|
 |
8e132f |
From 7d19c76bfc9a7b569a1077d1e5673a28bf31606f Mon Sep 17 00:00:00 2001
|
|
|
8e132f |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
8e132f |
Date: Tue, 6 Mar 2018 13:59:34 +0100
|
|
|
8e132f |
Subject: [PATCH] Don't execute clevis-luks-unlock while loop in a subshell
|
|
|
8e132f |
|
|
|
8e132f |
The loop that tries to open the dm-crypt devices using the pins in the
|
|
|
8e132f |
luksmeta header is executed in a subshell. So on success it calls exit
|
|
|
8e132f |
to exit the subshell.
|
|
|
8e132f |
|
|
|
8e132f |
But then clevis-luks-unlock has no way to know if the encrypted device
|
|
|
8e132f |
was opened correctly or not. So run the loop in the main shell process
|
|
|
8e132f |
and return 0 as exit status if the operation was successful.
|
|
|
8e132f |
|
|
|
8e132f |
Fixes: #36
|
|
|
8e132f |
|
|
|
8e132f |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
8e132f |
---
|
|
|
8e132f |
src/clevis-luks-unlock | 4 ++--
|
|
|
8e132f |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
8e132f |
|
|
|
8e132f |
diff --git a/src/clevis-luks-unlock b/src/clevis-luks-unlock
|
|
|
8e132f |
index 6396680..7d316cd 100755
|
|
|
8e132f |
--- a/src/clevis-luks-unlock
|
|
|
8e132f |
+++ b/src/clevis-luks-unlock
|
|
|
8e132f |
@@ -54,7 +54,7 @@ fi
|
|
|
8e132f |
|
|
|
8e132f |
NAME=${NAME:-luks-`cryptsetup luksUUID $DEV`}
|
|
|
8e132f |
|
|
|
8e132f |
-luksmeta show -d "$DEV" | while read -r slot state uuid; do
|
|
|
8e132f |
+while read -r slot state uuid; do
|
|
|
8e132f |
[ "$state" != "active" ] && continue
|
|
|
8e132f |
[ "$uuid" != "$UUID" ] && continue
|
|
|
8e132f |
|
|
|
8e132f |
@@ -62,6 +62,6 @@ luksmeta show -d "$DEV" | while read -r slot state uuid; do
|
|
|
8e132f |
echo -n "$pt" | cryptsetup open -d- "$DEV" "$NAME"
|
|
|
8e132f |
exit 0
|
|
|
8e132f |
fi
|
|
|
8e132f |
-done
|
|
|
8e132f |
+done <<< "$(luksmeta show -d "$DEV")"
|
|
|
8e132f |
|
|
|
8e132f |
exit 1
|
|
|
8e132f |
--
|
|
|
8e132f |
2.17.1
|
|
|
8e132f |
|