Support root on LUKS (dm-crypt)

Support having root on LUKS with the password prompting handled by plymouth.
This requires ensuring our input is from /dev/console and also requires that
we import vol_id info about all block devices rather than ignoring dm devs
(which is what the persistent storage rules do by default)

diff --git a/generate.sh b/generate.sh
index a70962d1cd6c242bac89d41d7d4e918f59acbb5e..3c3160f9b929351b7191c3c9807df7981b1bb1ed 100755 (executable)
--- a/generate.sh
+++ b/generate.sh
@@ -15,21 +15,22 @@ fi
 tmpdir=$(mktemp -d)
 
 # executables that we have to have
-exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep"
+exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep /bin/echo"
 lvmexe="/sbin/lvm"
+cryptexe="/sbin/cryptsetup"
 # and some things that are nice for debugging
 debugexe="/bin/ls /bin/cat /bin/ln /bin/ps /bin/grep /usr/bin/less"
 # udev things we care about
 udevexe="/lib/udev/vol_id"
 
 # install base files
-for binary in $exe $debugexe $udevexe $lvmexe ; do
+for binary in $exe $debugexe $udevexe $lvmexe $cryptexe ; do
   inst $binary $tmpdir
 done
 
 # FIXME: would be nice if we didn't have to know which rules to grab....
 mkdir -p $tmpdir/lib/udev/rules.d
-for rule in /lib/udev/rules.d/40-redhat* /lib/udev/rules.d/60-persistent-storage.rules /lib/udev/rules.d/61*edd* /lib/udev/rules.d/64* /lib/udev/rules.d/80* /lib/udev/rules.d/95* rules.d/*.rules ; do
+for rule in /lib/udev/rules.d/40-redhat* /lib/udev/rules.d/50* /lib/udev/rules.d/60-persistent-storage.rules /lib/udev/rules.d/61*edd* /lib/udev/rules.d/64* /lib/udev/rules.d/80* /lib/udev/rules.d/95* rules.d/*.rules ; do
   cp -v $rule $tmpdir/lib/udev/rules.d
 done
 

diff --git a/init b/init
index 615dfc3b761210e87ed3281bb2a52f885130377a..42fb527177c8c622c099efb0d24f58a6e9ccd52e 100755 (executable)
--- a/init
+++ b/init
@@ -21,7 +21,7 @@ export TERM=linux
 
 # /dev/console comes from the built-in initramfs crud in the kernel
 # someday, we may need to mkdir /dev first here
-exec > /dev/console 2>&1
+exec > /dev/console 2>&1 < /dev/console
 
 # mount some important things
 mount -t proc /proc /proc
@@ -29,7 +29,6 @@ mount -t sysfs /sys /sys
 mount -t tmpfs -omode=0755 udev /dev
 
 # FIXME: what device nodes does plymouth really _need_ ?
-mknod /dev/console c 5 1
 mknod /dev/null c 1 3
 mknod /dev/kmsg c 1 11
 mknod /dev/ptmx c 5 2

diff --git a/rules.d/63-luks.rules b/rules.d/63-luks.rules
new file mode 100644 (file)
index 0000000..4c95c5d
--- /dev/null
+++ b/rules.d/63-luks.rules
@@ -0,0 +1,13 @@
+# hacky rules to try to try unlocking dm-crypt devs
+#
+# Copyright 2008, Red Hat, Inc.
+# Jeremy Katz <katzj@redhat.com>
+
+
+SUBSYSTEM!="block", GOTO="luks_end"
+ACTION!="add|change", GOTO="luks_end"
+
+ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/bin/plymouth ask-for-password --command '/sbin/cryptsetup luksOpen $env{DEVNAME} luks-$env{ID_FS_UUID}"
+
+
+LABEL="luks_end"

diff --git a/rules.d/64-lvm.rules b/rules.d/64-lvm.rules
index 0031c08a8e92682bbfba5bc9e933da6fe2978c4d..886d1b96dfe10e2037d3ffa63115cbfb877fe80e 100644 (file)
--- a/rules.d/64-lvm.rules
+++ b/rules.d/64-lvm.rules
@@ -7,6 +7,7 @@
 SUBSYSTEM!="block", GOTO="lvm_end"
 ACTION!="add|change", GOTO="lvm_end"
 
+KERNEL!="sr*", IMPORT{program}="vol_id --export $tempnode"
 ENV{ID_FS_TYPE}=="LVM2_member", RUN+="/sbin/lvm vgchange -ay"