Merged cryptroot-ask.sh from plymouth to crypt module.

First, it's duplicate code.

Second, it did not allow those who had plymouth installed to use other
methods, like the new usb key file. When building the initram,
it would install the plymouth cryptroot-ask script, and not
the crypt module one.

Added these new items to crypt module's cryptroot-ask.sh:
  - 'unset' for used variables
  - udevsettle

The non-plymouth cryptsetup prompt was using $1 instead of $device.
Changed prompt number from 1 to 5, as this is much nicer.
I believe plymouth already does infinite prompts.

Also added unset for usb key. Just saw it didn't unset its vars.

diff --git a/modules.d/50plymouth/cryptroot-ask.sh b/modules.d/50plymouth/cryptroot-ask.sh
deleted file mode 100755 (executable)
index d1c4770..0000000
--- a/modules.d/50plymouth/cryptroot-ask.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/sh
-
-# do not ask, if we already have root
-[ -f /sysroot/proc ] && exit 0
-
-# check if destination already exists
-[ -b /dev/mapper/$2 ] && exit 0
-
-# we already asked for this device
-[ -f /tmp/cryptroot-asked-$2 ] && exit 0
-
-# load dm_crypt if it is not already loaded
-[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
-
-. /lib/dracut-lib.sh
-
-# default luksname - luks-UUID
-luksname=$2
-
-# if device name is /dev/dm-X, convert to /dev/mapper/name
-if [ "${1##/dev/dm-}" != "$1" ]; then
-    device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
-else
-    device="$1"
-fi
-
-if [ -f /etc/crypttab ] && ! getarg rd_NO_CRYPTTAB; then
-    while read name dev rest; do
-       # ignore blank lines and comments
-       if [ -z "$name" -o "${name#\#}" != "$name" ]; then
-           continue
-       fi
-
-       # UUID used in crypttab
-       if [ "${dev%%=*}" = "UUID" ]; then
-           if [ "luks-${dev##UUID=}" = "$2" ]; then
-               luksname="$name"
-               break
-           fi
-       
-       # path used in crypttab
-       else
-           cdev=$(readlink -f $dev)
-           mdev=$(readlink -f $device)
-           if [ "$cdev" = "$mdev" ]; then
-               luksname="$name"
-               break
-           fi
-       fi
-    done < /etc/crypttab
-    unset name dev rest
-fi
-
-prompt="Password [$device ($luksname)]:" 
-if [ ${#luksname} -gt 8 ]; then
-    sluksname=${sluksname##luks-}
-    sluksname=${luksname%%${luksname##????????}}
-    prompt="Password for $device ($sluksname...)"
-fi
-
-# flock against other interactive activities
-{ flock -s 9; 
-    /bin/plymouth ask-for-password \
-       --prompt "$prompt" \
-       --command="/sbin/cryptsetup luksOpen -T1 $device $luksname"
-} 9>/.console.lock
-
-unset ask device luksname
-
-# mark device as asked
->> /tmp/cryptroot-asked-$2
-
-udevsettle
-
-exit 0
-# vim:ts=8:sw=4:sts=4:et

diff --git a/modules.d/50plymouth/install b/modules.d/50plymouth/install
index 86d8efd79dfda1f6de4dcec0e256293504682417..ba5ef89545cc5ae79652cba4f640e24d9474ee9d 100755 (executable)
--- a/modules.d/50plymouth/install
+++ b/modules.d/50plymouth/install
@@ -12,5 +12,4 @@ fi
 inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh
 inst_hook pre-trigger 10 "$moddir"/plymouth-pretrigger.sh
 inst_hook emergency 50 "$moddir"/plymouth-emergency.sh
-inst "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
-inst readlink
\ No newline at end of file
+inst readlink

diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh
index 8bed056e63c26b4888ed8fb62f86715c4eeb80f7..efec56c115a7219028a723581c41675457d9fe31 100755 (executable)
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@@ -117,16 +117,42 @@ if [ -n "$keydev_uuid" ]; then
     cryptsetup -d "$mntp/$keypath" luksOpen "$device" "$luksname"
     umount "$mntp"
     rmdir -p "$mntp" 2>/dev/null
+    unset mntp keypath keydev_uuid
 else
-    # flock against other interactive activities
-    { flock -s 9;
-        echo -n "$device ($luksname) is password protected"
-        cryptsetup luksOpen -T1 $1 $luksname
-    } 9>/.console.lock
+    # Prompt for password with plymouth, if installed.
+    # Should we check if plymouthd is running?
+    if [ -x /bin/plymouth ]; then
+        prompt="Password [$device ($luksname)]:" 
+        if [ ${#luksname} -gt 8 ]; then
+            sluksname=${sluksname##luks-}
+            sluksname=${luksname%%${luksname##????????}}
+            prompt="Password for $device ($sluksname...)"
+        fi
+        
+       # flock against other interactive activities
+        { flock -s 9; 
+            /bin/plymouth ask-for-password \
+               --prompt "$prompt" \
+               --command="/sbin/cryptsetup luksOpen -T1 $device $luksname"
+        } 9>/.console.lock
+       
+       unset sluksname prompt
+       
+    else
+        # flock against other interactive activities
+        { flock -s 9;
+             echo "$device ($luksname) is password protected"
+             cryptsetup luksOpen -T5 $device $luksname
+        } 9>/.console.lock
+    fi
 fi
 
+unset device luksname
+
 # mark device as asked
 >> /tmp/cryptroot-asked-$2
 
+udevsettle
+
 exit 0
 # vim:ts=8:sw=4:sts=4:et