* [PATCH] crypt: don't use systemd for crypto handling
@ 2015-03-04 7:49 Jan Synacek
[not found] ` <1425455385-28495-1-git-send-email-jsynacek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Jan Synacek @ 2015-03-04 7:49 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
Cc: harald-H+wXaHxf7aLQT0dZR+AlfA, jsynacek-H+wXaHxf7aLQT0dZR+AlfA
There already is the code necessary to handle an encrypted root
device. The "rd.luks.key" option is not handled the same way in systemd
as it is in dracut, so some setups (like having the keyfile on a
separate device) don't work.
---
modules.d/90crypt/crypt-run-generator.sh | 31 ----------------------
modules.d/90crypt/module-setup.sh | 9 -------
modules.d/90crypt/parse-crypt.sh | 44 +++++++++-----------------------
3 files changed, 12 insertions(+), 72 deletions(-)
delete mode 100755 modules.d/90crypt/crypt-run-generator.sh
diff --git a/modules.d/90crypt/crypt-run-generator.sh b/modules.d/90crypt/crypt-run-generator.sh
deleted file mode 100755
index 3c5d7b1..0000000
--- a/modules.d/90crypt/crypt-run-generator.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-. /lib/dracut-lib.sh
-type crypttab_contains >/dev/null 2>&1 || . /lib/dracut-crypt-lib.sh
-
-dev=$1
-luks=$2
-
-crypttab_contains "$luks" && exit 0
-
-allowdiscards="-"
-
-# parse for allow-discards
-if strstr "$(cryptsetup --help)" "allow-discards"; then
- if discarduuids=$(getargs "rd.luks.allow-discards"); then
- discarduuids=$(str_replace "$discarduuids" 'luks-' '')
- if strstr " $discarduuids " " ${luks##luks-}"; then
- allowdiscards="allow-discards"
- fi
- elif getargbool 0 rd.luks.allow-discards; then
- allowdiscards="allow-discards"
- fi
-fi
-
-echo "$luks $dev - timeout=0,$allowdiscards" >> /etc/crypttab
-
-if command -v systemctl >/dev/null; then
- systemctl daemon-reload
- systemctl start cryptsetup.target
-fi
-exit 0
diff --git a/modules.d/90crypt/module-setup.sh b/modules.d/90crypt/module-setup.sh
index ea1e340..5b3001f 100755
--- a/modules.d/90crypt/module-setup.sh
+++ b/modules.d/90crypt/module-setup.sh
@@ -85,14 +85,5 @@ install() {
inst_simple "$moddir/crypt-lib.sh" "/lib/dracut-crypt-lib.sh"
- inst_multiple -o \
- $systemdutildir/system-generators/systemd-cryptsetup-generator \
- $systemdutildir/systemd-cryptsetup \
- $systemdsystemunitdir/systemd-ask-password-console.path \
- $systemdsystemunitdir/systemd-ask-password-console.service \
- $systemdsystemunitdir/cryptsetup.target \
- $systemdsystemunitdir/sysinit.target.wants/cryptsetup.target \
- systemd-ask-password systemd-tty-ask-password-agent
- inst_script "$moddir"/crypt-run-generator.sh /sbin/crypt-run-generator
dracut_need_initqueue
}
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index 94ad1f6..f2bc181 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -19,25 +19,13 @@ else
luksid=${luksid##luks-}
- if [ -z "$DRACUT_SYSTEMD" ]; then
- {
- printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
- printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
- printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
- printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask)
- printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
- } >> /etc/udev/rules.d/70-luks.rules.new
- else
- if ! crypttab_contains "$luksid"; then
- {
- printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
- printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
- printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
- printf -- '--name systemd-cryptsetup-%%k %s start ' $(command -v systemctl)
- printf -- 'systemd-cryptsetup@luks$$(dev_unit_name -$env{ID_FS_UUID}).service"\n'
- } >> /etc/udev/rules.d/70-luks.rules.new
- fi
- fi
+ {
+ printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
+ printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
+ printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
+ printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask)
+ printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
+ } >> /etc/udev/rules.d/70-luks.rules.new
uuid=$luksid
while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done
@@ -50,19 +38,11 @@ else
} >> $hookdir/emergency/90-crypt.sh
done
elif getargbool 0 rd.auto; then
- if [ -z "$DRACUT_SYSTEMD" ]; then
- {
- printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
- printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
- printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout
- } >> /etc/udev/rules.d/70-luks.rules.new
- else
- {
- printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
- printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '
- printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $(command -v crypt-run-generator)
- } >> /etc/udev/rules.d/70-luks.rules.new
- fi
+ {
+ printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
+ printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
+ printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout
+ } >> /etc/udev/rules.d/70-luks.rules.new
fi
echo 'LABEL="luks_end"' >> /etc/udev/rules.d/70-luks.rules.new
--
2.1.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Dracut GitHub] Patchset imported to github
[not found] ` <1425455385-28495-1-git-send-email-jsynacek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
@ 2015-03-26 15:38 ` Dracut GitHub Import Bot
[not found] ` <20150326153844.5437.48101.githubbot-/GRfruIG/bJJrt6ceOoM5Ad3sJO0fIaJ@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Dracut GitHub Import Bot @ 2015-03-26 15:38 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
Patchset imported to github.
Pull request:
<https://github.com/haraldh/dracut/compare/master...dracut-mailing-devs:1425455385-28495-1-git-send-email-jsynacek@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Dracut GitHub] Patchset imported to github
[not found] ` <20150326153844.5437.48101.githubbot-/GRfruIG/bJJrt6ceOoM5Ad3sJO0fIaJ@public.gmane.org>
@ 2015-03-26 16:42 ` Harald Hoyer
0 siblings, 0 replies; 3+ messages in thread
From: Harald Hoyer @ 2015-03-26 16:42 UTC (permalink / raw)
To: Dracut GitHub Import Bot, initramfs-u79uwXL29TY76Z2rM5mHXA
On 26.03.2015 16:38, Dracut GitHub Import Bot wrote:
> Patchset imported to github.
> Pull request:
> <https://github.com/haraldh/dracut/compare/master...dracut-mailing-devs:1425455385-28495-1-git-send-email-jsynacek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> N�����r��y���b�X��ǧv�^�){.n�+����+kjg�{ay�\x1dʇڙ�,j\a��f���h���z�\x1e�w���\f���j:+v���w�j�m����\a����zZ+�����ݢj"��!tml=
>
Ok, I will change my bot to not send with
Content-Transfer-Encoding: base64
otherwise the majordomo signature is scrambled :)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-26 16:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-04 7:49 [PATCH] crypt: don't use systemd for crypto handling Jan Synacek
[not found] ` <1425455385-28495-1-git-send-email-jsynacek-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-03-26 15:38 ` [Dracut GitHub] Patchset imported to github Dracut GitHub Import Bot
[not found] ` <20150326153844.5437.48101.githubbot-/GRfruIG/bJJrt6ceOoM5Ad3sJO0fIaJ@public.gmane.org>
2015-03-26 16:42 ` Harald Hoyer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.