From: LinkTed <link.ted@mailbox.org>
Date: Fri, 23 Dec 2022 19:16:31 +0000 (+0100)
Subject: fix(crypt-gpg): do not use always --card-status
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3e8108eb75247249ec05eaba943c3f48637c04b;p=thirdparty%2Fdracut.git

fix(crypt-gpg): do not use always --card-status

If no GPG smart card is used then the card-status breaks the decryption
of the keyfile. Therefore, use the card-status only if a smart card is
used to decrypt the keyfie.

Fixes issue #2004
---

diff --git a/modules.d/91crypt-gpg/crypt-gpg-lib.sh b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
index 88ce16e27..538419f3a 100755
--- a/modules.d/91crypt-gpg/crypt-gpg-lib.sh
+++ b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
@@ -31,6 +31,7 @@ gpg_decrypt() {
     local useSmartcard="0"
     local gpgMajorVersion
     local gpgMinorVersion
+    local cmd
     gpgMajorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')"
     gpgMinorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')"
 
@@ -48,10 +49,13 @@ gpg_decrypt() {
         fi
         GNUPGHOME="$gpghome" gpg-connect-agent 1> /dev/null learn /bye
         opts="$opts --pinentry-mode=loopback"
+        cmd="GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath"
+    else
+        cmd="gpg $opts --decrypt $mntp/$keypath"
     fi
 
     ask_for_password \
-        --cmd "GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath" \
+        --cmd "$cmd" \
         --prompt "${inputPrompt:-Password ($keypath on $keydev for $device)}" \
         --tries 3 --tty-echo-off