Unlock our encrypted root in a udev rule.

diff --git a/modules.d/90crypt/63-luks.rules b/modules.d/90crypt/63-luks.rules
index 802ea062ed4fd56e3559f3055f0f644c5181cee5..d225f75c9a7cc5ad64756c22fa8025431918b47e 100644 (file)
--- a/modules.d/90crypt/63-luks.rules
+++ b/modules.d/90crypt/63-luks.rules
@@ -8,6 +8,6 @@ SUBSYSTEM!="block", GOTO="luks_end"
 ACTION!="add|change", GOTO="luks_end"
 
 KERNEL!="sr*", IMPORT{program}="vol_id --export $tempnode"
-ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/bin/sh -c 'echo $env{DEVNAME} luks-$env{ID_FS_UUID} >>/cryptroot'"
+ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/bin/cryptroot.sh $env{DEVNAME} luks-$env{ID_FS_UUID}"
 
 LABEL="luks_end"

diff --git a/modules.d/90crypt/cryptroot.sh b/modules.d/90crypt/cryptroot.sh
index d00d5cc1307e8280553b110ee89483c04498e462..21323665f599e827fa6141c02a4061df5bd7b196 100755 (executable)
--- a/modules.d/90crypt/cryptroot.sh
+++ b/modules.d/90crypt/cryptroot.sh
@@ -1,13 +1,4 @@
 #!/bin/sh
-[ -s /cryptroot ] && { 
-    udevadm control --stop_exec_queue
-    while read cryptopts; do
-       (   exec >/dev/console 2>&1 </dev/console
-          set $cryptopts
-          [ -b /dev/mapper/$2 ] || ( /sbin/cryptsetup luksOpen $cryptopts || emergency_shell )
-       )
-    done </cryptroot
-    >/cryptroot
-    udevadm control --start_exec_queue
-    udevadm settle --timeout=30
-}
+exec >/dev/console 2>&1 </dev/console
+[ -b /dev/mapper/$2 ] && exit 0
+/sbin/cryptsetup -T 3 -t 30 luksOpen $1 $2

diff --git a/modules.d/90crypt/install b/modules.d/90crypt/install
index 82f8ffdb43fe6d6ac40e02b484c3e0228d9f02ec..708d5a493e57df4f7081990f9bfded5045308a0a 100755 (executable)
--- a/modules.d/90crypt/install
+++ b/modules.d/90crypt/install
@@ -2,4 +2,4 @@
 inst cryptsetup
 instmods dm_crypt =crypto
 inst_rules "$moddir/63-luks.rules"
-inst_hook mount 10 "$moddir/cryptroot.sh"
\ No newline at end of file
+inst "$moddir/cryptroot.sh" "/bin/cryptroot.sh"
\ No newline at end of file