kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cryptroot-ask.sh: fixed luks handling 

see https://bugzilla.redhat.com/show_bug.cgi?id=530898#c16
master
Harald Hoyer 2010-01-12 14:55:09 +01:00
parent 66e45737e1
commit bb2200ffca
2 changed files with 71 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
modules.d/50plymouth/cryptroot-ask.sh
View File

@ -11,26 +11,45 @@

. /lib/dracut-lib.sh

# default luksname - luks-UUID
luksname=$2

# if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
else
device="$1"
fi

if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
found=0
while read name dev rest; do
cdev=$(readlink -f $dev)
mdev=$(readlink -f $1)
if [ "$cdev" = "$mdev" ]; then
# for now just ignore everything which is in crypttab
# anaconda does not write an entry for root
exit 0
#luksname="$name"
#break
fi
# ignore blank lines and comments
if [ -z "$name" -o "${name#\#}" != "$name" ]; then
continue
fi

# UUID used in crypttab
if [ "${dev%%=*}" = "UUID" ]; then
if [ "luks-${dev##UUID=}" = "$2" ]; then
luksname="$name"
break
fi
# path used in crypttab
else
cdev=$(readlink -f $dev)
mdev=$(readlink -f $device)
if [ "$cdev" = "$mdev" ]; then
luksname="$name"
break
fi
fi
done < /etc/crypttab
unset name dev rest
fi

LUKS=$(getargs rd_LUKS_UUID=)
ask=1

if [ -n "$LUKS" ]; then
ask=0
luuid=${2##luks-}
@ -42,25 +61,23 @@ if [ -n "$LUKS" ]; then
fi
done
fi
unset LUKS luks luuid

if [ $ask -gt 0 ]; then
info "luksOpen $1 $2"
info "luksOpen $device $luksname"
# flock against other interactive activities
{ flock -s 9;
/bin/plymouth ask-for-password \
--prompt "$1 is password protected" \
--command="/sbin/cryptsetup luksOpen -T1 $1 $luksname"
--prompt "$device ($luksname) is password protected" \
--command="/sbin/cryptsetup luksOpen -T1 $device $luksname"
} 9>/.console.lock
fi
unset ask device luksname

# mark device as asked
>> /tmp/cryptroot-asked-$2

udevsettle

unset LUKS
unset ask
unset luks
exit 0
# vim:ts=8:sw=4:sts=4:et


48
modules.d/90crypt/cryptroot-ask.sh
View File

@ -11,42 +11,63 @@

. /lib/dracut-lib.sh

# default luksname - luks-UUID
luksname=$2

# if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
else
device="$1"
fi

if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
found=0
while read name dev rest; do
cdev=$(readlink -f $dev)
mdev=$(readlink -f $1)
if [ "$cdev" = "$mdev" ]; then
# for now just ignore everything which is in crypttab
# anaconda does not write an entry for root
exit 0
#luksname="$name"
#break
# ignore blank lines and comments
if [ -z "$name" -o "${name#\#}" != "$name" ]; then
continue
fi

# UUID used in crypttab
if [ "${dev%%=*}" = "UUID" ]; then
if [ "luks-${dev##UUID=}" = "$2" ]; then
luksname="$name"
break
fi
# path used in crypttab
else
cdev=$(readlink -f $dev)
mdev=$(readlink -f $device)
if [ "$cdev" = "$mdev" ]; then
luksname="$name"
break
fi
fi
done < /etc/crypttab
unset name dev rest
fi

LUKS=$(getargs rd_LUKS_UUID=)
ask=1

if [ -n "$LUKS" ]; then
ask=0
luuid=${2##luks-}
for luks in $LUKS; do
luks=${luks##luks-}
luks=${luks##luks-}
if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" = "$luks" ]; then
ask=1
break
fi
done
fi
unset LUKS luks luuid

if [ $ask -gt 0 ]; then
info "luksOpen $1 $2"
info "luksOpen $device $luksname"
# flock against other interactive activities
{ flock -s 9;
echo -n "$1 is password protected "
echo -n "$device ($luksname) is password protected"
/sbin/cryptsetup luksOpen -T1 $1 $luksname
} 9>/.console.lock
fi
@ -55,3 +76,4 @@ fi
>> /tmp/cryptroot-asked-$2

exit 0
# vim:ts=8:sw=4:sts=4:et