From: Harald Hoyer Date: Tue, 12 Jan 2010 13:55:09 +0000 (+0100) Subject: cryptroot-ask.sh: fixed luks handling X-Git-Tag: 004~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb2200ffcafbd562682beb0014726262ea69896c;p=thirdparty%2Fdracut.git cryptroot-ask.sh: fixed luks handling see https://bugzilla.redhat.com/show_bug.cgi?id=530898#c16 --- diff --git a/modules.d/50plymouth/cryptroot-ask.sh b/modules.d/50plymouth/cryptroot-ask.sh index 466d8db20..b9f246190 100755 --- a/modules.d/50plymouth/cryptroot-ask.sh +++ b/modules.d/50plymouth/cryptroot-ask.sh @@ -11,26 +11,45 @@ . /lib/dracut-lib.sh +# default luksname - luks-UUID luksname=$2 +# if device name is /dev/dm-X, convert to /dev/mapper/name +if [ "${1##/dev/dm-}" != "$1" ]; then + device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")" +else + device="$1" +fi + if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then - found=0 while read name dev rest; do - cdev=$(readlink -f $dev) - mdev=$(readlink -f $1) - if [ "$cdev" = "$mdev" ]; then - # for now just ignore everything which is in crypttab - # anaconda does not write an entry for root - exit 0 - #luksname="$name" - #break - fi + # ignore blank lines and comments + if [ -z "$name" -o "${name#\#}" != "$name" ]; then + continue + fi + + # UUID used in crypttab + if [ "${dev%%=*}" = "UUID" ]; then + if [ "luks-${dev##UUID=}" = "$2" ]; then + luksname="$name" + break + fi + + # path used in crypttab + else + cdev=$(readlink -f $dev) + mdev=$(readlink -f $device) + if [ "$cdev" = "$mdev" ]; then + luksname="$name" + break + fi + fi done < /etc/crypttab + unset name dev rest fi LUKS=$(getargs rd_LUKS_UUID=) ask=1 - if [ -n "$LUKS" ]; then ask=0 luuid=${2##luks-} @@ -42,25 +61,23 @@ if [ -n "$LUKS" ]; then fi done fi +unset LUKS luks luuid if [ $ask -gt 0 ]; then - info "luksOpen $1 $2" + info "luksOpen $device $luksname" # flock against other interactive activities { flock -s 9; /bin/plymouth ask-for-password \ - --prompt "$1 is password protected" \ - --command="/sbin/cryptsetup luksOpen -T1 $1 $luksname" + --prompt "$device ($luksname) is password protected" \ + --command="/sbin/cryptsetup luksOpen -T1 $device $luksname" } 9>/.console.lock fi +unset ask device luksname # mark device as asked >> /tmp/cryptroot-asked-$2 udevsettle -unset LUKS -unset ask -unset luks exit 0 -# vim:ts=8:sw=4:sts=4:et - +# vim:ts=8:sw=4:sts=4:et \ No newline at end of file diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh index 4ddb26eb6..13487c8b3 100755 --- a/modules.d/90crypt/cryptroot-ask.sh +++ b/modules.d/90crypt/cryptroot-ask.sh @@ -11,42 +11,63 @@ . /lib/dracut-lib.sh +# default luksname - luks-UUID luksname=$2 + +# if device name is /dev/dm-X, convert to /dev/mapper/name +if [ "${1##/dev/dm-}" != "$1" ]; then + device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")" +else + device="$1" +fi + if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then - found=0 while read name dev rest; do - cdev=$(readlink -f $dev) - mdev=$(readlink -f $1) - if [ "$cdev" = "$mdev" ]; then - # for now just ignore everything which is in crypttab - # anaconda does not write an entry for root - exit 0 - #luksname="$name" - #break + # ignore blank lines and comments + if [ -z "$name" -o "${name#\#}" != "$name" ]; then + continue + fi + + # UUID used in crypttab + if [ "${dev%%=*}" = "UUID" ]; then + if [ "luks-${dev##UUID=}" = "$2" ]; then + luksname="$name" + break + fi + + # path used in crypttab + else + cdev=$(readlink -f $dev) + mdev=$(readlink -f $device) + if [ "$cdev" = "$mdev" ]; then + luksname="$name" + break + fi fi done < /etc/crypttab + unset name dev rest fi LUKS=$(getargs rd_LUKS_UUID=) ask=1 - if [ -n "$LUKS" ]; then ask=0 luuid=${2##luks-} for luks in $LUKS; do - luks=${luks##luks-} + luks=${luks##luks-} if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" = "$luks" ]; then ask=1 break fi done fi +unset LUKS luks luuid if [ $ask -gt 0 ]; then - info "luksOpen $1 $2" + info "luksOpen $device $luksname" # flock against other interactive activities { flock -s 9; - echo -n "$1 is password protected " + echo -n "$device ($luksname) is password protected" /sbin/cryptsetup luksOpen -T1 $1 $luksname } 9>/.console.lock fi @@ -55,3 +76,4 @@ fi >> /tmp/cryptroot-asked-$2 exit 0 +# vim:ts=8:sw=4:sts=4:et \ No newline at end of file