From c70f6415f8df27565540a1ec1b3a65c09ce3253b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Rudy?= Date: Tue, 7 Jun 2011 20:22:51 +0200 Subject: [PATCH] luks key on ext dev - wait for luks This asks for the luks passphrase if key is not found for defined time (if defined with rd.luks.tout cmd line): modules.d/90crypt/cryptroot-ask.sh | 21 ++++++++++++++++++--- modules.d/90crypt/parse-crypt.sh | 5 +++-- 2 files changed, 21 insertions(+), 5 deletions(-) --- modules.d/90crypt/cryptroot-ask.sh | 21 ++++++++++++++++++--- modules.d/90crypt/parse-crypt.sh | 5 +++-- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh index f8e1bd8..9b8f8c2 100755 --- a/modules.d/90crypt/cryptroot-ask.sh +++ b/modules.d/90crypt/cryptroot-ask.sh @@ -22,6 +22,9 @@ NEWROOT=${NEWROOT:-"/sysroot"} # default luksname - luks-UUID luksname=$2 +# fallback to passphrase +ask_passphrase=1 + # if device name is /dev/dm-X, convert to /dev/mapper/name if [ "${1##/dev/dm-}" != "$1" ]; then device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")" @@ -63,12 +66,21 @@ fi info "luksOpen $device $luksname" -if [ -n "$(getarg rd.luks.key)" ]; then +while [ -n "$(getarg rd.luks.key)" ]; do if tmp=$(getkey /tmp/luks.keys $device); then keydev="${tmp%%:*}" keypath="${tmp#*:}" else - info "No key found for $device. Will try later." + if [ $# -eq 3 ]; then + if [ $3 -eq 0 ]; then + info "No key found for $device. Fallback to passphrase mode." + break + fi + info "No key found for $device. Will try $3 time(s) more later." + set -- "$1" "$2" "$(($3 - 1))" + else + info "No key found for $device. Will try later." + fi initqueue --unique --onetime --settled \ --name cryptroot-ask-$luksname \ $(command -v cryptroot-ask) "$@" @@ -80,7 +92,10 @@ if [ -n "$(getarg rd.luks.key)" ]; then readkey "$keypath" "$keydev" "$device" \ | cryptsetup -d - luksOpen "$device" "$luksname" unset keypath keydev -else + ask_passphrase=0 + break +done +if [ $ask_passphrase -ne 0 ]; then luks_open="$(command -v cryptsetup) luksOpen" ask_for_password --ply-tries 5 \ --ply-cmd "$luks_open -T1 $device $luksname" \ diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh index 7ec232a..c76fb23 100755 --- a/modules.d/90crypt/parse-crypt.sh +++ b/modules.d/90crypt/parse-crypt.sh @@ -11,6 +11,7 @@ else } > /etc/udev/rules.d/70-luks.rules.new LUKS=$(getargs rd.luks.uuid rd_LUKS_UUID) + tout=$(getarg rd.luks.tout) if [ -n "$LUKS" ]; then for luksid in $LUKS; do @@ -20,7 +21,7 @@ else printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid printf -- 'RUN+="%s --unique --onetime ' $(command -v initqueue) printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask) - printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID}"\n' + printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout } >> /etc/udev/rules.d/70-luks.rules.new printf -- '[ -e /dev/disk/by-uuid/*%s* ]\n' $luksid \ @@ -34,7 +35,7 @@ else { printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue) printf -- '--unique --onetime --name cryptroot-ask-%%k ' - printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $(command -v cryptroot-ask) + printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout } >> /etc/udev/rules.d/70-luks.rules.new fi