From 9cb1c4df7b9ce1a9ad1312621b0f2b16a94fba3a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 3 Jun 2024 15:54:25 +0200 Subject: Adding upstream version 060+5. Signed-off-by: Daniel Baumann --- modules.d/91crypt-loop/crypt-loop-lib.sh | 40 ++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100755 modules.d/91crypt-loop/crypt-loop-lib.sh (limited to 'modules.d/91crypt-loop/crypt-loop-lib.sh') diff --git a/modules.d/91crypt-loop/crypt-loop-lib.sh b/modules.d/91crypt-loop/crypt-loop-lib.sh new file mode 100755 index 0000000..7db82e2 --- /dev/null +++ b/modules.d/91crypt-loop/crypt-loop-lib.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +command -v ask_for_password > /dev/null || . /lib/dracut-crypt-lib.sh + +# loop_decrypt mnt_point keypath keydev device +# +# Decrypts symmetrically encrypted key to standard output. +# +# mnt_point - mount point where is already mounted +# keypath - LUKS encrypted loop file path relative to +# keydev - device on which key resides; only to display in prompt +# device - device to be opened by cryptsetup; only to display in prompt +loop_decrypt() { + local mntp="$1" + local keypath="$2" + local keydev="$3" + local device="$4" + local key + + key="/dev/mapper/$(str_replace "loop-$keydev-$mntp-$keypath" '/' '-')" + + if [ ! -b "$key" ]; then + local loopdev + local opts + loopdev=$(losetup -f "${mntp}/${keypath}" --show) + opts="-d - luksOpen $loopdev ${key##*/}" + + ask_for_password \ + --cmd "cryptsetup $opts" \ + --prompt "Password ($keypath on $keydev for $device)" \ + --tty-echo-off + + [ -b "$key" ] || die "Failed to unlock $keypath on $keydev for $device." + + printf "%s\n" "cryptsetup luksClose \"$key\"" > "${hookdir}/cleanup/crypt-loop-cleanup-10-${key##*/}.sh" + printf "%s\n" "losetup -d \"$loopdev\"" > "${hookdir}/cleanup/crypt-loop-cleanup-20-${loopdev##*/}.sh" + fi + + cat "$key" +} -- cgit v1.2.3