|
 |
6f5ff5 |
From 2a82ba4040c8dc10dcbe7e2c3ae6646c2778f0b1 Mon Sep 17 00:00:00 2001
|
|
|
6f5ff5 |
From: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
6f5ff5 |
Date: Tue, 16 Jan 2018 13:29:54 -0500
|
|
|
6f5ff5 |
Subject: [PATCH] Retry until success during systemd boot
|
|
|
6f5ff5 |
|
|
|
6f5ff5 |
With dracut, we just try once because we're being called in a loop. But with
|
|
|
6f5ff5 |
systemd, there might be a race condition for network to come up. So when
|
|
|
6f5ff5 |
running under systemd, we loop until success. This should not change the dracut
|
|
|
6f5ff5 |
behavior.
|
|
|
6f5ff5 |
---
|
|
|
6f5ff5 |
src/systemd/clevis-luks-askpass | 66 ++++++++++++++++++++----------
|
|
|
6f5ff5 |
src/systemd/clevis-luks-askpass.service.in | 2 +-
|
|
|
6f5ff5 |
2 files changed, 46 insertions(+), 22 deletions(-)
|
|
|
6f5ff5 |
|
|
|
6f5ff5 |
diff --git a/src/systemd/clevis-luks-askpass b/src/systemd/clevis-luks-askpass
|
|
|
6f5ff5 |
index 2fadd5c..6fe5269 100755
|
|
|
6f5ff5 |
--- a/src/systemd/clevis-luks-askpass
|
|
|
6f5ff5 |
+++ b/src/systemd/clevis-luks-askpass
|
|
|
6f5ff5 |
@@ -23,26 +23,50 @@ UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e
|
|
|
6f5ff5 |
|
|
|
6f5ff5 |
shopt -s nullglob
|
|
|
6f5ff5 |
|
|
|
6f5ff5 |
-for question in /run/systemd/ask-password/ask.*; do
|
|
|
6f5ff5 |
- d=
|
|
|
6f5ff5 |
- s=
|
|
|
6f5ff5 |
-
|
|
|
6f5ff5 |
- while read line; do
|
|
|
6f5ff5 |
- case "$line" in
|
|
|
6f5ff5 |
- Id=cryptsetup:*) d="${line##Id=cryptsetup:}";;
|
|
|
6f5ff5 |
- Socket=*) s="${line##Socket=}";;
|
|
|
6f5ff5 |
- esac
|
|
|
6f5ff5 |
- done < "$question"
|
|
|
6f5ff5 |
-
|
|
|
6f5ff5 |
- [ -z "$d" -o -z "$s" ] && continue
|
|
|
6f5ff5 |
-
|
|
|
6f5ff5 |
- luksmeta show -d "$d" | while read -r slot state uuid; do
|
|
|
6f5ff5 |
- [ "$state" != "active" ] && continue
|
|
|
6f5ff5 |
- [ "$uuid" != "$UUID" ] && continue
|
|
|
6f5ff5 |
-
|
|
|
6f5ff5 |
- if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
|
|
|
6f5ff5 |
- echo -n "+$pt" | nc -U -u --send-only "$s"
|
|
|
6f5ff5 |
- break
|
|
|
6f5ff5 |
- fi
|
|
|
6f5ff5 |
+while getopts ":l" o; do
|
|
|
6f5ff5 |
+ case "$o" in
|
|
|
6f5ff5 |
+ l) loop=true;;
|
|
|
6f5ff5 |
+ esac
|
|
|
6f5ff5 |
+done
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+while true; do
|
|
|
6f5ff5 |
+ todo=0
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ for question in /run/systemd/ask-password/ask.*; do
|
|
|
6f5ff5 |
+ metadata=false
|
|
|
6f5ff5 |
+ unlocked=false
|
|
|
6f5ff5 |
+ d=
|
|
|
6f5ff5 |
+ s=
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ while read line; do
|
|
|
6f5ff5 |
+ case "$line" in
|
|
|
6f5ff5 |
+ Id=cryptsetup:*) d="${line##Id=cryptsetup:}";;
|
|
|
6f5ff5 |
+ Socket=*) s="${line##Socket=}";;
|
|
|
6f5ff5 |
+ esac
|
|
|
6f5ff5 |
+ done < "$question"
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ [ -z "$d" -o -z "$s" ] && continue
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ while read -r slot state uuid; do
|
|
|
6f5ff5 |
+ [ "$state" != "active" ] && continue
|
|
|
6f5ff5 |
+ [ "$uuid" != "$UUID" ] && continue
|
|
|
6f5ff5 |
+ metadata=true
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
|
|
|
6f5ff5 |
+ echo -n "+$pt" | nc -U -u --send-only "$s"
|
|
|
6f5ff5 |
+ unlocked=true
|
|
|
6f5ff5 |
+ break
|
|
|
6f5ff5 |
+ fi
|
|
|
6f5ff5 |
+ done < <(luksmeta show -d "$d")
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ [ $metadata == true ] || continue
|
|
|
6f5ff5 |
+ [ $unlocked == true ] && continue
|
|
|
6f5ff5 |
+ todo=$((todo + 1))
|
|
|
6f5ff5 |
done
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ if [ $todo -eq 0 ] || [ "$loop" != "true" ]; then
|
|
|
6f5ff5 |
+ break;
|
|
|
6f5ff5 |
+ fi
|
|
|
6f5ff5 |
+
|
|
|
6f5ff5 |
+ sleep 0.5
|
|
|
6f5ff5 |
done
|
|
|
6f5ff5 |
diff --git a/src/systemd/clevis-luks-askpass.service.in b/src/systemd/clevis-luks-askpass.service.in
|
|
|
6f5ff5 |
index aa38a5b..2c6bbed 100644
|
|
|
6f5ff5 |
--- a/src/systemd/clevis-luks-askpass.service.in
|
|
|
6f5ff5 |
+++ b/src/systemd/clevis-luks-askpass.service.in
|
|
|
6f5ff5 |
@@ -5,4 +5,4 @@ After=network-online.target
|
|
|
6f5ff5 |
|
|
|
6f5ff5 |
[Service]
|
|
|
6f5ff5 |
Type=oneshot
|
|
|
6f5ff5 |
-ExecStart=@libexecdir@/clevis-luks-askpass
|
|
|
6f5ff5 |
+ExecStart=@libexecdir@/clevis-luks-askpass -l
|
|
|
6f5ff5 |
--
|
|
|
6f5ff5 |
2.14.3
|
|
|
6f5ff5 |
|