Blame 0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch

Harald Hoyer 12f6cc
From f855f9daafe8f5f53c5bf78188587a18e9aca142 Mon Sep 17 00:00:00 2001
Harald Hoyer 12f6cc
From: Leho Kraav <leho@kraav.com>
Harald Hoyer 12f6cc
Date: Tue, 24 Jul 2012 15:08:53 +0300
Harald Hoyer 12f6cc
Subject: [PATCH] 91crypt-loop: open root device with a key inside encrypted
Harald Hoyer 12f6cc
 loop container
Harald Hoyer 12f6cc
Harald Hoyer 12f6cc
---
Harald Hoyer 12f6cc
 modules.d/91crypt-loop/crypt-loop-lib.sh | 40 ++++++++++++++++++++++++++++++++
Harald Hoyer 12f6cc
 modules.d/91crypt-loop/module-setup.sh   | 14 +++++++++++
Harald Hoyer 12f6cc
 2 files changed, 54 insertions(+)
Harald Hoyer 12f6cc
 create mode 100644 modules.d/91crypt-loop/crypt-loop-lib.sh
Harald Hoyer 12f6cc
 create mode 100644 modules.d/91crypt-loop/module-setup.sh
Harald Hoyer 12f6cc
Harald Hoyer 12f6cc
diff --git a/modules.d/91crypt-loop/crypt-loop-lib.sh b/modules.d/91crypt-loop/crypt-loop-lib.sh
Harald Hoyer 12f6cc
new file mode 100644
Harald Hoyer 12f6cc
index 0000000..63a553c
Harald Hoyer 12f6cc
--- /dev/null
Harald Hoyer 12f6cc
+++ b/modules.d/91crypt-loop/crypt-loop-lib.sh
Harald Hoyer 12f6cc
@@ -0,0 +1,40 @@
Harald Hoyer 12f6cc
+#!/bin/sh
Harald Hoyer 12f6cc
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
Harald Hoyer 12f6cc
+# ex: ts=4 sw=4 sts=0 et filetype=sh
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+command -v ask_for_password >/dev/null || . /lib/dracut-crypt-lib.sh
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+# loop_decrypt mnt_point keypath keydev device
Harald Hoyer 12f6cc
+#
Harald Hoyer 12f6cc
+# Decrypts symmetrically encrypted key to standard output.
Harald Hoyer 12f6cc
+#
Harald Hoyer 12f6cc
+# mnt_point - mount point where <keydev> is already mounted
Harald Hoyer 12f6cc
+# keypath - LUKS encrypted loop file path relative to <mnt_point>
Harald Hoyer 12f6cc
+# keydev - device on which key resides; only to display in prompt
Harald Hoyer 12f6cc
+# device - device to be opened by cryptsetup; only to display in prompt
Harald Hoyer 12f6cc
+loop_decrypt() {
Harald Hoyer 12f6cc
+    local mntp="$1"
Harald Hoyer 12f6cc
+    local keypath="$2"
Harald Hoyer 12f6cc
+    local keydev="$3"
Harald Hoyer 12f6cc
+    local device="$4"
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+    local key="/dev/mapper/$(basename $mntp)"
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+    if [ ! -b $key ]; then
Harald Hoyer 12f6cc
+        info "Keyfile has .img suffix, treating it as LUKS-encrypted loop keyfile container to unlock $device"
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+        local loopdev=$(losetup -f "${mntp}/${keypath}" --show)
Harald Hoyer 12f6cc
+        local opts="-d - luksOpen $loopdev $(basename $key)"
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+        ask_for_password \
Harald Hoyer 12f6cc
+            --cmd "cryptsetup $opts" \
Harald Hoyer 12f6cc
+            --prompt "Password ($keypath on $keydev for $device)" \
Harald Hoyer 12f6cc
+            --tty-echo-off
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+        [ -b $key ] || die "Tried setting it up, but keyfile block device was still not found!" 
Harald Hoyer 12f6cc
+    else
Harald Hoyer 12f6cc
+        info "Existing keyfile found, re-using it for $device"
Harald Hoyer 12f6cc
+    fi
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+    cat $key
Harald Hoyer 12f6cc
+}
Harald Hoyer 12f6cc
diff --git a/modules.d/91crypt-loop/module-setup.sh b/modules.d/91crypt-loop/module-setup.sh
Harald Hoyer 12f6cc
new file mode 100644
Harald Hoyer 12f6cc
index 0000000..8170694
Harald Hoyer 12f6cc
--- /dev/null
Harald Hoyer 12f6cc
+++ b/modules.d/91crypt-loop/module-setup.sh
Harald Hoyer 12f6cc
@@ -0,0 +1,14 @@
Harald Hoyer 12f6cc
+check() {
Harald Hoyer 12f6cc
+	type -P losetup >/dev/null || return 1
Harald Hoyer 12f6cc
+	
Harald Hoyer 12f6cc
+	return 255
Harald Hoyer 12f6cc
+}
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+depends() {
Harald Hoyer 12f6cc
+	echo crypt
Harald Hoyer 12f6cc
+}
Harald Hoyer 12f6cc
+
Harald Hoyer 12f6cc
+install() {
Harald Hoyer 12f6cc
+	dracut_install losetup
Harald Hoyer 12f6cc
+	inst "$moddir/crypt-loop-lib.sh" "/lib/dracut-crypt-loop-lib.sh"
Harald Hoyer 12f6cc
+}