* [PATCH 2/2] luks key on ext dev - wait for luks
@ 2011-06-07 18:22 Przemysław Rudy
2011-08-18 15:57 ` Przemek Rudy
0 siblings, 1 reply; 6+ messages in thread
From: Przemysław Rudy @ 2011-06-07 18:22 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
This asks for the luks passphrase if key is not found for defined time (if defined with rd.luks.tout cmd line):
modules.d/90crypt/cryptroot-ask.sh | 21 ++++++++++++++++++---
modules.d/90crypt/parse-crypt.sh | 5 +++--
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh
index f8e1bd8..9b8f8c2 100755
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@@ -22,6 +22,9 @@ NEWROOT=${NEWROOT:-"/sysroot"}
# default luksname - luks-UUID
luksname=$2
+# fallback to passphrase
+ask_passphrase=1
+
# if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
@@ -63,12 +66,21 @@ fi
info "luksOpen $device $luksname"
-if [ -n "$(getarg rd.luks.key)" ]; then
+while [ -n "$(getarg rd.luks.key)" ]; do
if tmp=$(getkey /tmp/luks.keys $device); then
keydev="${tmp%%:*}"
keypath="${tmp#*:}"
else
- info "No key found for $device. Will try later."
+ if [ $# -eq 3 ]; then
+ if [ $3 -eq 0 ]; then
+ info "No key found for $device. Fallback to passphrase mode."
+ break
+ fi
+ info "No key found for $device. Will try $3 time(s) more later."
+ set -- "$1" "$2" "$(($3 - 1))"
+ else
+ info "No key found for $device. Will try later."
+ fi
initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@"
@@ -80,7 +92,10 @@ if [ -n "$(getarg rd.luks.key)" ]; then
readkey "$keypath" "$keydev" "$device" \
| cryptsetup -d - luksOpen "$device" "$luksname"
unset keypath keydev
-else
+ ask_passphrase=0
+ break
+done
+if [ $ask_passphrase -ne 0 ]; then
luks_open="$(command -v cryptsetup) luksOpen"
ask_for_password --ply-tries 5 \
--ply-cmd "$luks_open -T1 $device $luksname" \
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index 7ec232a..c76fb23 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -11,6 +11,7 @@ else
} > /etc/udev/rules.d/70-luks.rules.new
LUKS=$(getargs rd.luks.uuid rd_LUKS_UUID)
+ tout=$(getarg rd.luks.tout)
if [ -n "$LUKS" ]; then
for luksid in $LUKS; do
@@ -20,7 +21,7 @@ else
printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
printf -- 'RUN+="%s --unique --onetime ' $(command -v initqueue)
printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask)
- printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID}"\n'
+ printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
} >> /etc/udev/rules.d/70-luks.rules.new
printf -- '[ -e /dev/disk/by-uuid/*%s* ]\n' $luksid \
@@ -34,7 +35,7 @@ else
{
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
printf -- '--unique --onetime --name cryptroot-ask-%%k '
- printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $(command -v cryptroot-ask)
+ printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout
} >> /etc/udev/rules.d/70-luks.rules.new
fi
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] luks key on ext dev - wait for luks
2011-06-07 18:22 [PATCH 2/2] luks key on ext dev - wait for luks Przemysław Rudy
@ 2011-08-18 15:57 ` Przemek Rudy
[not found] ` <loom.20110818T175530-594-eS7Uydv5nfjZ+VzJOa5vwg@public.gmane.org>
0 siblings, 1 reply; 6+ messages in thread
From: Przemek Rudy @ 2011-08-18 15:57 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
Any future for those two patches?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] luks key on ext dev - wait for luks
[not found] ` <loom.20110818T175530-594-eS7Uydv5nfjZ+VzJOa5vwg@public.gmane.org>
@ 2011-08-18 16:06 ` Amadeusz Żołnowski
2011-08-21 8:26 ` [PATCH 2/2] crypt: changed cmdline arg name from rd.luks.tout to rd.luks.key.tout Amadeusz Żołnowski
1 sibling, 0 replies; 6+ messages in thread
From: Amadeusz Żołnowski @ 2011-08-18 16:06 UTC (permalink / raw)
To: initramfs
[-- Attachment #1: Type: text/plain, Size: 336 bytes --]
Excerpts from Przemek Rudy's message of 2011-08-18 17:57:10 +0200:
> Any future for those two patches?
Yes, sure. I'm sorry. I haven't got time and later I have forgotten.
I'll test it soon and probably will be applied.
Regards,
--
Amadeusz Żołnowski
PGP key fpr: C700 CEDE 0C18 212E 49DA 4653 F013 4531 E1DB FAB5
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] crypt: changed cmdline arg name from rd.luks.tout to rd.luks.key.tout
[not found] ` <loom.20110818T175530-594-eS7Uydv5nfjZ+VzJOa5vwg@public.gmane.org>
2011-08-18 16:06 ` Amadeusz Żołnowski
@ 2011-08-21 8:26 ` Amadeusz Żołnowski
[not found] ` <1313915200-13079-1-git-send-email-aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org>
1 sibling, 1 reply; 6+ messages in thread
From: Amadeusz Żołnowski @ 2011-08-21 8:26 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: Amadeusz Żołnowski
---
modules.d/90crypt/parse-crypt.sh | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index c76fb23..ff86700 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -11,7 +11,7 @@ else
} > /etc/udev/rules.d/70-luks.rules.new
LUKS=$(getargs rd.luks.uuid rd_LUKS_UUID)
- tout=$(getarg rd.luks.tout)
+ tout=$(getarg rd.luks.key.tout)
if [ -n "$LUKS" ]; then
for luksid in $LUKS; do
--
1.7.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] crypt: changed cmdline arg name from rd.luks.tout to rd.luks.key.tout
[not found] ` <1313915200-13079-1-git-send-email-aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org>
@ 2011-08-21 8:31 ` Amadeusz Żołnowski
2011-08-25 18:20 ` Przemek Rudy
0 siblings, 1 reply; 6+ messages in thread
From: Amadeusz Żołnowski @ 2011-08-21 8:31 UTC (permalink / raw)
To: initramfs
[-- Attachment #1: Type: text/plain, Size: 199 bytes --]
Hi,
I've tested this patch and it works well. Thank you! I've just moved
'tout' param to luks.key namespace, because it's a timeout for key
discovery, yes?
Cheers,
Amadeusz Żołnowski
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] crypt: changed cmdline arg name from rd.luks.tout to rd.luks.key.tout
2011-08-21 8:31 ` Amadeusz Żołnowski
@ 2011-08-25 18:20 ` Przemek Rudy
0 siblings, 0 replies; 6+ messages in thread
From: Przemek Rudy @ 2011-08-25 18:20 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
Sorry, I replied to PM instead here:
True, it's a timeout param.
Please change the names/code of both (1/2 & 2/2) patches as convenient.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-08-25 18:20 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-07 18:22 [PATCH 2/2] luks key on ext dev - wait for luks Przemysław Rudy
2011-08-18 15:57 ` Przemek Rudy
[not found] ` <loom.20110818T175530-594-eS7Uydv5nfjZ+VzJOa5vwg@public.gmane.org>
2011-08-18 16:06 ` Amadeusz Żołnowski
2011-08-21 8:26 ` [PATCH 2/2] crypt: changed cmdline arg name from rd.luks.tout to rd.luks.key.tout Amadeusz Żołnowski
[not found] ` <1313915200-13079-1-git-send-email-aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org>
2011-08-21 8:31 ` Amadeusz Żołnowski
2011-08-25 18:20 ` Przemek Rudy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox