fix(crypt): shellcheck for modules.d/90crypt
Harald Hoyer
Harald Hoyer
parent
e25c536c70
commit
682b297207
|
|
@ -7,7 +7,7 @@ if ! getarg rd.luks.uuid -d rd_LUKS_UUID > /dev/null 2>&1 && getargbool 1 rd.luk
|
|||
while true; do
|
||||
local do_break="y"
|
||||
for i in /dev/mapper/luks-*; do
|
||||
cryptsetup luksClose $i > /dev/null 2>&1 && do_break=n
|
||||
cryptsetup luksClose "$i" > /dev/null 2>&1 && do_break=n
|
||||
done
|
||||
[ "$do_break" = "y" ] && break
|
||||
done
|
||||
|
|
|
|||
|
|
@ -8,11 +8,11 @@ crypttab_contains() {
|
|||
local dev="$2"
|
||||
local l d rest
|
||||
if [ -f /etc/crypttab ]; then
|
||||
while read l d rest || [ -n "$l" ]; do
|
||||
while read -r l d rest || [ -n "$l" ]; do
|
||||
strstr "${l##luks-}" "${luks##luks-}" && return 0
|
||||
strstr "$d" "${luks##luks-}" && return 0
|
||||
if [ -n "$dev" ]; then
|
||||
for _dev in $(devnames $d); do
|
||||
for _dev in $(devnames "$d"); do
|
||||
[ "$dev" -ef "$_dev" ] && return 0
|
||||
done
|
||||
fi
|
||||
|
|
@ -21,7 +21,7 @@ crypttab_contains() {
|
|||
_line=$(sed -n "\,^$d .*$,{p}" /etc/block_uuid.map)
|
||||
[ -z "$_line" ] && continue
|
||||
# get second column with uuid
|
||||
_uuid="$(echo $_line | sed 's,^.* \(.*$\),\1,')"
|
||||
_uuid="$(echo "$_line" | sed 's,^.* \(.*$\),\1,')"
|
||||
strstr "$_uuid" "${luks##luks-}" && return 0
|
||||
fi
|
||||
done < /etc/crypttab
|
||||
|
|
@ -49,9 +49,6 @@ crypttab_contains() {
|
|||
# Turn off input echo before tty command is executed and turn on after.
|
||||
# It's useful when password is read from stdin.
|
||||
ask_for_password() {
|
||||
local cmd
|
||||
local prompt
|
||||
local tries=3
|
||||
local ply_cmd
|
||||
local ply_prompt
|
||||
local ply_tries=3
|
||||
|
|
@ -111,7 +108,7 @@ ask_for_password() {
|
|||
# Prompt for password with plymouth, if installed and running.
|
||||
if type plymouth > /dev/null 2>&1 && plymouth --ping 2> /dev/null; then
|
||||
plymouth ask-for-password \
|
||||
--prompt "$ply_prompt" --number-of-tries=$ply_tries \
|
||||
--prompt "$ply_prompt" --number-of-tries="$ply_tries" \
|
||||
--command="$ply_cmd"
|
||||
ret=$?
|
||||
else
|
||||
|
|
@ -121,16 +118,16 @@ ask_for_password() {
|
|||
fi
|
||||
|
||||
local i=1
|
||||
while [ $i -le $tty_tries ]; do
|
||||
while [ $i -le "$tty_tries" ]; do
|
||||
[ -n "$tty_prompt" ] \
|
||||
&& printf "$tty_prompt [$i/$tty_tries]:" >&2
|
||||
&& printf "%s" "$tty_prompt [$i/$tty_tries]:" >&2
|
||||
eval "$tty_cmd" && ret=0 && break
|
||||
ret=$?
|
||||
i=$((i + 1))
|
||||
[ -n "$tty_prompt" ] && printf '\n' >&2
|
||||
done
|
||||
|
||||
[ "$tty_echo_off" = yes ] && stty $stty_orig
|
||||
[ "$tty_echo_off" = yes ] && stty "$stty_orig"
|
||||
fi
|
||||
} 9> /.console_lock
|
||||
|
||||
|
|
@ -148,14 +145,14 @@ test_dev() {
|
|||
local dev="$2"
|
||||
local f="$3"
|
||||
local ret=1
|
||||
local mount_point=$(mkuniqdir /mnt testdev)
|
||||
local path
|
||||
local mount_point
|
||||
|
||||
mount_point=$(mkuniqdir /mnt testdev)
|
||||
[ -n "$dev" -a -n "$*" ] || return 1
|
||||
[ -d "$mount_point" ] || die 'Mount point does not exist!'
