crypt: install /etc/crypttab and honor crypttab entries

diff --git a/dracut.8 b/dracut.8
index 155c4719217a5d21eafe3eddfce1b68c0e90bed2..4a117e626ab799cd40315092cad37fd92e220c4f 100644 (file)
--- a/dracut.8
+++ b/dracut.8
@@ -146,6 +146,8 @@ disable crypto LUKS detection
 .TP
 .B rd_LUKS_UUID=<luks uuid>
 only activate the LUKS partitions with the given UUID
+.B rd_NO_CRYPTTAB
+do not check if LUKS partition is in /etc/crypttab
 
 .SH MD
 .TP

diff --git a/modules.d/50plymouth/cryptroot-ask.sh b/modules.d/50plymouth/cryptroot-ask.sh
index ff28660186b6e4b050a27db6362708d3a088e3d4..b0599af60235d838d14f53ac58f8e0afef806daf 100755 (executable)
--- a/modules.d/50plymouth/cryptroot-ask.sh
+++ b/modules.d/50plymouth/cryptroot-ask.sh
@@ -10,6 +10,21 @@
 [ -f /tmp/cryptroot-asked-$2 ] && exit 0
 
 . /lib/dracut-lib.sh
+
+luksname=$2
+
+if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
+    found=0
+    while read name dev rest; do
+       cdev=$(readlink -f $dev)
+       mdev=$(readlink -f $1)
+       if [ "$cdev" = "$mdev" ]; then
+           luksname="$name"
+           break
+       fi
+    done < /etc/crypttab
+fi
+
 LUKS=$(getargs rd_LUKS_UUID=)
 ask=1
 
@@ -18,8 +33,9 @@ if [ -n "$LUKS" ]; then
     luuid=${2##luks-}
     for luks in $LUKS; do
        luks=${luks##luks-}
-       if [ "${luuid##$luks}" != "$luuid" ]; then
+       if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then
            ask=1
+           break
        fi
     done
 fi
@@ -30,7 +46,7 @@ if [ $ask -gt 0 ]; then
     { flock -s 9; 
        /bin/plymouth ask-for-password \
            --prompt "$1 is password protected" \
-           --command="/sbin/cryptsetup luksOpen -T1 $1 $2"
+           --command="/sbin/cryptsetup luksOpen -T1 $1 $luksname"
     } 9>/.console.lock
 fi
 

diff --git a/modules.d/50plymouth/install b/modules.d/50plymouth/install
index 96cb818c3f88d7a2c1a5e52c92da0f1a20b9e537..86d8efd79dfda1f6de4dcec0e256293504682417 100755 (executable)
--- a/modules.d/50plymouth/install
+++ b/modules.d/50plymouth/install
@@ -13,3 +13,4 @@ inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh
 inst_hook pre-trigger 10 "$moddir"/plymouth-pretrigger.sh
 inst_hook emergency 50 "$moddir"/plymouth-emergency.sh
 inst "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
+inst readlink
\ No newline at end of file

diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh
index f945d54325e6769e6e2bb9f794567e02feb5398d..3a20d22f32b49a425d946af54862ccb5a177cf3c 100755 (executable)
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@@ -10,6 +10,20 @@
 [ -f /tmp/cryptroot-asked-$2 ] && exit 0
 
 . /lib/dracut-lib.sh
+
+luksname=$2
+if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then
+    found=0
+    while read name dev rest; do
+       cdev=$(readlink -f $dev)
+       mdev=$(readlink -f $1)
+       if [ "$cdev" = "$mdev" ]; then
+           luksname="$name"
+           break
+       fi
+    done < /etc/crypttab
+fi
+
 LUKS=$(getargs rd_LUKS_UUID=)
 ask=1
 
@@ -18,8 +32,9 @@ if [ -n "$LUKS" ]; then
     luuid=${2##luks-}
     for luks in $LUKS; do
         luks=${luks##luks-}
-       if [ "${luuid##$luks}" != "$luuid" ]; then
+       if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then
            ask=1
+           break
        fi
     done
 fi
@@ -29,7 +44,7 @@ if [ $ask -gt 0 ]; then
     # flock against other interactive activities
     { flock -s 9; 
        echo -n "$1 is password protected " 
-       /sbin/cryptsetup luksOpen -T1 $1 $2 
+       /sbin/cryptsetup luksOpen -T1 $1 $luksname 
     } 9>/.console.lock
 fi
 

diff --git a/modules.d/90crypt/install b/modules.d/90crypt/install
index 17fba37c19c98100499c8748549afcacf44f8b2e..2bfb0a84772119d40feec887527bdf0bbba66b3b 100755 (executable)
--- a/modules.d/90crypt/install
+++ b/modules.d/90crypt/install
@@ -7,3 +7,4 @@ inst_hook cmdline 30 "$moddir/parse-crypt.sh"
 inst_hook pre-pivot 30 "$moddir/crypt-cleanup.sh"
 inst_hook pre-pivot 31 "$moddir/crypt-cleanup.sh"
 inst_rules 10-dm.rules 95-dm-notify.rules
+inst /etc/crypttab