cryptroot-ask.sh: fixed luks handling

see https://bugzilla.redhat.com/show_bug.cgi?id=530898#c16
15 years ago · bb2200ffca
2 changed files with 71 additions and 32 deletions
--- a/modules.d/50plymouth/cryptroot-ask.sh
+++ b/modules.d/50plymouth/cryptroot-ask.sh
@ -11,26 +11,45 @@
				@@ -11,26 +11,45 @@

 . /lib/dracut-lib.sh

+# default luksname - luks-UUID
 luksname=$2

+# if device name is /dev/dm-X, convert to /dev/mapper/name
+if [ "${1##/dev/dm-}" != "$1" ]; then
+    device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
+else
+    device="$1"
+fi
+
 if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
-    found=0
    while read name dev rest; do
-        cdev=$(readlink -f $dev)
-        mdev=$(readlink -f $1)
-        if [ "$cdev" = "$mdev" ]; then
-            # for now just ignore everything which is in crypttab
-            # anaconda does not write an entry for root
-            exit 0
-            #luksname="$name"
-            #break
-    fi
+	# ignore blank lines and comments
+	if [ -z "$name" -o "${name#\#}" != "$name" ]; then
+	    continue
+	fi
+
+	# UUID used in crypttab
+	if [ "${dev%%=*}" = "UUID" ]; then
+	    if [ "luks-${dev##UUID=}" = "$2" ]; then
+		luksname="$name"
+		break
+	    fi
+	
+	# path used in crypttab
+	else
+	    cdev=$(readlink -f $dev)
+	    mdev=$(readlink -f $device)
+	    if [ "$cdev" = "$mdev" ]; then
+		luksname="$name"
+		break
+	    fi
+	fi
    done < /etc/crypttab
+    unset name dev rest
 fi

 LUKS=$(getargs rd_LUKS_UUID=)
 ask=1
-
 if [ -n "$LUKS" ]; then
    ask=0
    luuid=${2##luks-}
@ -42,25 +61,23 @@ if [ -n "$LUKS" ]; then
				@@ -42,25 +61,23 @@ if [ -n "$LUKS" ]; then
 	fi
    done
 fi
+unset LUKS luks luuid

 if [ $ask -gt 0 ]; then
-    info "luksOpen $1 $2"
+    info "luksOpen $device $luksname"
    # flock against other interactive activities
    { flock -s 9; 
 	/bin/plymouth ask-for-password \
-	    --prompt "$1 is password protected" \
-	    --command="/sbin/cryptsetup luksOpen -T1 $1 $luksname"
+	    --prompt "$device ($luksname) is password protected" \
+	    --command="/sbin/cryptsetup luksOpen -T1 $device $luksname"
    } 9>/.console.lock
 fi
+unset ask device luksname

 # mark device as asked
 >> /tmp/cryptroot-asked-$2

 udevsettle

-unset LUKS
-unset ask
-unset luks
 exit 0
-# vim:ts=8:sw=4:sts=4:et
-
+# vim:ts=8:sw=4:sts=4:et
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@ -11,42 +11,63 @@
				@@ -11,42 +11,63 @@

 . /lib/dracut-lib.sh

+# default luksname - luks-UUID
 luksname=$2
+
+# if device name is /dev/dm-X, convert to /dev/mapper/name
+if [ "${1##/dev/dm-}" != "$1" ]; then
+    device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
+else
+    device="$1"
+fi
+
 if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
-    found=0
    while read name dev rest; do
-	cdev=$(readlink -f $dev)
-	mdev=$(readlink -f $1)
-	if [ "$cdev" = "$mdev" ]; then
-            # for now just ignore everything which is in crypttab
-            # anaconda does not write an entry for root
-            exit 0
-            #luksname="$name"
-            #break
+	# ignore blank lines and comments
+	if [ -z "$name" -o "${name#\#}" != "$name" ]; then
+	    continue
+	fi
+
+	# UUID used in crypttab
+	if [ "${dev%%=*}" = "UUID" ]; then
+	    if [ "luks-${dev##UUID=}" = "$2" ]; then
+		luksname="$name"
+		break
+	    fi
+	
+	# path used in crypttab
+	else
+	    cdev=$(readlink -f $dev)
+	    mdev=$(readlink -f $device)
+	    if [ "$cdev" = "$mdev" ]; then
+		luksname="$name"
+		break
+	    fi
 	fi
    done < /etc/crypttab
+    unset name dev rest
 fi

 LUKS=$(getargs rd_LUKS_UUID=)
 ask=1
-
 if [ -n "$LUKS" ]; then
    ask=0
    luuid=${2##luks-}
    for luks in $LUKS; do
-        luks=${luks##luks-}
+	luks=${luks##luks-}
 	if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" = "$luks" ]; then
 	    ask=1
 	    break
 	fi
    done
 fi
+unset LUKS luks luuid

 if [ $ask -gt 0 ]; then
-    info "luksOpen $1 $2"
+    info "luksOpen $device $luksname"
    # flock against other interactive activities
    { flock -s 9; 
-	echo -n "$1 is password protected " 
+	echo -n "$device ($luksname) is password protected"
 	/sbin/cryptsetup luksOpen -T1 $1 $luksname 
    } 9>/.console.lock
 fi
@ -55,3 +76,4 @@ fi
				@@ -55,3 +76,4 @@ fi
 >> /tmp/cryptroot-asked-$2

 exit 0
+# vim:ts=8:sw=4:sts=4:et