mkosi-initrd: add key files for crypttab entries

Handle at least absolute paths and the automatic
`/etc/cryptsetup-keys.d/<volume>.key` search path.

diff --git a/mkosi/initrd.py b/mkosi/initrd.py
index a03882777a453da8fc353878e52b40e42ad66325..f0f2aaad1f0c93677c2993f63b01ca2ad5e5fe77 100644 (file)
--- a/mkosi/initrd.py
+++ b/mkosi/initrd.py
@@ -165,6 +165,16 @@ def process_crypttab(staging_dir: Path) -> list[str]:
                     f.write("# Automatically generated by mkosi-initrd\n")
                     f.write("\n".join(crypttab))
                 cmdline += ["--extra-tree", f"{staging_dir / 'crypttab'}:/etc/crypttab"]
+
+                # Add key files
+                for line in crypttab:
+                    entry = line.split()
+                    if (
+                        entry[2] in ["-", "none"]
+                        and Path(keyfile := f"/etc/cryptsetup-keys.d/{entry[0]}.key").exists()
+                    ) or Path(keyfile := entry[2]).exists():
+                        cmdline += ["--extra-tree", f"{keyfile}:{keyfile}"]
+
         except PermissionError:
             logging.warning("Permission denied to access /etc/crypttab, the initrd may be unbootable")