From: Harald Hoyer Date: Thu, 5 Nov 2009 15:14:27 +0000 (+0100) Subject: crypt: install /etc/crypttab and honor crypttab entries X-Git-Tag: 003~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=349bac42142c66d2c7dc2ec909740680b1490c5b;p=thirdparty%2Fdracut.git crypt: install /etc/crypttab and honor crypttab entries --- diff --git a/dracut.8 b/dracut.8 index 155c47192..4a117e626 100644 --- a/dracut.8 +++ b/dracut.8 @@ -146,6 +146,8 @@ disable crypto LUKS detection .TP .B rd_LUKS_UUID= only activate the LUKS partitions with the given UUID +.B rd_NO_CRYPTTAB +do not check if LUKS partition is in /etc/crypttab .SH MD .TP diff --git a/modules.d/50plymouth/cryptroot-ask.sh b/modules.d/50plymouth/cryptroot-ask.sh index ff2866018..b0599af60 100755 --- a/modules.d/50plymouth/cryptroot-ask.sh +++ b/modules.d/50plymouth/cryptroot-ask.sh @@ -10,6 +10,21 @@ [ -f /tmp/cryptroot-asked-$2 ] && exit 0 . /lib/dracut-lib.sh + +luksname=$2 + +if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then + found=0 + while read name dev rest; do + cdev=$(readlink -f $dev) + mdev=$(readlink -f $1) + if [ "$cdev" = "$mdev" ]; then + luksname="$name" + break + fi + done < /etc/crypttab +fi + LUKS=$(getargs rd_LUKS_UUID=) ask=1 @@ -18,8 +33,9 @@ if [ -n "$LUKS" ]; then luuid=${2##luks-} for luks in $LUKS; do luks=${luks##luks-} - if [ "${luuid##$luks}" != "$luuid" ]; then + if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then ask=1 + break fi done fi @@ -30,7 +46,7 @@ if [ $ask -gt 0 ]; then { flock -s 9; /bin/plymouth ask-for-password \ --prompt "$1 is password protected" \ - --command="/sbin/cryptsetup luksOpen -T1 $1 $2" + --command="/sbin/cryptsetup luksOpen -T1 $1 $luksname" } 9>/.console.lock fi diff --git a/modules.d/50plymouth/install b/modules.d/50plymouth/install index 96cb818c3..86d8efd79 100755 --- a/modules.d/50plymouth/install +++ b/modules.d/50plymouth/install @@ -13,3 +13,4 @@ inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh inst_hook pre-trigger 10 "$moddir"/plymouth-pretrigger.sh inst_hook emergency 50 "$moddir"/plymouth-emergency.sh inst "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask +inst readlink \ No newline at end of file diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh index f945d5432..3a20d22f3 100755 --- a/modules.d/90crypt/cryptroot-ask.sh +++ b/modules.d/90crypt/cryptroot-ask.sh @@ -10,6 +10,20 @@ [ -f /tmp/cryptroot-asked-$2 ] && exit 0 . /lib/dracut-lib.sh + +luksname=$2 +if [ -f /etc/crypttab ] && ! getargs rd_NO_CRYPTTAB; then + found=0 + while read name dev rest; do + cdev=$(readlink -f $dev) + mdev=$(readlink -f $1) + if [ "$cdev" = "$mdev" ]; then + luksname="$name" + break + fi + done < /etc/crypttab +fi + LUKS=$(getargs rd_LUKS_UUID=) ask=1 @@ -18,8 +32,9 @@ if [ -n "$LUKS" ]; then luuid=${2##luks-} for luks in $LUKS; do luks=${luks##luks-} - if [ "${luuid##$luks}" != "$luuid" ]; then + if [ "${luuid##$luks}" != "$luuid" ] || [ "$luksname" == "$luks" ]; then ask=1 + break fi done fi @@ -29,7 +44,7 @@ if [ $ask -gt 0 ]; then # flock against other interactive activities { flock -s 9; echo -n "$1 is password protected " - /sbin/cryptsetup luksOpen -T1 $1 $2 + /sbin/cryptsetup luksOpen -T1 $1 $luksname } 9>/.console.lock fi diff --git a/modules.d/90crypt/install b/modules.d/90crypt/install index 17fba37c1..2bfb0a847 100755 --- a/modules.d/90crypt/install +++ b/modules.d/90crypt/install @@ -7,3 +7,4 @@ inst_hook cmdline 30 "$moddir/parse-crypt.sh" inst_hook pre-pivot 30 "$moddir/crypt-cleanup.sh" inst_hook pre-pivot 31 "$moddir/crypt-cleanup.sh" inst_rules 10-dm.rules 95-dm-notify.rules +inst /etc/crypttab