|
Harald Hoyer |
afa7aa |
From bf5c53a33f36d15a87297d4492624d137c3cd9fa Mon Sep 17 00:00:00 2001
|
|
Harald Hoyer |
afa7aa |
From: Harald Hoyer <harald@hoyer.xyz>
|
|
Harald Hoyer |
afa7aa |
Date: Mon, 9 Oct 2017 12:51:29 +0200
|
|
Harald Hoyer |
afa7aa |
Subject: [PATCH] Merge pull request #290 from privb0x23/luks-detached
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
Add basic LUKS detached header support
|
|
Harald Hoyer |
afa7aa |
---
|
|
Harald Hoyer |
afa7aa |
modules.d/90crypt/cryptroot-ask.sh | 20 ++++++++++++++++-
|
|
Harald Hoyer |
afa7aa |
modules.d/90crypt/module-setup.sh | 46 ++++++++++++++++++++++++++++++--------
|
|
Harald Hoyer |
afa7aa |
modules.d/90crypt/parse-crypt.sh | 33 ++++++++++++++++++++++++++-
|
|
Harald Hoyer |
afa7aa |
3 files changed, 88 insertions(+), 11 deletions(-)
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh
|
|
Harald Hoyer |
afa7aa |
index 5b513638..9f635eb3 100755
|
|
Harald Hoyer |
afa7aa |
--- a/modules.d/90crypt/cryptroot-ask.sh
|
|
Harald Hoyer |
afa7aa |
+++ b/modules.d/90crypt/cryptroot-ask.sh
|
|
Harald Hoyer |
afa7aa |
@@ -29,13 +29,27 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; t
|
|
Harald Hoyer |
afa7aa |
continue
|
|
Harald Hoyer |
afa7aa |
fi
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
+ # PARTUUID used in crypttab
|
|
Harald Hoyer |
afa7aa |
+ if [ "${dev%%=*}" = "PARTUUID" ]; then
|
|
Harald Hoyer |
afa7aa |
+ if [ "luks-${dev##PARTUUID=}" = "$luksname" ]; then
|
|
Harald Hoyer |
afa7aa |
+ luksname="$name"
|
|
Harald Hoyer |
afa7aa |
+ break
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
# UUID used in crypttab
|
|
Harald Hoyer |
afa7aa |
- if [ "${dev%%=*}" = "UUID" ]; then
|
|
Harald Hoyer |
afa7aa |
+ elif [ "${dev%%=*}" = "UUID" ]; then
|
|
Harald Hoyer |
afa7aa |
if [ "luks-${dev##UUID=}" = "$luksname" ]; then
|
|
Harald Hoyer |
afa7aa |
luksname="$name"
|
|
Harald Hoyer |
afa7aa |
break
|
|
Harald Hoyer |
afa7aa |
fi
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
+ # ID used in crypttab
|
|
Harald Hoyer |
afa7aa |
+ elif [ "${dev%%=*}" = "ID" ]; then
|
|
Harald Hoyer |
afa7aa |
+ if [ "luks-${dev##ID=}" = "$luksname" ]; then
|
|
Harald Hoyer |
afa7aa |
+ luksname="$name"
|
|
Harald Hoyer |
afa7aa |
+ break
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
# path used in crypttab
|
|
Harald Hoyer |
afa7aa |
else
|
|
Harald Hoyer |
afa7aa |
cdev=$(readlink -f $dev)
|
|
Harald Hoyer |
afa7aa |
@@ -88,6 +102,10 @@ while [ $# -gt 0 ]; do
|
|
Harald Hoyer |
afa7aa |
;;
|
|
Harald Hoyer |
afa7aa |
allow-discards)
|
|
Harald Hoyer |
afa7aa |
allowdiscards="--allow-discards"
|
|
Harald Hoyer |
afa7aa |
+ ;;
|
|
Harald Hoyer |
afa7aa |
+ header=*)
|
|
Harald Hoyer |
afa7aa |
+ cryptsetupopts="${cryptsetupopts} --${1}"
|
|
Harald Hoyer |
afa7aa |
+ ;;
|
|
Harald Hoyer |
afa7aa |
esac
|
|
Harald Hoyer |
afa7aa |
shift
|
|
Harald Hoyer |
afa7aa |
done
|
|
Harald Hoyer |
afa7aa |
diff --git a/modules.d/90crypt/module-setup.sh b/modules.d/90crypt/module-setup.sh
|
|
Harald Hoyer |
afa7aa |
index 9c1be998..69aceaab 100755
|
|
Harald Hoyer |
afa7aa |
--- a/modules.d/90crypt/module-setup.sh