|
||||
|
||||
if mount -r "$dev" "$mount_point" > /dev/null 2>&1; then
|
||||
test $test_op "${mount_point}/${f}"
|
||||
test "$test_op" "${mount_point}/${f}"
|
||||
ret=$?
|
||||
umount "$mount_point"
|
||||
fi
|
||||
|
|
@ -212,8 +209,7 @@ getkey() {
|
|||
[ -z "$keys_file" -o -z "$for_dev" ] && die 'getkey: wrong usage!'
|
||||
[ -f "$keys_file" ] || return 1
|
||||
|
||||
local IFS=:
|
||||
while read luks_dev key_dev key_path || [ -n "$luks_dev" ]; do
|
||||
while IFS=: read -r luks_dev key_dev key_path _ || [ -n "$luks_dev" ]; do
|
||||
if match_dev "$luks_dev" "$for_dev"; then
|
||||
echo "${key_dev}:${key_path}"
|
||||
return 0
|
||||
|
|
@ -241,7 +237,8 @@ readkey() {
|
|||
# This creates a unique single mountpoint for *, or several for explicitly
|
||||
# given LUKS devices. It accomplishes unlocking multiple LUKS devices with
|
||||
# a single password entry.
|
||||
local mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"
|
||||
local mntp
|
||||
mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"
|
||||
|
||||
if [ ! -d "$mntp" ]; then
|
||||
mkdir -p "$mntp"
|
||||
|
|
@ -262,7 +259,7 @@ readkey() {
|
|||
if [ -f /lib/dracut-crypt-loop-lib.sh ]; then
|
||||
. /lib/dracut-crypt-loop-lib.sh
|
||||
loop_decrypt "$mntp" "$keypath" "$keydev" "$device"
|
||||
printf "%s\n" "umount \"$mntp\"; rmdir \"$mntp\";" > ${hookdir}/cleanup/"crypt-loop-cleanup-99-${mntp##*/}".sh
|
||||
printf "%s\n" "umount \"$mntp\"; rmdir \"$mntp\";" > "${hookdir}/cleanup/crypt-loop-cleanup-99-${mntp##*/}".sh
|
||||
return 0
|
||||
else
|
||||
die "No loop file support to decrypt '$keypath' on '$keydev'."
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
|||
NEWROOT=${NEWROOT:-"/sysroot"}
|
||||
|
||||
# do not ask, if we already have root
|
||||
[ -f $NEWROOT/proc ] && exit 0
|
||||
[ -f "$NEWROOT"/proc ] && exit 0
|
||||
|
||||
. /lib/dracut-lib.sh
|
||||
|
||||
|
|
@ -28,7 +28,7 @@ numtries=${4:-10}
|
|||
|
||||
# TODO: improve to support what cmdline does
|
||||
if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; then
|
||||
while read name dev luksfile luksoptions || [ -n "$name" ]; do
|
||||
while read -r name dev luksfile luksoptions || [ -n "$name" ]; do
|
||||
# ignore blank lines and comments
|
||||
if [ -z "$name" -o "${name#\#}" != "$name" ]; then
|
||||
continue
|
||||
|
|
@ -57,8 +57,8 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; t
|
|||
|
||||
# path used in crypttab
|
||||
else
|
||||
cdev=$(readlink -f $dev)
|
||||
mdev=$(readlink -f $device)
|
||||
cdev=$(readlink -f "$dev")
|
||||
mdev=$(readlink -f "$device")
|
||||
if [ "$cdev" = "$mdev" ]; then
|
||||
luksname="$name"
|
||||
break
|
||||
|
|
@ -69,11 +69,11 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; t
|
|||
fi
|
||||
|
||||
# check if destination already exists
|
||||
[ -b /dev/mapper/$luksname ] && exit 0
|
||||
[ -b /dev/mapper/"$luksname" ] && exit 0
|
||||
|
||||
# we already asked for this device
|
||||
asked_file=/tmp/cryptroot-asked-$luksname
|
||||
[ -f $asked_file ] && exit 0
|
||||
[ -f "$asked_file" ] && exit 0
|
||||
|
||||
# load dm_crypt if it is not already loaded
|
||||
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
|
||||
|
|
@ -88,6 +88,7 @@ info "luksOpen $device $luksname $luksfile $luksoptions"
|
|||
|
||||
OLD_IFS="$IFS"
|
||||
IFS=,
|
||||
# shellcheck disable=SC2086
|
||||
set -- $luksoptions
|
||||
IFS="$OLD_IFS"
|
||||
|
||||
|
|
@ -138,33 +139,33 @@ ask_passphrase=1
|
|||
|
||||
if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
|
||||
if readkey "$luksfile" / "$device" \
|
||||
| cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"; then
|
||||
| cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname"; then
|
||||
ask_passphrase=0
|
||||
fi
|
||||
elif [ "$is_keysource" -ne 0 ]; then
|
||||
info "Asking for passphrase because $device is a keysource."
