kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix(crypt): shellcheck for modules.d/90crypt

master
Harald Hoyer 4 years ago committed by Harald Hoyer
parent
e25c536c70
commit
682b297207
7 changed files with 73 additions and 67 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 0
      modules.d/90crypt/.shchkdir
  2. 2
      modules.d/90crypt/crypt-cleanup.sh
  3. 31
      modules.d/90crypt/crypt-lib.sh
  4. 29
      modules.d/90crypt/cryptroot-ask.sh
  5. 50
      modules.d/90crypt/module-setup.sh
  6. 24
      modules.d/90crypt/parse-crypt.sh
  7. 4
      modules.d/90crypt/parse-keydev.sh

0
modules.d/90crypt/.shchkdir
Unescape View File

2
modules.d/90crypt/crypt-cleanup.sh
Unescape View File

@ -7,7 +7,7 @@ if ! getarg rd.luks.uuid -d rd_LUKS_UUID > /dev/null 2>&1 && getargbool 1 rd.luk
while true; do while true; do
local do_break="y" local do_break="y"
for i in /dev/mapper/luks-*; do for i in /dev/mapper/luks-*; do
cryptsetup luksClose $i > /dev/null 2>&1 && do_break=n cryptsetup luksClose "$i" > /dev/null 2>&1 && do_break=n
done done
[ "$do_break" = "y" ] && break [ "$do_break" = "y" ] && break
done done

31
modules.d/90crypt/crypt-lib.sh
Unescape View File

@ -8,11 +8,11 @@ crypttab_contains() {
local dev="$2" local dev="$2"
local l d rest local l d rest
if [ -f /etc/crypttab ]; then if [ -f /etc/crypttab ]; then
while read l d rest || [ -n "$l" ]; do while read -r l d rest || [ -n "$l" ]; do
strstr "${l##luks-}" "${luks##luks-}" && return 0 strstr "${l##luks-}" "${luks##luks-}" && return 0
strstr "$d" "${luks##luks-}" && return 0 strstr "$d" "${luks##luks-}" && return 0
if [ -n "$dev" ]; then if [ -n "$dev" ]; then
for _dev in $(devnames $d); do for _dev in $(devnames "$d"); do
[ "$dev" -ef "$_dev" ] && return 0 [ "$dev" -ef "$_dev" ] && return 0
done done
fi fi
@ -21,7 +21,7 @@ crypttab_contains() {
_line=$(sed -n "\,^$d .*$,{p}" /etc/block_uuid.map) _line=$(sed -n "\,^$d .*$,{p}" /etc/block_uuid.map)
[ -z "$_line" ] && continue [ -z "$_line" ] && continue
# get second column with uuid # get second column with uuid
_uuid="$(echo $_line | sed 's,^.* \(.*$\),\1,')" _uuid="$(echo "$_line" | sed 's,^.* \(.*$\),\1,')"
strstr "$_uuid" "${luks##luks-}" && return 0 strstr "$_uuid" "${luks##luks-}" && return 0
fi fi
done < /etc/crypttab done < /etc/crypttab
@ -49,9 +49,6 @@ crypttab_contains() {
# Turn off input echo before tty command is executed and turn on after. # Turn off input echo before tty command is executed and turn on after.
# It's useful when password is read from stdin. # It's useful when password is read from stdin.
ask_for_password() { ask_for_password() {
local cmd
local prompt
local tries=3
local ply_cmd local ply_cmd
local ply_prompt local ply_prompt
local ply_tries=3 local ply_tries=3
@ -111,7 +108,7 @@ ask_for_password() {
# Prompt for password with plymouth, if installed and running. # Prompt for password with plymouth, if installed and running.
if type plymouth > /dev/null 2>&1 && plymouth --ping 2> /dev/null; then if type plymouth > /dev/null 2>&1 && plymouth --ping 2> /dev/null; then
plymouth ask-for-password \ plymouth ask-for-password \
--prompt "$ply_prompt" --number-of-tries=$ply_tries \ --prompt "$ply_prompt" --number-of-tries="$ply_tries" \
--command="$ply_cmd" --command="$ply_cmd"
ret=$? ret=$?
else else
@ -121,16 +118,16 @@ ask_for_password() {
fi fi


