From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Thu, 27 Mar 2025 09:52:33 +0000 (+0100)
Subject: mkosi-initrd: add key files for crypttab entries
X-Git-Tag: v26~293
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=360f49d6842a491a44d9dbfc443e9e26b64c5197;p=thirdparty%2Fmkosi.git

mkosi-initrd: add key files for crypttab entries

Handle at least absolute paths and the automatic
`/etc/cryptsetup-keys.d/<volume>.key` search path.
---

diff --git a/mkosi/initrd.py b/mkosi/initrd.py
index a03882777..f0f2aaad1 100644
--- a/mkosi/initrd.py
+++ b/mkosi/initrd.py
@@ -165,6 +165,16 @@ def process_crypttab(staging_dir: Path) -> list[str]:
                     f.write("# Automatically generated by mkosi-initrd\n")
                     f.write("\n".join(crypttab))
                 cmdline += ["--extra-tree", f"{staging_dir / 'crypttab'}:/etc/crypttab"]
+
+                # Add key files
+                for line in crypttab:
+                    entry = line.split()
+                    if (
+                        entry[2] in ["-", "none"]
+                        and Path(keyfile := f"/etc/cryptsetup-keys.d/{entry[0]}.key").exists()
+                    ) or Path(keyfile := entry[2]).exists():
+                        cmdline += ["--extra-tree", f"{keyfile}:{keyfile}"]
+
         except PermissionError:
             logging.warning("Permission denied to access /etc/crypttab, the initrd may be unbootable")