|
|
Harald Hoyer |
afa7aa |
+++ b/modules.d/90crypt/module-setup.sh
|
|
Harald Hoyer |
afa7aa |
@@ -68,22 +68,50 @@ install() {
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
if [[ $hostonly ]] && [[ -f /etc/crypttab ]]; then
|
|
Harald Hoyer |
afa7aa |
# filter /etc/crypttab for the devices we need
|
|
Harald Hoyer |
afa7aa |
- while read _mapper _dev _rest || [ -n "$_mapper" ]; do
|
|
Harald Hoyer |
afa7aa |
+ while read _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
|
|
Harald Hoyer |
afa7aa |
[[ $_mapper = \#* ]] && continue
|
|
Harald Hoyer |
afa7aa |
[[ $_dev ]] || continue
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
+ [[ $_dev == PARTUUID=* ]] && \
|
|
Harald Hoyer |
afa7aa |
+ _dev="/dev/disk/by-partuuid/${_dev#PARTUUID=}"
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
[[ $_dev == UUID=* ]] && \
|
|
Harald Hoyer |
afa7aa |
_dev="/dev/disk/by-uuid/${_dev#UUID=}"
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
- echo "$_dev $(blkid $_dev -s UUID -o value)" > /usr/lib/dracut/modules.d/90crypt/block_uuid.map
|
|
Harald Hoyer |
afa7aa |
-
|
|
Harald Hoyer |
afa7aa |
- for _hdev in "${!host_fs_types[@]}"; do
|
|
Harald Hoyer |
afa7aa |
- [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
|
|
Harald Hoyer |
afa7aa |
- if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
|
|
Harald Hoyer |
afa7aa |
- echo "$_mapper $_dev $_rest"
|
|
Harald Hoyer |
afa7aa |
- break
|
|
Harald Hoyer |
afa7aa |
- fi
|
|
Harald Hoyer |
afa7aa |
+ [[ $_dev == ID=* ]] && \
|
|
Harald Hoyer |
afa7aa |
+ _dev="/dev/disk/by-id/${_dev#ID=}"
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ echo "$_dev $(blkid $_dev -s UUID -o value)" >> /usr/lib/dracut/modules.d/90crypt/block_uuid.map
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ # loop through the options to check for the force option
|
|
Harald Hoyer |
afa7aa |
+ luksoptions=${_luksoptions}
|
|
Harald Hoyer |
afa7aa |
+ OLD_IFS="${IFS}"
|
|
Harald Hoyer |
afa7aa |
+ IFS=,
|
|
Harald Hoyer |
afa7aa |
+ set -- ${luksoptions}
|
|
Harald Hoyer |
afa7aa |
+ IFS="${OLD_IFS}"
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ while [ $# -gt 0 ]; do
|
|
Harald Hoyer |
afa7aa |
+ case $1 in
|
|
Harald Hoyer |
afa7aa |
+ force)
|
|
Harald Hoyer |
afa7aa |
+ forceentry="yes"
|
|
Harald Hoyer |
afa7aa |
+ break
|
|
Harald Hoyer |
afa7aa |
+ ;;
|
|
Harald Hoyer |
afa7aa |
+ esac
|
|
Harald Hoyer |
afa7aa |
+ shift
|
|
Harald Hoyer |
afa7aa |
done
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ # include the entry regardless
|
|
Harald Hoyer |
afa7aa |
+ if [ "${forceentry}" = "yes" ]; then
|
|
Harald Hoyer |
afa7aa |
+ echo "$_mapper $_dev $_luksfile $_luksoptions"
|
|
Harald Hoyer |
afa7aa |
+ else
|
|
Harald Hoyer |
afa7aa |
+ for _hdev in "${!host_fs_types[@]}"; do
|
|
Harald Hoyer |
afa7aa |
+ [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
|
|
Harald Hoyer |
afa7aa |
+ if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
|
|
Harald Hoyer |
afa7aa |
+ echo "$_mapper $_dev $_luksfile $_luksoptions"
|
|
Harald Hoyer |
afa7aa |
+ break
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
