rpms / dracut

Clone
Source Code
GIT

Files

  1.   811c04a7e98a62af7e4e67c0cb7ab4d614820421
  2.   0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch
Blob Blame History Raw 
From f855f9daafe8f5f53c5bf78188587a18e9aca142 Mon Sep 17 00:00:00 2001
From: Leho Kraav <leho@kraav.com>
Date: Tue, 24 Jul 2012 15:08:53 +0300
Subject: [PATCH] 91crypt-loop: open root device with a key inside encrypted
 loop container

---
 modules.d/91crypt-loop/crypt-loop-lib.sh | 40 ++++++++++++++++++++++++++++++++
 modules.d/91crypt-loop/module-setup.sh   | 14 +++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 modules.d/91crypt-loop/crypt-loop-lib.sh
 create mode 100644 modules.d/91crypt-loop/module-setup.sh

diff --git a/modules.d/91crypt-loop/crypt-loop-lib.sh b/modules.d/91crypt-loop/crypt-loop-lib.sh
new file mode 100644
index 0000000..63a553c
--- /dev/null
+++ b/modules.d/91crypt-loop/crypt-loop-lib.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=4 sw=4 sts=0 et filetype=sh
+
+command -v ask_for_password >/dev/null || . /lib/dracut-crypt-lib.sh
+
+# loop_decrypt mnt_point keypath keydev device
+#
+# Decrypts symmetrically encrypted key to standard output.
+#
+# mnt_point - mount point where <keydev> is already mounted
+# keypath - LUKS encrypted loop file path relative to <mnt_point>
+# keydev - device on which key resides; only to display in prompt
+# device - device to be opened by cryptsetup; only to display in prompt
+loop_decrypt() {
+    local mntp="$1"
+    local keypath="$2"
+    local keydev="$3"
+    local device="$4"
+
+    local key="/dev/mapper/$(basename $mntp)"
+
+    if [ ! -b $key ]; then
+        info "Keyfile has .img suffix, treating it as LUKS-encrypted loop keyfile container to unlock $device"
+
+        local loopdev=$(losetup -f "${mntp}/${keypath}" --show)
+        local opts="-d - luksOpen $loopdev $(basename $key)"
+
+        ask_for_password \
+            --cmd "cryptsetup $opts" \
+            --prompt "Password ($keypath on $keydev for $device)" \
+            --tty-echo-off
+
+        [ -b $key ] || die "Tried setting it up, but keyfile block device was still not found!" 
+    else
+        info "Existing keyfile found, re-using it for $device"
+    fi
+
+    cat $key
+}
diff --git a/modules.d/91crypt-loop/module-setup.sh b/modules.d/91crypt-loop/module-setup.sh
new file mode 100644
index 0000000..8170694
--- /dev/null
+++ b/modules.d/91crypt-loop/module-setup.sh
@@ -0,0 +1,14 @@
+check() {
+	type -P losetup >/dev/null || return 1
+	
+	return 255
+}
+
+depends() {
+	echo crypt
+}
+
+install() {
+	dracut_install losetup
+	inst "$moddir/crypt-loop-lib.sh" "/lib/dracut-crypt-loop-lib.sh"
+}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation