From: Jeremy Katz Date: Tue, 16 Dec 2008 19:21:08 +0000 (-0500) Subject: Support root on LUKS (dm-crypt) X-Git-Tag: 0.1~513 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eb25ff7a278ad159284319660e374b5818af80e6;p=thirdparty%2Fdracut.git Support root on LUKS (dm-crypt) Support having root on LUKS with the password prompting handled by plymouth. This requires ensuring our input is from /dev/console and also requires that we import vol_id info about all block devices rather than ignoring dm devs (which is what the persistent storage rules do by default) --- diff --git a/generate.sh b/generate.sh index a70962d1c..3c3160f9b 100755 --- a/generate.sh +++ b/generate.sh @@ -15,21 +15,22 @@ fi tmpdir=$(mktemp -d) # executables that we have to have -exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep" +exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep /bin/echo" lvmexe="/sbin/lvm" +cryptexe="/sbin/cryptsetup" # and some things that are nice for debugging debugexe="/bin/ls /bin/cat /bin/ln /bin/ps /bin/grep /usr/bin/less" # udev things we care about udevexe="/lib/udev/vol_id" # install base files -for binary in $exe $debugexe $udevexe $lvmexe ; do +for binary in $exe $debugexe $udevexe $lvmexe $cryptexe ; do inst $binary $tmpdir done # FIXME: would be nice if we didn't have to know which rules to grab.... mkdir -p $tmpdir/lib/udev/rules.d -for rule in /lib/udev/rules.d/40-redhat* /lib/udev/rules.d/60-persistent-storage.rules /lib/udev/rules.d/61*edd* /lib/udev/rules.d/64* /lib/udev/rules.d/80* /lib/udev/rules.d/95* rules.d/*.rules ; do +for rule in /lib/udev/rules.d/40-redhat* /lib/udev/rules.d/50* /lib/udev/rules.d/60-persistent-storage.rules /lib/udev/rules.d/61*edd* /lib/udev/rules.d/64* /lib/udev/rules.d/80* /lib/udev/rules.d/95* rules.d/*.rules ; do cp -v $rule $tmpdir/lib/udev/rules.d done diff --git a/init b/init index 615dfc3b7..42fb52717 100755 --- a/init +++ b/init @@ -21,7 +21,7 @@ export TERM=linux # /dev/console comes from the built-in initramfs crud in the kernel # someday, we may need to mkdir /dev first here -exec > /dev/console 2>&1 +exec > /dev/console 2>&1 < /dev/console # mount some important things mount -t proc /proc /proc @@ -29,7 +29,6 @@ mount -t sysfs /sys /sys mount -t tmpfs -omode=0755 udev /dev # FIXME: what device nodes does plymouth really _need_ ? -mknod /dev/console c 5 1 mknod /dev/null c 1 3 mknod /dev/kmsg c 1 11 mknod /dev/ptmx c 5 2 diff --git a/rules.d/63-luks.rules b/rules.d/63-luks.rules new file mode 100644 index 000000000..4c95c5d04 --- /dev/null +++ b/rules.d/63-luks.rules @@ -0,0 +1,13 @@ +# hacky rules to try to try unlocking dm-crypt devs +# +# Copyright 2008, Red Hat, Inc. +# Jeremy Katz + + +SUBSYSTEM!="block", GOTO="luks_end" +ACTION!="add|change", GOTO="luks_end" + +ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/bin/plymouth ask-for-password --command '/sbin/cryptsetup luksOpen $env{DEVNAME} luks-$env{ID_FS_UUID}" + + +LABEL="luks_end" diff --git a/rules.d/64-lvm.rules b/rules.d/64-lvm.rules index 0031c08a8..886d1b96d 100644 --- a/rules.d/64-lvm.rules +++ b/rules.d/64-lvm.rules @@ -7,6 +7,7 @@ SUBSYSTEM!="block", GOTO="lvm_end" ACTION!="add|change", GOTO="lvm_end" +KERNEL!="sr*", IMPORT{program}="vol_id --export $tempnode" ENV{ID_FS_TYPE}=="LVM2_member", RUN+="/sbin/lvm vgchange -ay"