luks.key)" ]; do if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
if tmp=$(getkey /tmp/luks.keys $device); then if cryptsetup --key-file "$luksfile" luksOpen "$device" "$luksname"; then
keydev="${tmp%%:*}" ask_passphrase=0
keypath="${tmp#*:}"
else
if [ $# -eq 3 ]; then
if [ $3 -eq 0 ]; then
info "No key found for $device. Fallback to passphrase mode."
break
fi
info "No key found for $device. Will try $3 time(s) more later."
set -- "$1" "$2" "$(($3 - 1))"
else
info "No key found for $device. Will try later."
fi
initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@"
exit 0
fi fi
unset tmp else
while [ -n "$(getarg rd.luks.key)" ]; do
if tmp=$(getkey /tmp/luks.keys $device); then
keydev="${tmp%%:*}"
keypath="${tmp#*:}"
else
if [ $# -eq 3 ]; then
if [ $3 -eq 0 ]; then
info "No key found for $device. Fallback to passphrase mode."
break
fi
info "No key found for $device. Will try $3 time(s) more later."
set -- "$1" "$2" "$(($3 - 1))"
else
info "No key found for $device. Will try later."
fi
initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@"
exit 0
fi
unset tmp

info "Using '$keypath' on '$keydev'"
readkey "$keypath" "$keydev" "$device" \
| cryptsetup -d - luksOpen "$device" "$luksname"
unset keypath keydev
ask_passphrase=0
break
done
fi


info "Using '$keypath' on '$keydev'"
readkey "$keypath" "$keydev" "$device" \
| cryptsetup -d - luksOpen "$device" "$luksname"
unset keypath keydev
ask_passphrase=0
break
done
if [ $ask_passphrase -ne 0 ]; then if [ $ask_passphrase -ne 0 ]; then
luks_open="$(command -v cryptsetup) luksOpen" luks_open="$(command -v cryptsetup) luksOpen"
ask_for_password --ply-tries 5 \ ask_for_password --ply-tries 5 \
@ -105,7 +112,7 @@ if [ $ask_passphrase -ne 0 ]; then
unset luks_open unset luks_open
fi fi


unset device luksname unset device luksname luksfile


# mark device as asked # mark device as asked
>> /tmp/cryptroot-asked-$2 >> /tmp/cryptroot-asked-$2