local i=1 local i=1
while [ $i -le $tty_tries ]; do while [ $i -le "$tty_tries" ]; do
[ -n "$tty_prompt" ] \ [ -n "$tty_prompt" ] \
&& printf "$tty_prompt [$i/$tty_tries]:" >&2 && printf "%s" "$tty_prompt [$i/$tty_tries]:" >&2
eval "$tty_cmd" && ret=0 && break eval "$tty_cmd" && ret=0 && break
ret=$? ret=$?
i=$((i + 1)) i=$((i + 1))
[ -n "$tty_prompt" ] && printf '\n' >&2 [ -n "$tty_prompt" ] && printf '\n' >&2
done done


[ "$tty_echo_off" = yes ] && stty $stty_orig [ "$tty_echo_off" = yes ] && stty "$stty_orig"
fi fi
} 9> /.console_lock } 9> /.console_lock


@ -148,14 +145,14 @@ test_dev() {
local dev="$2" local dev="$2"
local f="$3" local f="$3"
local ret=1 local ret=1
local mount_point=$(mkuniqdir /mnt testdev) local mount_point
local path


mount_point=$(mkuniqdir /mnt testdev)
[ -n "$dev" -a -n "$*" ] || return 1 [ -n "$dev" -a -n "$*" ] || return 1
[ -d "$mount_point" ] || die 'Mount point does not exist!' [ -d "$mount_point" ] || die 'Mount point does not exist!'


if mount -r "$dev" "$mount_point" > /dev/null 2>&1; then if mount -r "$dev" "$mount_point" > /dev/null 2>&1; then
test $test_op "${mount_point}/${f}" test "$test_op" "${mount_point}/${f}"
ret=$? ret=$?
umount "$mount_point" umount "$mount_point"
fi fi
@ -212,8 +209,7 @@ getkey() {
[ -z "$keys_file" -o -z "$for_dev" ] && die 'getkey: wrong usage!' [ -z "$keys_file" -o -z "$for_dev" ] && die 'getkey: wrong usage!'
[ -f "$keys_file" ] || return 1 [ -f "$keys_file" ] || return 1


local IFS=: while IFS=: read -r luks_dev key_dev key_path _ || [ -n "$luks_dev" ]; do
while read luks_dev key_dev key_path || [ -n "$luks_dev" ]; do
if match_dev "$luks_dev" "$for_dev"; then if match_dev "$luks_dev" "$for_dev"; then
echo "${key_dev}:${key_path}" echo "${key_dev}:${key_path}"
return 0 return 0
@ -241,7 +237,8 @@ readkey() {
# This creates a unique single mountpoint for *, or several for explicitly # This creates a unique single mountpoint for *, or several for explicitly
# given LUKS devices. It accomplishes unlocking multiple LUKS devices with # given LUKS devices. It accomplishes unlocking multiple LUKS devices with
# a single password entry. # a single password entry.
local mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')" local mntp
mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"


if [ ! -d "$mntp" ]; then if [ ! -d "$mntp" ]; then
mkdir -p "$mntp" mkdir -p "$mntp"
@ -262,7 +259,7 @@ readkey() {
if [ -f /lib/dracut-crypt-loop-lib.sh ]; then if [ -f /lib/dracut-crypt-loop-lib.sh ]; then
. /lib/dracut-crypt-loop-lib.sh . /lib/dracut-crypt-loop-lib.sh
loop_decrypt "$mntp" "$keypath" "$keydev" "$device" loop_decrypt "$mntp" "$keypath" "$keydev" "$device"
printf "%s\n" "umount \"$mntp\"; rmdir \"$mntp\";" > ${hookdir}/cleanup/"crypt-loop-cleanup-99-${mntp##*/}".sh printf "%s\n" "umount \"$mntp\"; rmdir \"$mntp\";" > "${hookdir}/cleanup/crypt-loop-cleanup-99-${mntp##*/}".sh
return 0 return 0
else else
die "No loop file support to decrypt '$keypath' on '$keydev'." die "No loop file support to decrypt '$keypath' on '$keydev'."