+ done
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
done < /etc/crypttab > $initdir/etc/crypttab
|
|
Harald Hoyer |
afa7aa |
mark_hostonly /etc/crypttab
|
|
Harald Hoyer |
afa7aa |
fi
|
|
Harald Hoyer |
afa7aa |
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
|
|
Harald Hoyer |
afa7aa |
index 8a0db02b..f0a4fba9 100755
|
|
Harald Hoyer |
afa7aa |
--- a/modules.d/90crypt/parse-crypt.sh
|
|
Harald Hoyer |
afa7aa |
+++ b/modules.d/90crypt/parse-crypt.sh
|
|
Harald Hoyer |
afa7aa |
@@ -35,6 +35,7 @@ else
|
|
Harald Hoyer |
afa7aa |
echo 'ACTION!="add|change", GOTO="luks_end"'
|
|
Harald Hoyer |
afa7aa |
} > /etc/udev/rules.d/70-luks.rules.new
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
+ SERIAL=$(getargs rd.luks.serial -d rd_LUKS_SERIAL)
|
|
Harald Hoyer |
afa7aa |
LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID)
|
|
Harald Hoyer |
afa7aa |
tout=$(getarg rd.luks.key.tout)
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
@@ -44,7 +45,37 @@ else
|
|
Harald Hoyer |
afa7aa |
done < /etc/crypttab
|
|
Harald Hoyer |
afa7aa |
fi
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
- if [ -n "$LUKS" ]; then
|
|
Harald Hoyer |
afa7aa |
+ if [ -n "$SERIAL" ]; then
|
|
Harald Hoyer |
afa7aa |
+ for serialid in $SERIAL; do
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ serialid=${serialid##luks-}
|
|
Harald Hoyer |
afa7aa |
+ if luksname=$(_cryptgetargsname "rd.luks.name=$serialid="); then
|
|
Harald Hoyer |
afa7aa |
+ luksname="${luksname#$serialid=}"
|
|
Harald Hoyer |
afa7aa |
+ else
|
|
Harald Hoyer |
afa7aa |
+ luksname="luks-$serialid"
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ if [ -z "$DRACUT_SYSTEMD" ]; then
|
|
Harald Hoyer |
afa7aa |
+ {
|
|
Harald Hoyer |
afa7aa |
+ printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
|
|
Harald Hoyer |
afa7aa |
+ printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
|
|
Harald Hoyer |
afa7aa |
+ printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
|
|
Harald Hoyer |
afa7aa |
+ printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
|
|
Harald Hoyer |
afa7aa |
+ } >> /etc/udev/rules.d/70-luks.rules.new
|
|
Harald Hoyer |
afa7aa |
+ else
|
|
Harald Hoyer |
afa7aa |
+ luksname=$(dev_unit_name "$luksname")
|
|
Harald Hoyer |
afa7aa |
+ if ! crypttab_contains "$serialid"; then
|
|
Harald Hoyer |
afa7aa |
+ {
|
|
Harald Hoyer |
afa7aa |
+ printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
|
|
Harald Hoyer |
afa7aa |
+ printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
|
|
Harald Hoyer |
afa7aa |
+ printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
|
|
Harald Hoyer |
afa7aa |
+ printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
|
|
Harald Hoyer |
afa7aa |
+ } >> /etc/udev/rules.d/70-luks.rules.new
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
+ fi
|
|
Harald Hoyer |
afa7aa |
+ done
|
|
Harald Hoyer |
afa7aa |
+
|
|
Harald Hoyer |
afa7aa |
+ elif [ -n "$LUKS" ]; then
|
|
Harald Hoyer |
afa7aa |
for luksid in $LUKS; do
|
|
Harald Hoyer |
afa7aa |
|
|
Harald Hoyer |
afa7aa |
luksid=${luksid##luks-}
|
|
Harald Hoyer |
afa7aa |
|