|
||||
else
|
||||
while [ -n "$(getarg rd.luks.key)" ]; do
|
||||
if tmp=$(getkey /tmp/luks.keys $device); then
|
||||
if tmp=$(getkey /tmp/luks.keys "$device"); then
|
||||
keydev="${tmp%%:*}"
|
||||
keypath="${tmp#*:}"
|
||||
else
|
||||
if [ $numtries -eq 0 ]; then
|
||||
if [ "$numtries" -eq 0 ]; then
|
||||
warn "No key found for $device. Fallback to passphrase mode."
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
info "No key found for $device. Will try $numtries time(s) more later."
|
||||
initqueue --unique --onetime --settled \
|
||||
--name cryptroot-ask-$luksname \
|
||||
$(command -v cryptroot-ask) "$device" "$luksname" "$is_keysource" "$((numtries - 1))"
|
||||
--name cryptroot-ask-"$luksname" \
|
||||
"$(command -v cryptroot-ask)" "$device" "$luksname" "$is_keysource" "$((numtries - 1))"
|
||||
exit 0
|
||||
fi
|
||||
unset tmp
|
||||
|
||||
info "Using '$keypath' on '$keydev'"
|
||||
readkey "$keypath" "$keydev" "$device" \
|
||||
| cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname" \
|
||||
| cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname" \
|
||||
&& ask_passphrase=0
|
||||
unset keypath keydev
|
||||
break
|
||||
|
|
@ -184,7 +185,7 @@ if [ $ask_passphrase -ne 0 ]; then
|
|||
unset _timeout
|
||||
fi
|
||||
|
||||
if [ "$is_keysource" -ne 0 -a ${luksname##luks-} != "$luksname" ]; then
|
||||
if [ "$is_keysource" -ne 0 -a "${luksname##luks-}" != "$luksname" ]; then
|
||||
luks_close="$(command -v cryptsetup) close"
|
||||
{
|
||||
printf -- '[ -e /dev/mapper/%s ] && ' "$luksname"
|
||||
|
|
@ -196,7 +197,7 @@ fi
|
|||
unset device luksname luksfile
|
||||
|
||||
# mark device as asked
|
||||
>> $asked_file
|
||||
: >> "$asked_file"