29
modules.d/90crypt/cryptroot-ask.sh
Unescape View File

@ -4,7 +4,7 @@ PATH=/usr/sbin:/usr/bin:/sbin:/bin
NEWROOT=${NEWROOT:-"/sysroot"} NEWROOT=${NEWROOT:-"/sysroot"}


# do not ask, if we already have root # do not ask, if we already have root
[ -f $NEWROOT/proc ] && exit 0 [ -f "$NEWROOT"/proc ] && exit 0


. /lib/dracut-lib.sh . /lib/dracut-lib.sh


@ -28,7 +28,7 @@ numtries=${4:-10}


# TODO: improve to support what cmdline does # TODO: improve to support what cmdline does
if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; then if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; then
while read name dev luksfile luksoptions || [ -n "$name" ]; do while read -r name dev luksfile luksoptions || [ -n "$name" ]; do
# ignore blank lines and comments # ignore blank lines and comments
if [ -z "$name" -o "${name#\#}" != "$name" ]; then if [ -z "$name" -o "${name#\#}" != "$name" ]; then
continue continue
@ -57,8 +57,8 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; t


# path used in crypttab # path used in crypttab
else else
cdev=$(readlink -f $dev) cdev=$(readlink -f "$dev")
mdev=$(readlink -f $device) mdev=$(readlink -f "$device")
if [ "$cdev" = "$mdev" ]; then if [ "$cdev" = "$mdev" ]; then
luksname="$name" luksname="$name"
break break
@ -69,11 +69,11 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; t
fi fi


# check if destination already exists # check if destination already exists
[ -b /dev/mapper/$luksname ] && exit 0 [ -b /dev/mapper/"$luksname" ] && exit 0


# we already asked for this device # we already asked for this device
asked_file=/tmp/cryptroot-asked-$luksname asked_file=/tmp/cryptroot-asked-$luksname
[ -f $asked_file ] && exit 0 [ -f "$asked_file" ] && exit 0


# load dm_crypt if it is not already loaded # load dm_crypt if it is not already loaded
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt [ -d /sys/module/dm_crypt ] || modprobe dm_crypt
@ -88,6 +88,7 @@ info "luksOpen $device $luksname $luksfile $luksoptions"


OLD_IFS="$IFS" OLD_IFS="$IFS"
IFS=, IFS=,
# shellcheck disable=SC2086
set -- $luksoptions set -- $luksoptions
IFS="$OLD_IFS" IFS="$OLD_IFS"


@ -138,33 +139,33 @@ ask_passphrase=1


if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
if readkey "$luksfile" / "$device" \ if readkey "$luksfile" / "$device" \
| cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"; then | cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname"; then
ask_passphrase=0 ask_passphrase=0
fi fi
elif [ "$is_keysource" -ne 0 ]; then elif [ "$is_keysource" -ne 0 ]; then
info "Asking for passphrase because $device is a keysource." info "Asking for passphrase because $device is a keysource."
else else
while [ -n "$(getarg rd.luks.key)" ]; do while [ -n "$(getarg rd.luks.key)" ]; do
if tmp=$(getkey /tmp/luks.keys $device); then if tmp=$(getkey /tmp/luks.keys "$device"); then
keydev="${tmp%%:*}" keydev="${tmp%%:*}"
keypath="${tmp#*:}" keypath="${tmp#*:}"
else else
if [ $numtries -eq 0 ]; then if [ "$numtries" -eq 0 ]; then
warn "No key found for $device. Fallback to passphrase mode." warn "No key found for $device. Fallback to passphrase mode."
break break
fi fi
sleep 1 sleep 1
info "No key found for $device. Will try $numtries time(s) more later." info "No key found for $device. Will try $numtries time(s) more later."
initqueue --unique --onetime --settled \ initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \ --name cryptroot-ask-"$luksname" \
$(command -v cryptroot-ask) "$device" "$luksname" "$is_keysource" "$((numtries - 1))" "$(command -v cryptroot-ask)" "$device" "$luksname" "$is_keysource" "$((numtries - 1))"
exit 0 exit 0
fi fi
unset tmp unset tmp


