From d32ef1c9ed5ac84cf266c168f51a1c5c677f8657 Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Tue, 28 Jan 2025 08:25:13 +0100 Subject: [PATCH] mkosi-initrd: handle PermissionError when reading /etc/crypttab Usually /etc/crypttab has 600 permissions, so display a warning to non-root users rather than unhandling a PermissionError exception. --- mkosi/initrd.py | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/mkosi/initrd.py b/mkosi/initrd.py index f71f6e48e..ef0f7110b 100644 --- a/mkosi/initrd.py +++ b/mkosi/initrd.py @@ -3,6 +3,7 @@ import argparse import contextlib import dataclasses +import logging import os import platform import shutil @@ -102,20 +103,23 @@ def process_crypttab(staging_dir: str) -> list[str]: # Generate crypttab with all the x-initrd.attach entries if Path("/etc/crypttab").exists(): - crypttab = [ - line - for line in Path("/etc/crypttab").read_text().splitlines() - if ( - len(entry := line.split()) >= 4 - and not entry[0].startswith("#") - and "x-initrd.attach" in entry[3] - ) - ] - if crypttab: - with (Path(staging_dir) / "crypttab").open("w") as f: - f.write("# Automatically generated by mkosi-initrd\n") - f.write("\n".join(crypttab)) - cmdline += ["--extra-tree", f"{staging_dir}/crypttab:/etc/crypttab"] + try: + crypttab = [ + line + for line in Path("/etc/crypttab").read_text().splitlines() + if ( + len(entry := line.split()) >= 4 + and not entry[0].startswith("#") + and "x-initrd.attach" in entry[3] + ) + ] + if crypttab: + with (Path(staging_dir) / "crypttab").open("w") as f: + f.write("# Automatically generated by mkosi-initrd\n") + f.write("\n".join(crypttab)) + cmdline += ["--extra-tree", f"{staging_dir}/crypttab:/etc/crypttab"] + except PermissionError: + logging.warning("Permission denied to access /etc/crypttab, the initrd may be unbootable") return cmdline -- 2.47.3