diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-03 13:54:25 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-03 13:54:25 +0000 |
| commit | 9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a (patch) | |
| tree | 2efb72864cc69e174c9c5ee33efb88a5f1553b48 /modules.d/91crypt-loop | |
| parent | Initial commit. (diff) | |
| download | dracut-9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a.tar.xz dracut-9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a.zip | |
Adding upstream version 060+5.upstream/060+5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules.d/91crypt-loop')
| -rwxr-xr-x | modules.d/91crypt-loop/crypt-loop-lib.sh | 40 | ||||
| -rwxr-xr-x | modules.d/91crypt-loop/module-setup.sh | 25 |
2 files changed, 65 insertions, 0 deletions
diff --git a/modules.d/91crypt-loop/crypt-loop-lib.sh b/modules.d/91crypt-loop/crypt-loop-lib.sh new file mode 100755 index 0000000..7db82e2 --- /dev/null +++ b/modules.d/91crypt-loop/crypt-loop-lib.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +command -v ask_for_password > /dev/null || . /lib/dracut-crypt-lib.sh + +# loop_decrypt mnt_point keypath keydev device +# +# Decrypts symmetrically encrypted key to standard output. +# +# mnt_point - mount point where <keydev> is already mounted +# keypath - LUKS encrypted loop file path relative to <mnt_point> +# keydev - device on which key resides; only to display in prompt +# device - device to be opened by cryptsetup; only to display in prompt +loop_decrypt() { + local mntp="$1" + local keypath="$2" + local keydev="$3" + local device="$4" + local key + + key="/dev/mapper/$(str_replace "loop-$keydev-$mntp-$keypath" '/' '-')" + + if [ ! -b "$key" ]; then + local loopdev + local opts + loopdev=$(losetup -f "${mntp}/${keypath}" --show) + opts="-d - luksOpen $loopdev ${key##*/}" + + ask_for_password \ + --cmd "cryptsetup $opts" \ + --prompt "Password ($keypath on $keydev for $device)" \ + --tty-echo-off + + [ -b "$key" ] || die "Failed to unlock $keypath on $keydev for $device." + + printf "%s\n" "cryptsetup luksClose \"$key\"" > "${hookdir}/cleanup/crypt-loop-cleanup-10-${key##*/}.sh" + printf "%s\n" "losetup -d \"$loopdev\"" > "${hookdir}/cleanup/crypt-loop-cleanup-20-${loopdev##*/}.sh" + fi + + cat "$key" +} diff --git a/modules.d/91crypt-loop/module-setup.sh b/modules.d/91crypt-loop/module-setup.sh new file mode 100755 index 0000000..ff0d501 --- /dev/null +++ b/modules.d/91crypt-loop/module-setup.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# called by dracut +check() { + require_binaries losetup || return 1 + + return 255 +} + +# called by dracut +depends() { + echo crypt +} + +# called by dracut +installkernel() { + hostonly='' instmods loop +} + +# called by dracut +install() { + inst_multiple losetup + inst "$moddir/crypt-loop-lib.sh" "/lib/dracut-crypt-loop-lib.sh" + dracut_need_initqueue +} |