diff options
| author | Harald Hoyer <harald@redhat.com> | 2011-11-16 11:36:46 +0100 |
|---|---|---|
| committer | Harald Hoyer <harald@redhat.com> | 2011-11-16 11:42:09 +0100 |
| commit | 4e05cb4023966a828ad90432816467a1da540120 (patch) | |
| tree | 196c63ed877568b81803c7a6627d5fc3844d6217 | |
| parent | dd03dea22e94de0e012e0fe4159ad22393f23936 (diff) | |
| download | dracut-4e05cb4023966a828ad90432816467a1da540120.tar.gz | |
cryptroot-ask.sh: use key file, if specified in crypttab and present
if a key file is specified in crypttab and present in the initramfs use
it to open the device.
https://bugzilla.redhat.com/show_bug.cgi?id=751640
| -rwxr-xr-x | modules.d/90crypt/cryptroot-ask.sh | 67 |
1 files changed, 37 insertions, 30 deletions
diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh index 9b8f8c2e..6a95dc22 100755 --- a/modules.d/90crypt/cryptroot-ask.sh +++ b/modules.d/90crypt/cryptroot-ask.sh @@ -34,7 +34,7 @@ fi # TODO: improve to support what cmdline does if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then - while read name dev rest; do + while read name dev luksfile rest; do # ignore blank lines and comments if [ -z "$name" -o "${name#\#}" != "$name" ]; then continue @@ -64,37 +64,44 @@ fi # Open LUKS device # -info "luksOpen $device $luksname" +info "luksOpen $device $luksname $luksfile" -while [ -n "$(getarg rd.luks.key)" ]; do - if tmp=$(getkey /tmp/luks.keys $device); then - keydev="${tmp%%:*}" - keypath="${tmp#*:}" - else - if [ $# -eq 3 ]; then - if [ $3 -eq 0 ]; then - info "No key found for $device. Fallback to passphrase mode." - break - fi - info "No key found for $device. Will try $3 time(s) more later." - set -- "$1" "$2" "$(($3 - 1))" +if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then + if cryptsetup --key-file "$luksfile" luksOpen "$device" "$luksname"; then + ask_passphrase=0 + fi +else + while [ -n "$(getarg rd.luks.key)" ]; do + if tmp=$(getkey /tmp/luks.keys $device); then + keydev="${tmp%%:*}" + keypath="${tmp#*:}" else - info "No key found for $device. Will try later." + if [ $# -eq 3 ]; then + if [ $3 -eq 0 ]; then + info "No key found for $device. Fallback to passphrase mode." + break + fi + info "No key found for $device. Will try $3 time(s) more later." + set -- "$1" "$2" "$(($3 - 1))" + else + info "No key found for $device. Will try later." + fi + initqueue --unique --onetime --settled \ + --name cryptroot-ask-$luksname \ + $(command -v cryptroot-ask) "$@" + exit 0 fi - initqueue --unique --onetime --settled \ - --name cryptroot-ask-$luksname \ - $(command -v cryptroot-ask) "$@" - exit 0 - fi - unset tmp - - info "Using '$keypath' on '$keydev'" - readkey "$keypath" "$keydev" "$device" \ - | cryptsetup -d - luksOpen "$device" "$luksname" - unset keypath keydev - ask_passphrase=0 - break -done + unset tmp + + info "Using '$keypath' on '$keydev'" + readkey "$keypath" "$keydev" "$device" \ + | cryptsetup -d - luksOpen "$device" "$luksname" + unset keypath keydev + ask_passphrase=0 + break + done +fi + if [ $ask_passphrase -ne 0 ]; then luks_open="$(command -v cryptsetup) luksOpen" ask_for_password --ply-tries 5 \ @@ -105,7 +112,7 @@ if [ $ask_passphrase -ne 0 ]; then unset luks_open fi -unset device luksname +unset device luksname luksfile # mark device as asked >> /tmp/cryptroot-asked-$2 |