info "Using '$keypath' on '$keydev'" info "Using '$keypath' on '$keydev'"
readkey "$keypath" "$keydev" "$device" \ readkey "$keypath" "$keydev" "$device" \
| cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname" \ | cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname" \
&& ask_passphrase=0 && ask_passphrase=0
unset keypath keydev unset keypath keydev
break break
@ -184,7 +185,7 @@ if [ $ask_passphrase -ne 0 ]; then
unset _timeout unset _timeout
fi fi


if [ "$is_keysource" -ne 0 -a ${luksname##luks-} != "$luksname" ]; then if [ "$is_keysource" -ne 0 -a "${luksname##luks-}" != "$luksname" ]; then
luks_close="$(command -v cryptsetup) close" luks_close="$(command -v cryptsetup) close"
{ {
printf -- '[ -e /dev/mapper/%s ] && ' "$luksname" printf -- '[ -e /dev/mapper/%s ] && ' "$luksname"
@ -196,7 +197,7 @@ fi
unset device luksname luksfile unset device luksname luksfile


# mark device as asked # mark device as asked
>> $asked_file : >> "$asked_file"


need_shutdown need_shutdown
udevsettle udevsettle

50
modules.d/90crypt/module-setup.sh
Unescape View File

@ -2,9 +2,9 @@


# called by dracut # called by dracut
check() { check() {
local _rootdev local fs
# if cryptsetup is not installed, then we cannot support encrypted devices. # if cryptsetup is not installed, then we cannot support encrypted devices.
require_any_binary $systemdutildir/systemd-cryptsetup cryptsetup || return 1 require_any_binary "$systemdutildir"/systemd-cryptsetup cryptsetup || return 1


[[ $hostonly ]] || [[ $mount_needs ]] && { [[ $hostonly ]] || [[ $mount_needs ]] && {
for fs in "${host_fs_types[@]}"; do for fs in "${host_fs_types[@]}"; do
@ -33,20 +33,18 @@ installkernel() {
[[ $hostonly ]] || [[ $mount_needs ]] && { [[ $hostonly ]] || [[ $mount_needs ]] && {
# dmsetup returns s.th. like # dmsetup returns s.th. like
# cryptvol: 0 2064384 crypt aes-xts-plain64 :64:logon:cryptsetup:.... # cryptvol: 0 2064384 crypt aes-xts-plain64 :64:logon:cryptsetup:....
dmsetup table | while read name _ _ is_crypt cipher _; do dmsetup table | while read -r name _ _ is_crypt cipher _; do
[[ $is_crypt != "crypt" ]] && continue [[ $is_crypt == "crypt" ]] || continue
# get the device name # get the device name
name=/dev/$(dmsetup info -c --noheadings -o blkdevname ${name%:}) name=/dev/$(dmsetup info -c --noheadings -o blkdevname "${name%:}")
# check if the device exists as a key in our host_fs_types # check if the device exists as a key in our host_fs_types (even with null string)
# shellcheck disable=SC2030 # this is a shellcheck bug
if [[ ${host_fs_types[$name]+_} ]]; then if [[ ${host_fs_types[$name]+_} ]]; then
# split the cipher aes-xts-plain64 in pieces # split the cipher aes-xts-plain64 in pieces
_OLD_IFS=$IFS IFS='-:' read -ra mods <<< "$cipher"
IFS='-:'
set -- $cipher
IFS=$_OLD_IFS
# try to load the cipher part with "crypto-" prepended # try to load the cipher part with "crypto-" prepended
# in non-hostonly mode # in non-hostonly mode
hostonly= instmods $(for k in "$@"; do echo "crypto-$k"; done) hostonly='' instmods "${mods[@]/#/crypto-}" "crypto-$cipher"
fi fi
done done
} }
@ -60,9 +58,9 @@ cmdline() {
[[ ${host_fs_types[$dev]} != "crypto_LUKS" ]] && continue [[ ${host_fs_types[$dev]} != "crypto_LUKS" ]] && continue