|
||||
|
||||
need_shutdown
|
||||
udevsettle
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
# called by dracut
|
||||
check() {
|
||||
local _rootdev
|
||||
local fs
|
||||
# if cryptsetup is not installed, then we cannot support encrypted devices.
|
||||
require_any_binary $systemdutildir/systemd-cryptsetup cryptsetup || return 1
|
||||
require_any_binary "$systemdutildir"/systemd-cryptsetup cryptsetup || return 1
|
||||
|
||||
[[ $hostonly ]] || [[ $mount_needs ]] && {
|
||||
for fs in "${host_fs_types[@]}"; do
|
||||
|
|
@ -33,20 +33,18 @@ installkernel() {
|
|||
[[ $hostonly ]] || [[ $mount_needs ]] && {
|
||||
# dmsetup returns s.th. like
|
||||
# cryptvol: 0 2064384 crypt aes-xts-plain64 :64:logon:cryptsetup:....
|
||||
dmsetup table | while read name _ _ is_crypt cipher _; do
|
||||
[[ $is_crypt != "crypt" ]] && continue
|
||||
dmsetup table | while read -r name _ _ is_crypt cipher _; do
|
||||
[[ $is_crypt == "crypt" ]] || continue
|
||||
# get the device name
|
||||
name=/dev/$(dmsetup info -c --noheadings -o blkdevname ${name%:})
|
||||
# check if the device exists as a key in our host_fs_types
|
||||
name=/dev/$(dmsetup info -c --noheadings -o blkdevname "${name%:}")
|
||||
# check if the device exists as a key in our host_fs_types (even with null string)
|
||||
# shellcheck disable=SC2030 # this is a shellcheck bug
|
||||
if [[ ${host_fs_types[$name]+_} ]]; then
|
||||
# split the cipher aes-xts-plain64 in pieces
|
||||
_OLD_IFS=$IFS
|
||||
IFS='-:'
|
||||
set -- $cipher
|
||||
IFS=$_OLD_IFS
|
||||
IFS='-:' read -ra mods <<< "$cipher"
|
||||
# try to load the cipher part with "crypto-" prepended
|
||||
# in non-hostonly mode
|
||||
hostonly= instmods $(for k in "$@"; do echo "crypto-$k"; done)
|
||||
hostonly='' instmods "${mods[@]/#/crypto-}" "crypto-$cipher"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
|
@ -60,9 +58,9 @@ cmdline() {
|
|||
[[ ${host_fs_types[$dev]} != "crypto_LUKS" ]] && continue
|
||||
|
||||
UUID=$(
|
||||
blkid -u crypto -o export $dev \
|
||||
| while read line || [ -n "$line" ]; do
|
||||
[[ ${line#UUID} == $line ]] && continue
|
||||
blkid -u crypto -o export "$dev" \
|
||||
| while read -r line || [ -n "$line" ]; do
|
||||
[[ ${line#UUID} == "$line" ]] && continue
|
||||
printf "%s" "${line#UUID=}"
|
||||
break
|
||||
done
|
||||
|
|
@ -76,7 +74,8 @@ cmdline() {
|
|||
install() {
|
||||
|
||||
if [[ $hostonly_cmdline == "yes" ]]; then
|
||||
local _cryptconf=$(cmdline)
|
||||
local _cryptconf
|
||||
_cryptconf=$(cmdline)
|
||||
[[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf"
|
||||
fi
|
||||
|
||||
|
|
@ -91,7 +90,7 @@ install() {
|
|||
|
||||
if [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/crypttab ]]; then
|
||||
# filter /etc/crypttab for the devices we need
|
||||
while read _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
|
||||
while read -r _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
|
||||
[[ $_mapper == \#* ]] && continue
|
||||
[[ $_dev ]] || continue
|
||||
|
||||
|
|
@ -104,12 +103,13 @@ install() {
|
|||
[[ $_dev == ID=* ]] \
|
||||
&& _dev="/dev/disk/by-id/${_dev#ID=}"
|
||||
|
||||
echo "$_dev $(blkid $_dev -s UUID -o value)" >> "${initdir}/etc/block_uuid.map"
|
||||
echo "$_dev $(blkid "$_dev" -s UUID -o value)" >> "${initdir}/etc/block_uuid.map"
|
||||
|
||||
# loop through the options to check for the force option
|
||||
luksoptions=${_luksoptions}
|
||||
OLD_IFS="${IFS}"
|
||||
IFS=,
|
||||
# shellcheck disable=SC2086
|
||||
set -- ${luksoptions}
|
||||
IFS="${OLD_IFS}"
|
||||
|
||||
|
|
@ -147,14 +147,14 @@ install() {
|
|||
# the cryptsetup targets are already pulled in by 00systemd, but not
|
||||
# the enablement symlinks
|
||||
inst_multiple -o \
|
||||
$systemdutildir/system-generators/systemd-cryptsetup-generator \
|
||||
$systemdutildir/systemd-cryptsetup \
|
||||
$systemdsystemunitdir/systemd-ask-password-console.path \
|
||||
$systemdsystemunitdir/systemd-ask-password-console.service \
|
||||
$systemdsystemunitdir/cryptsetup.target \
|
||||
$systemdsystemunitdir/sysinit.target.wants/cryptsetup.target \
|
||||
$systemdsystemunitdir/remote-cryptsetup.target \
|
||||
$systemdsystemunitdir/initrd-root-device.target.wants/remote-cryptsetup.target \
|
||||
"$systemdutildir"/system-generators/systemd-cryptsetup-generator \
|
||||
"$systemdutildir"/systemd-cryptsetup \
|
||||
"$systemdsystemunitdir"/systemd-ask-password-console.path \
|
||||
"$systemdsystemunitdir"/systemd-ask-password-console.service \
|
||||
"$systemdsystemunitdir"/cryptsetup.target \
|
||||
"$systemdsystemunitdir"/sysinit.target.wants/cryptsetup.target \
|
||||
"$systemdsystemunitdir"/remote-cryptsetup.target \
|
||||
"$systemdsystemunitdir"/initrd-root-device.target.wants/remote-cryptsetup.target \
|
||||
systemd-ask-password systemd-tty-ask-password-agent
