modules.d/90crypt/module-setup.sh

   1 #!/bin/bash
   2 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
   3 # ex: ts=8 sw=4 sts=4 et filetype=sh
   4
   5 # called by dracut
   6 check() {
   7     local _rootdev
   8     # if cryptsetup is not installed, then we cannot support encrypted devices.
   9     type -P cryptsetup >/dev/null || return 1
  10
  11     [[ $hostonly ]] || [[ $mount_needs ]] && {
  12         for fs in "${host_fs_types[@]}"; do
  13             [[ $fs = "crypto_LUKS" ]] && return 0
  14         done
  15         return 255
  16     }
  17
  18     return 0
  19 }
  20
  21 # called by dracut
  22 depends() {
  23     echo dm rootfs-block
  24     return 0
  25 }
  26
  27 # called by dracut
  28 installkernel() {
  29     instmods dm_crypt =crypto
  30 }
  31
  32 # called by dracut
  33 cmdline() {
  34     local dev UUID
  35     for dev in "${!host_fs_types[@]}"; do
  36         [[ "${host_fs_types[$dev]}" != "crypto_LUKS" ]] && continue
  37
  38         UUID=$(
  39             blkid -u crypto -o export $dev \
  40                 | while read line; do
  41                 [[ ${line#UUID} = $line ]] && continue
  42                 printf "%s" "${line#UUID=}"
  43                 break
  44             done
  45         )
  46         [[ ${UUID} ]] || continue
  47         printf "%s" " rd.luks.uuid=luks-${UUID}"
  48     done
  49 }
  50
  51 # called by dracut
  52 install() {
  53
  54     cmdline >> "${initdir}/etc/cmdline.d/90crypt.conf"
  55     echo >> "${initdir}/etc/cmdline.d/90crypt.conf"
  56
  57     inst_multiple cryptsetup rmdir readlink umount
  58     inst_script "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
  59     inst_script "$moddir"/probe-keydev.sh /sbin/probe-keydev
  60     inst_hook cmdline 10 "$moddir/parse-keydev.sh"
  61     inst_hook cmdline 30 "$moddir/parse-crypt.sh"
  62     if ! dracut_module_included "systemd"; then
  63         inst_hook cleanup 30 "$moddir/crypt-cleanup.sh"
  64     fi
  65
  66     if [[ $hostonly ]] && [[ -f /etc/crypttab ]]; then
  67         # filter /etc/crypttab for the devices we need
  68         while read _mapper _dev _rest; do
  69             [[ $_mapper = \#* ]] && continue
  70             [[ $_dev ]] || continue
  71
  72             [[ $_dev == UUID=* ]] && \
  73                 _dev="/dev/disk/by-uuid/${_dev#UUID=}"
  74
  75             for _hdev in "${!host_fs_types[@]}"; do
  76                 [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
  77                 if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
  78                     echo "$_mapper $_dev $_rest"
  79                     break
  80                 fi
  81             done
  82         done < /etc/crypttab > $initdir/etc/crypttab
  83     fi
  84
  85     inst_simple "$moddir/crypt-lib.sh" "/lib/dracut-crypt-lib.sh"
  86
  87     inst_multiple -o \
  88         $systemdutildir/system-generators/systemd-cryptsetup-generator \
  89         $systemdutildir/systemd-cryptsetup \
  90         $systemdsystemunitdir/systemd-ask-password-console.path \
  91         $systemdsystemunitdir/systemd-ask-password-console.service \
  92         $systemdsystemunitdir/cryptsetup.target \
  93         $systemdsystemunitdir/sysinit.target.wants/cryptsetup.target \
  94         systemd-ask-password systemd-tty-ask-password-agent
  95     inst_script "$moddir"/crypt-run-generator.sh /sbin/crypt-run-generator
  96     dracut_need_initqueue
  97 }