From: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Date: Sat, 3 Oct 2020 07:53:27 +0000 (+0700)
Subject: cryptroot-ask: unify /etc/crypttab and rd.luks.key
X-Git-Tag: 051~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7990ab91f96ff0923a618ba052f6ac88c7a54270;p=thirdparty%2Fdracut.git

cryptroot-ask: unify /etc/crypttab and rd.luks.key

dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.

Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.

Let's begin to treat them the same.

This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
---

diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh
index 19d2bcb46..1ea77ccc0 100755
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@@ -137,7 +137,8 @@ unset allowdiscards
 ask_passphrase=1
 
 if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
-    if cryptsetup --key-file "$luksfile" $cryptsetupopts luksOpen "$device" "$luksname"; then
+    if readkey "$luksfile" / "$device" \
+        | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"; then
         ask_passphrase=0
     fi
 elif [ "$is_keysource" -ne 0 ]; then