diff options
Diffstat (limited to '0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch')
| -rw-r--r-- | 0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch b/0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch new file mode 100644 index 0000000..4f06254 --- /dev/null +++ b/0014-91crypt-loop-open-root-device-with-a-key-inside-encr.patch @@ -0,0 +1,79 @@ +From f855f9daafe8f5f53c5bf78188587a18e9aca142 Mon Sep 17 00:00:00 2001 +From: Leho Kraav <leho@kraav.com> +Date: Tue, 24 Jul 2012 15:08:53 +0300 +Subject: [PATCH] 91crypt-loop: open root device with a key inside encrypted + loop container + +--- + modules.d/91crypt-loop/crypt-loop-lib.sh | 40 ++++++++++++++++++++++++++++++++ + modules.d/91crypt-loop/module-setup.sh | 14 +++++++++++ + 2 files changed, 54 insertions(+) + create mode 100644 modules.d/91crypt-loop/crypt-loop-lib.sh + create mode 100644 modules.d/91crypt-loop/module-setup.sh + +diff --git a/modules.d/91crypt-loop/crypt-loop-lib.sh b/modules.d/91crypt-loop/crypt-loop-lib.sh +new file mode 100644 +index 0000000..63a553c +--- /dev/null ++++ b/modules.d/91crypt-loop/crypt-loop-lib.sh +@@ -0,0 +1,40 @@ ++#!/bin/sh ++# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- ++# ex: ts=4 sw=4 sts=0 et filetype=sh ++ ++command -v ask_for_password >/dev/null || . /lib/dracut-crypt-lib.sh ++ ++# loop_decrypt mnt_point keypath keydev device ++# ++# Decrypts symmetrically encrypted key to standard output. ++# ++# mnt_point - mount point where <keydev> is already mounted ++# keypath - LUKS encrypted loop file path relative to <mnt_point> ++# keydev - device on which key resides; only to display in prompt ++# device - device to be opened by cryptsetup; only to display in prompt ++loop_decrypt() { ++ local mntp="$1" ++ local keypath="$2" ++ local keydev="$3" ++ local device="$4" ++ ++ local key="/dev/mapper/$(basename $mntp)" ++ ++ if [ ! -b $key ]; then ++ info "Keyfile has .img suffix, treating it as LUKS-encrypted loop keyfile container to unlock $device" ++ ++ local loopdev=$(losetup -f "${mntp}/${keypath}" --show) ++ local opts="-d - luksOpen $loopdev $(basename $key)" ++ ++ ask_for_password \ ++ --cmd "cryptsetup $opts" \ ++ --prompt "Password ($keypath on $keydev for $device)" \ ++ --tty-echo-off ++ ++ [ -b $key ] || die "Tried setting it up, but keyfile block device was still not found!" ++ else ++ info "Existing keyfile found, re-using it for $device" ++ fi ++ ++ cat $key ++} +diff --git a/modules.d/91crypt-loop/module-setup.sh b/modules.d/91crypt-loop/module-setup.sh +new file mode 100644 +index 0000000..8170694 +--- /dev/null ++++ b/modules.d/91crypt-loop/module-setup.sh +@@ -0,0 +1,14 @@ ++check() { ++ type -P losetup >/dev/null || return 1 ++ ++ return 255 ++} ++ ++depends() { ++ echo crypt ++} ++ ++install() { ++ dracut_install losetup ++ inst "$moddir/crypt-loop-lib.sh" "/lib/dracut-crypt-loop-lib.sh" ++} |