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ else
|
|||
is_keysource=0
|
||||
_uuid=$uuid
|
||||
uuid=${uuid#keysource:}
|
||||
[ $uuid != $_uuid ] && is_keysource=1
|
||||
[ "$uuid" != "$_uuid" ] && is_keysource=1
|
||||
unset _uuid
|
||||
|
||||
uuid=${uuid##luks-}
|
||||
|
|
@ -63,10 +63,12 @@ else
|
|||
printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
|
||||
printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
|
||||
printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
|
||||
printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$is_keysource" "$tout"
|
||||
# shellcheck disable=SC2016
|
||||
printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout"
|
||||
} >> /etc/udev/rules.d/70-luks.rules.new
|
||||
else
|
||||
luksname=$(dev_unit_name "$luksname")
|
||||
# shellcheck disable=SC1003
|
||||
luksname="$(str_replace "$luksname" '\' '\\')"
|
||||
|
||||
if ! crypttab_contains "$uuid"; then
|
||||
|
|
@ -86,7 +88,7 @@ else
|
|||
is_keysource=0
|
||||
_serialid=$serialid
|
||||
serialid=${serialid#keysource:}
|
||||
[ $serialid != $_serialid ] && is_keysource=1
|
||||
[ "$serialid" != "$_serialid" ] && is_keysource=1
|
||||
unset _serialid
|
||||
|
||||
serialid=${serialid##luks-}
|
||||
|
|
@ -101,10 +103,12 @@ else
|
|||
printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
|
||||
printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
|
||||
printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
|
||||
printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$is_keysource" "$tout"
|
||||
# shellcheck disable=SC2016
|
||||
printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout"
|
||||
} >> /etc/udev/rules.d/70-luks.rules.new
|
||||
else
|
||||
luksname=$(dev_unit_name "$luksname")
|
||||
# shellcheck disable=SC1003
|
||||
luksname="$(str_replace "$luksname" '\' '\\')"
|
||||
|
||||
if ! crypttab_contains "$serialid"; then
|
||||
|
|
@ -124,7 +128,7 @@ else
|
|||
is_keysource=0
|
||||
_luksid=$luksid
|
||||
luksid=${luksid#keysource:}
|
||||
[ $luksid != $_luksid ] && is_keysource=1
|
||||
[ "$luksid" != "$_luksid" ] && is_keysource=1
|
||||
unset _luksid
|
||||
|
||||
luksid=${luksid##luks-}
|
||||
|
|
@ -140,10 +144,12 @@ else
|
|||
printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid"
|
||||
printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
|
||||
printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
|
||||
# shellcheck disable=SC2016
|
||||
printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout"
|
||||
} >> /etc/udev/rules.d/70-luks.rules.new
|
||||
else
|
||||
luksname=$(dev_unit_name "$luksname")
|
||||
# shellcheck disable=SC1003
|
||||
luksname="$(str_replace "$luksname" '\' '\\')"
|
||||
|
||||
if ! crypttab_contains "$luksid"; then
|
||||
|
|
@ -160,11 +166,11 @@ else
|
|||
if [ $is_keysource -eq 0 ]; then
|
||||
uuid=$luksid
|
||||
while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done
|
||||
printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' $uuid \
|
||||
printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' "$uuid" \
|
||||
>> "$hookdir/initqueue/finished/90-crypt.sh"
|
||||
{
|
||||
printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' $luksid
|
||||
printf -- 'warn "crypto LUKS UUID "%s" not found"\n' $luksid
|
||||
printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' "$luksid"
|
||||
printf -- 'warn "crypto LUKS UUID "%s" not found"\n' "$luksid"
|
||||
} >> "$hookdir/emergency/90-crypt.sh"
|
||||
fi
|
||||
done
|
||||
|
|
@ -173,12 +179,14 @@ else
|
|||
{
|
||||
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
|
||||
printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
|
||||
# shellcheck disable=SC2016
|
||||
printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' "$(command -v cryptroot-ask)" "$tout"
|
||||
} >> /etc/udev/rules.d/70-luks.rules.new
|
||||
else
|
||||
{
|
||||
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
|
||||
printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '
|
||||
# shellcheck disable=SC2016
|
||||
printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)"
|
||||
} >> /etc/udev/rules.d/70-luks.rules.new
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -31,10 +31,10 @@ if getargbool 1 rd.luks -n rd_NO_LUKS \
|
|||
fi
|
||||
|
||||
{
|
||||
printf -- 'RUN+="%s --unique --onetime ' $(command -v initqueue)
|
||||
printf -- 'RUN+="%s --unique --onetime ' "$(command -v initqueue)"
|
||||
printf -- '--name probe-keydev-%%k '
|
||||
printf -- '%s /dev/%%k %s %s"\n' \
|
||||
$(command -v probe-keydev) "${keypath}" "${luksdev}"
|
||||
"$(command -v probe-keydev)" "${keypath}" "${luksdev}"
|
||||
} >&7
|
||||
done
|
||||
unset arg keypath keydev luksdev
|
||||
|
|
|
|||
Loading…
Reference in New Issue