UUID=$( UUID=$(
blkid -u crypto -o export $dev \ blkid -u crypto -o export "$dev" \
| while read line || [ -n "$line" ]; do | while read -r line || [ -n "$line" ]; do
[[ ${line#UUID} == $line ]] && continue [[ ${line#UUID} == "$line" ]] && continue
printf "%s" "${line#UUID=}" printf "%s" "${line#UUID=}"
break break
done done
@ -76,7 +74,8 @@ cmdline() {
install() { install() {


if [[ $hostonly_cmdline == "yes" ]]; then if [[ $hostonly_cmdline == "yes" ]]; then
local _cryptconf=$(cmdline) local _cryptconf
_cryptconf=$(cmdline)
[[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf" [[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf"
fi fi


@ -91,7 +90,7 @@ install() {


if [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/crypttab ]]; then if [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/crypttab ]]; then
# filter /etc/crypttab for the devices we need # filter /etc/crypttab for the devices we need
while read _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do while read -r _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
[[ $_mapper == \#* ]] && continue [[ $_mapper == \#* ]] && continue
[[ $_dev ]] || continue [[ $_dev ]] || continue


@ -104,12 +103,13 @@ install() {
[[ $_dev == ID=* ]] \ [[ $_dev == ID=* ]] \
&& _dev="/dev/disk/by-id/${_dev#ID=}" && _dev="/dev/disk/by-id/${_dev#ID=}"


echo "$_dev $(blkid $_dev -s UUID -o value)" >> "${initdir}/etc/block_uuid.map" echo "$_dev $(blkid "$_dev" -s UUID -o value)" >> "${initdir}/etc/block_uuid.map"


# loop through the options to check for the force option # loop through the options to check for the force option
luksoptions=${_luksoptions} luksoptions=${_luksoptions}
OLD_IFS="${IFS}" OLD_IFS="${IFS}"
IFS=, IFS=,
# shellcheck disable=SC2086
set -- ${luksoptions} set -- ${luksoptions}
IFS="${OLD_IFS}" IFS="${OLD_IFS}"


@ -147,14 +147,14 @@ install() {
# the cryptsetup targets are already pulled in by 00systemd, but not # the cryptsetup targets are already pulled in by 00systemd, but not
# the enablement symlinks # the enablement symlinks
inst_multiple -o \ inst_multiple -o \
$systemdutildir/system-generators/systemd-cryptsetup-generator \ "$systemdutildir"/system-generators/systemd-cryptsetup-generator \
$systemdutildir/systemd-cryptsetup \ "$systemdutildir"/systemd-cryptsetup \
$systemdsystemunitdir/systemd-ask-password-console.path \ "$systemdsystemunitdir"/systemd-ask-password-console.path \
$systemdsystemunitdir/systemd-ask-password-console.service \ "$systemdsystemunitdir"/systemd-ask-password-console.service \
$systemdsystemunitdir/cryptsetup.target \ "$systemdsystemunitdir"/cryptsetup.target \
$systemdsystemunitdir/sysinit.target.wants/cryptsetup.target \ "$systemdsystemunitdir"/sysinit.target.wants/cryptsetup.target \
$systemdsystemunitdir/remote-cryptsetup.target \ "$systemdsystemunitdir"/remote-cryptsetup.target \
$systemdsystemunitdir/initrd-root-device.target.wants/remote-cryptsetup.target \ "$systemdsystemunitdir"/initrd-root-device.target.wants/remote-cryptsetup.target \
systemd-ask-password systemd-tty-ask-password-agent systemd-ask-password systemd-tty-ask-password-agent
fi fi



24
modules.d/90crypt/parse-crypt.sh
Unescape View File

@ -48,7 +48,7 @@ else
is_keysource=0 is_keysource=0
_uuid=$uuid _uuid=$uuid
uuid=${uuid#keysource:} uuid=${uuid#keysource:}
[ $uuid != $_uuid ] && is_keysource=1 [ "$uuid" != "$_uuid" ] && is_keysource=1
unset _uuid unset _uuid


uuid=${uuid##luks-} uuid=${uuid##luks-}
@ -63,10 +63,12 @@ else
printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid" printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)" printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$is_keysource" "$tout" # shellcheck disable=SC2016
printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout"
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new
else else
luksname=$(dev_unit_name "$luksname") luksname=$(dev_unit_name "$luksname")
# shellcheck disable=SC1003
luksname="$(str_replace "$luksname" '\' '\\')" luksname="$(str_replace "$luksname" '\' '\\')"


