Error: SHELLCHECK_WARNING:
/usr/lib/dracut/dracut-init.sh:939:20: error: Argument to implicit -n is always true due to literal strings. [SC2157]
937| dracut_kernel_post() {
938| for _f in modules.builtin.bin modules.builtin modules.order; do
939|-> [[ $srcmods/$_f ]] && inst_simple "$srcmods/$_f" "/lib/modules/$kernel/$_f"
940| done
941|
Error: SHELLCHECK_WARNING:
/usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh:18:12: error: This expression is constant. Did you forget a $ somewhere? [SC2078]
16| elif [ -e /sbin/syslogd ]; then
17| syslogtype="syslogd"
18|-> elif [ /sbin/syslog-ng ]; then
19| syslogtype="syslog-ng"
20| else
Error: SHELLCHECK_WARNING:
/usr/lib/dracut/modules.d/90crypt/crypt-lib.sh:15:29: error: Since you double quoted this, it will not word split, and the loop will only run once. [SC2066]
13| strstr "$d" "${luks##luks-}" && return 0
14| if [ -n "$dev" ]; then
15|-> for _dev in "$(devnames $d)"; do
16| [ "$dev" -ef "$_dev" ] && return 0
17| done
blkid is not available when this function is called, so block_uuid.map is put into
the initrd, mapping block devices from /etc/crypttab to UUIDs.
This fixes a bug where udev rules were created by mistake as crypttab_contains()
returned false for devices specified by path in /etc/crypttab which resulted in
error messages during boot.
Signed-off-by: Julian Wolf <juwolf@suse.de>
If crypt-lib.sh is sourced from any #!/bin/sh script, a POSIX shell
quirk is in effect that causes variable assignments to "special
builtins" (such as "shift") to leak to their context. So the buggy
code works even despite the missing semicolons.
But if it is sourced by "bash acting under its own name", i.e. from
any #!/bin/bash script, the quirk is disabled, tty_cmd/tty_prompt are
undefined, and ask_for_password doesn't do anything if plymouth is not
present.
Combining $keydev and $keypath should result in a unique, re-usable keydev
mountpoint. mkuniqdir doesn't seem to have any an advantage here and lacks
reusability. Is there ever a use case where these are true:
* there are more than one rd.luks.key=$keypath:$keydev
* one is actually different from the other
As Ray Strode explains, plymouth --has-active-vt may fail if the user
passes console=ttyS0 or something other not corresponding to
console=tty0, because plymouth is outputing to the serial console and
not a VT in this case.
In the initrd, the init script and the sbin/cryptroot-ask script use
flock with different lock files for the console: /.console_lock and
/.console.lock respectively
Some versions of dash don't behave as expected with code like this:
while IFS=: read a b c; do
blah
done
Thanks to Eric Mertens who identified the issue.
New kernel argument syntax for LUKS-keydev is introduced:
rd.luks.key=<key_path>[:<key_dev>[:<luks_dev>]]
Unfolding <key_dev> in BNF:
<key_dev> ::= "UUID=" <uuid> | "LABEL=" <label> | <kname>
Where <kname> matches following regular expression:
^/dev/.*
<kname> need to be a character device and not a symlink for now.
For every rd.luks.key argument udev rule is created. That rule runs
test to check whether matching device contains <key_path>. If it does
it's applied to matching <luks_dev>.
Đoàn Trần Công Danh