crypt: Implement cmdline rd.luks.partuuid

Commit bf5c53a implements support for mounting LUKS devices with
detached headers; however, it assumes that the LUKS device sits on an
unpartitioned disk.

Mirroring the `rd.luks.serial` option, this commit implements the
`rd.luks.partuuid` cmdline option, supporting headless LUKS devices on
drive partitions.

diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index ea6802e8b7ece7466cccdcea081919bf20f9acd5..f6911cc84dd883de0313f062e40b11b509ac23e8 100755 (executable)
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -35,6 +35,7 @@ else
         echo 'ACTION!="add|change", GOTO="luks_end"'
     } > /etc/udev/rules.d/70-luks.rules.new
 
+    PARTUUID=$(getargs rd.luks.partuuid -d rd_LUKS_PARTUUID)
     SERIAL=$(getargs rd.luks.serial -d rd_LUKS_SERIAL)
     LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID)
     tout=$(getarg rd.luks.key.tout)
@@ -45,7 +46,39 @@ else
         done < /etc/crypttab
     fi
 
-    if [ -n "$SERIAL" ]; then
+    if [ -n "$PARTUUID" ]; then
+        for uuid in $PARTUUID; do
+
+            uuid=${uuid##luks-}
+            if luksname=$(_cryptgetargsname "rd.luks.name=$uuid="); then
+                luksname="${luksname#$uuid=}"
+            else
+                luksname="luks-$uuid"
+            fi
+
+            if [ -z "$DRACUT_SYSTEMD" ]; then
+                {
+                    printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
+                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
+                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
+                } >> /etc/udev/rules.d/70-luks.rules.new
+            else
+                luksname=$(dev_unit_name "$luksname")
+                luksname="$(str_replace "$luksname" '\' '\\')"
+
+                if ! crypttab_contains "$uuid"; then
+                    {
+                        printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
+                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
+                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
+                    } >> /etc/udev/rules.d/70-luks.rules.new
+                fi
+            fi
+        done
+
+    elif [ -n "$SERIAL" ]; then
         for serialid in $SERIAL; do
 
             serialid=${serialid##luks-}