if ! crypttab_contains "$uuid"; then if ! crypttab_contains "$uuid"; then
@ -86,7 +88,7 @@ else
is_keysource=0 is_keysource=0
_serialid=$serialid _serialid=$serialid
serialid=${serialid#keysource:} serialid=${serialid#keysource:}
[ $serialid != $_serialid ] && is_keysource=1 [ "$serialid" != "$_serialid" ] && is_keysource=1
unset _serialid unset _serialid


serialid=${serialid##luks-} serialid=${serialid##luks-}
@ -101,10 +103,12 @@ else
printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid" printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)" printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$is_keysource" "$tout" # shellcheck disable=SC2016
printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout"
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new
else else
luksname=$(dev_unit_name "$luksname") luksname=$(dev_unit_name "$luksname")
# shellcheck disable=SC1003
luksname="$(str_replace "$luksname" '\' '\\')" luksname="$(str_replace "$luksname" '\' '\\')"


if ! crypttab_contains "$serialid"; then if ! crypttab_contains "$serialid"; then
@ -124,7 +128,7 @@ else
is_keysource=0 is_keysource=0
_luksid=$luksid _luksid=$luksid
luksid=${luksid#keysource:} luksid=${luksid#keysource:}
[ $luksid != $_luksid ] && is_keysource=1 [ "$luksid" != "$_luksid" ] && is_keysource=1
unset _luksid unset _luksid


luksid=${luksid##luks-} luksid=${luksid##luks-}
@ -140,10 +144,12 @@ else
printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid" printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid"
printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)" printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
# shellcheck disable=SC2016
printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout" printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout"
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new
else else
luksname=$(dev_unit_name "$luksname") luksname=$(dev_unit_name "$luksname")
# shellcheck disable=SC1003
luksname="$(str_replace "$luksname" '\' '\\')" luksname="$(str_replace "$luksname" '\' '\\')"


if ! crypttab_contains "$luksid"; then if ! crypttab_contains "$luksid"; then
@ -160,11 +166,11 @@ else
if [ $is_keysource -eq 0 ]; then if [ $is_keysource -eq 0 ]; then
uuid=$luksid uuid=$luksid
while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done
printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' $uuid \ printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' "$uuid" \
>> "$hookdir/initqueue/finished/90-crypt.sh" >> "$hookdir/initqueue/finished/90-crypt.sh"
{ {
printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' $luksid printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' "$luksid"
printf -- 'warn "crypto LUKS UUID "%s" not found"\n' $luksid printf -- 'warn "crypto LUKS UUID "%s" not found"\n' "$luksid"
} >> "$hookdir/emergency/90-crypt.sh" } >> "$hookdir/emergency/90-crypt.sh"
fi fi
done done
@ -173,12 +179,14 @@ else
{ {
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)" printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
printf -- '--unique --settled --onetime --name cryptroot-ask-%%k ' printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
# shellcheck disable=SC2016
printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' "$(command -v cryptroot-ask)" "$tout" printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' "$(command -v cryptroot-ask)" "$tout"
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new
else else
{ {
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)" printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
printf -- '--unique --settled --onetime --name crypt-run-generator-%%k ' printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '
# shellcheck disable=SC2016
printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)" printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)"
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new
fi fi

4
modules.d/90crypt/parse-keydev.sh
Unescape View File

@ -31,10 +31,10 @@ if getargbool 1 rd.luks -n rd_NO_LUKS \
fi fi


{ {
printf -- 'RUN+="%s --unique --onetime ' $(command -v initqueue) printf -- 'RUN+="%s --unique --onetime ' "$(command -v initqueue)"
printf -- '--name probe-keydev-%%k ' printf -- '--name probe-keydev-%%k '
printf -- '%s /dev/%%k %s %s"\n' \ printf -- '%s /dev/%%k %s %s"\n' \
$(command -v probe-keydev) "${keypath}" "${luksdev}" "$(command -v probe-keydev)" "${keypath}" "${luksdev}"
} >&7 } >&7
done done
unset arg keypath keydev luksdev unset arg keypath keydev luksdev

Write Preview
Loading…
Cancel
Save