mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-14 12:20:00 +01:00
Add key option to dracut example.
This commit is contained in:
Milan Broz
@@ -4,6 +4,11 @@ REENC=$(getargs rd_REENCRYPT=)
|
|||||||
REENC_DEV=$(echo $REENC | sed 's/:.*//')
|
REENC_DEV=$(echo $REENC | sed 's/:.*//')
|
||||||
REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')
|
REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')
|
||||||
|
|
||||||
|
REENC_KEY=$(getargs rd_REENCRYPT_KEY=)
|
||||||
|
if [ -z "$REENC_KEY" ] ; then
|
||||||
|
REENC_KEY=none
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "$REENC_DEV" ] ; then
|
if [ -n "$REENC_DEV" ] ; then
|
||||||
{
|
{
|
||||||
printf 'SUBSYSTEM!="block", GOTO="reenc_end"\n'
|
printf 'SUBSYSTEM!="block", GOTO="reenc_end"\n'
|
||||||
@@ -11,7 +16,7 @@ if [ -n "$REENC_DEV" ] ; then
|
|||||||
printf 'KERNEL!="%s", GOTO="reenc_end"\n' $REENC_DEV
|
printf 'KERNEL!="%s", GOTO="reenc_end"\n' $REENC_DEV
|
||||||
printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue \
|
printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue \
|
||||||
--unique --onetime --name crypt-reencrypt-%%k \
|
--unique --onetime --name crypt-reencrypt-%%k \
|
||||||
/sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_SIZE"
|
/sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_KEY $REENC_SIZE"
|
||||||
printf 'LABEL="reenc_end"\n'
|
printf 'LABEL="reenc_end"\n'
|
||||||
} > /etc/udev/rules.d/69-reencryption.rules
|
} > /etc/udev/rules.d/69-reencryption.rules
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -1,4 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# $1=$device [$2=keyfile|none [$3=size]]
|
||||||
|
#
|
||||||
|
|
||||||
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
|
[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
|
||||||
|
|
||||||
@@ -14,18 +17,39 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
PARAMS="$device -T 1 --use-fsync -B 32"
|
PARAMS="$device -T 1 --use-fsync -B 32"
|
||||||
if [ -n "$2" ]; then
|
if [ -n "$3" ]; then
|
||||||
PARAMS="$PARAMS --device-size $2"
|
PARAMS="$PARAMS --device-size $3"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
reenc_readkey() {
|
||||||
|
local keypath="${1#*:}"
|
||||||
|
local keydev="${1%%:*}"
|
||||||
|
|
||||||
|
local mntp=$(mkuniqdir /mnt keydev)
|
||||||
|
mount -r "$keydev" "$mntp" || return
|
||||||
|
cat "$mntp/$keypath"
|
||||||
|
umount "$mntp"
|
||||||
|
rmdir "$mntp"
|
||||||
|
}
|
||||||
|
|
||||||
|
reenc_run() {
|
||||||
|
local cwd=$(pwd)
|
||||||
|
cd /tmp
|
||||||
|
if [ "$1" = "none" ] ; then
|
||||||
|
/bin/plymouth ask-for-password \
|
||||||
|
--prompt "LUKS password for REENCRYPTING $device" \
|
||||||
|
--command="/sbin/cryptsetup-reencrypt $PARAMS"
|
||||||
|
else
|
||||||
|
info "REENCRYPT using key $1"
|
||||||
|
reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
|
||||||
|
fi
|
||||||
|
cd $cwd
|
||||||
|
}
|
||||||
|
|
||||||
info "REENCRYPT $device requested"
|
info "REENCRYPT $device requested"
|
||||||
# flock against other interactive activities
|
# flock against other interactive activities
|
||||||
{ flock -s 9;
|
{ flock -s 9;
|
||||||
CURR=$(pwd)
|
reenc_run $2
|
||||||
cd /tmp
|
|
||||||
/bin/plymouth ask-for-password --prompt "LUKS password for REENCRYPTING $device" \
|
|
||||||
--command="/sbin/cryptsetup-reencrypt $PARAMS"
|
|
||||||
cd $CURR
|
|
||||||
} 9>/.console.lock
|
} 9>/.console.lock
|
||||||
|
|
||||||
# do not ask again
|
# do not ask again
|
||||||
|
|||||||
Reference in New Issue
Block a user