Edit File by line

#!/bin/sh

[0] Fix | Delete

[1] Fix | Delete

PATH=/usr/sbin:/usr/bin:/sbin:/bin

[2] Fix | Delete

NEWROOT=${NEWROOT:-"/sysroot"}

[3] Fix | Delete

[4] Fix | Delete

# do not ask, if we already have root

[5] Fix | Delete

[ -f $NEWROOT/proc ] && exit 0

[6] Fix | Delete

[7] Fix | Delete

. /lib/dracut-lib.sh

[8] Fix | Delete

[9] Fix | Delete

# if device name is /dev/dm-X, convert to /dev/mapper/name

[10] Fix | Delete

if [ "${1##/dev/dm-}" != "$1" ]; then

[11] Fix | Delete

device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"

[12] Fix | Delete

else

[13] Fix | Delete

device="$1"

[14] Fix | Delete

[15] Fix | Delete

[16] Fix | Delete

# default luksname - luks-UUID

[17] Fix | Delete

luksname=$2

[18] Fix | Delete

[19] Fix | Delete

# number of tries

[20] Fix | Delete

numtries=${3:-10}

[21] Fix | Delete

[22] Fix | Delete

# TODO: improve to support what cmdline does

[23] Fix | Delete

if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; then

[24] Fix | Delete

while read name dev luksfile luksoptions || [ -n "$name" ]; do

[25] Fix | Delete

# ignore blank lines and comments

[26] Fix | Delete

if [ -z "$name" -o "${name#\#}" != "$name" ]; then

[27] Fix | Delete

continue

[28] Fix | Delete

[29] Fix | Delete

[30] Fix | Delete

# PARTUUID used in crypttab

[31] Fix | Delete

if [ "${dev%%=*}" = "PARTUUID" ]; then

[32] Fix | Delete

if [ "luks-${dev##PARTUUID=}" = "$luksname" ]; then

[33] Fix | Delete

luksname="$name"

[34] Fix | Delete

break

[35] Fix | Delete

[36] Fix | Delete

[37] Fix | Delete

# UUID used in crypttab

[38] Fix | Delete

elif [ "${dev%%=*}" = "UUID" ]; then

[39] Fix | Delete

if [ "luks-${dev##UUID=}" = "$luksname" ]; then

[40] Fix | Delete

luksname="$name"

[41] Fix | Delete

break

[42] Fix | Delete

[43] Fix | Delete

[44] Fix | Delete

# ID used in crypttab

[45] Fix | Delete

elif [ "${dev%%=*}" = "ID" ]; then

[46] Fix | Delete

if [ "luks-${dev##ID=}" = "$luksname" ]; then

[47] Fix | Delete

luksname="$name"

[48] Fix | Delete

break

[49] Fix | Delete

[50] Fix | Delete

[51] Fix | Delete

# path used in crypttab

[52] Fix | Delete

else

[53] Fix | Delete

cdev=$(readlink -f $dev)

[54] Fix | Delete

mdev=$(readlink -f $device)

[55] Fix | Delete

if [ "$cdev" = "$mdev" ]; then

[56] Fix | Delete

luksname="$name"

[57] Fix | Delete

break

[58] Fix | Delete

[59] Fix | Delete

[60] Fix | Delete

done < /etc/crypttab

[61] Fix | Delete

unset name dev

[62] Fix | Delete

[63] Fix | Delete

[64] Fix | Delete

# check if destination already exists

[65] Fix | Delete

[ -b /dev/mapper/$luksname ] && exit 0

[66] Fix | Delete

[67] Fix | Delete

# we already asked for this device

[68] Fix | Delete

asked_file=/tmp/cryptroot-asked-$luksname

[69] Fix | Delete

[ -f $asked_file ] && exit 0

[70] Fix | Delete

[71] Fix | Delete

# load dm_crypt if it is not already loaded

[72] Fix | Delete

[ -d /sys/module/dm_crypt ] || modprobe dm_crypt

[73] Fix | Delete

[74] Fix | Delete

. /lib/dracut-crypt-lib.sh

[75] Fix | Delete

[76] Fix | Delete

[77] Fix | Delete

# Open LUKS device

[78] Fix | Delete

[79] Fix | Delete

[80] Fix | Delete

info "luksOpen $device $luksname $luksfile $luksoptions"

[81] Fix | Delete

[82] Fix | Delete

OLD_IFS="$IFS"

[83] Fix | Delete

IFS=,

[84] Fix | Delete

set -- $luksoptions

[85] Fix | Delete

IFS="$OLD_IFS"

[86] Fix | Delete

[87] Fix | Delete

while [ $# -gt 0 ]; do

[88] Fix | Delete

case $1 in

[89] Fix | Delete

noauto)

[90] Fix | Delete

# skip this

[91] Fix | Delete

exit 0

[92] Fix | Delete

;;

[93] Fix | Delete

swap)

[94] Fix | Delete

# skip this

[95] Fix | Delete

exit 0

[96] Fix | Delete

;;

[97] Fix | Delete

tmp)

[98] Fix | Delete

# skip this

[99] Fix | Delete

exit 0

[100] Fix | Delete

;;

[101] Fix | Delete

allow-discards)

[102] Fix | Delete

allowdiscards="--allow-discards"

[103] Fix | Delete

;;

[104] Fix | Delete

header=*)

[105] Fix | Delete

cryptsetupopts="${cryptsetupopts} --${1}"

[106] Fix | Delete

;;

[107] Fix | Delete

esac

[108] Fix | Delete

shift

[109] Fix | Delete

done

[110] Fix | Delete

[111] Fix | Delete

# parse for allow-discards

[112] Fix | Delete

if strstr "$(cryptsetup --help)" "allow-discards"; then

[113] Fix | Delete

if discarduuids=$(getargs "rd.luks.allow-discards"); then

[114] Fix | Delete

discarduuids=$(str_replace "$discarduuids" 'luks-' '')

[115] Fix | Delete

if strstr " $discarduuids " " ${luksdev##luks-}"; then

[116] Fix | Delete

allowdiscards="--allow-discards"

[117] Fix | Delete

[118] Fix | Delete

elif getargbool 0 rd.luks.allow-discards; then

[119] Fix | Delete

allowdiscards="--allow-discards"

[120] Fix | Delete

[121] Fix | Delete

[122] Fix | Delete

[123] Fix | Delete

if strstr "$(cryptsetup --help)" "allow-discards"; then

[124] Fix | Delete

cryptsetupopts="$cryptsetupopts $allowdiscards"

[125] Fix | Delete

[126] Fix | Delete

[127] Fix | Delete

unset allowdiscards

[128] Fix | Delete

[129] Fix | Delete

# fallback to passphrase

[130] Fix | Delete

ask_passphrase=1

[131] Fix | Delete

[132] Fix | Delete

if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then

[133] Fix | Delete

if cryptsetup --key-file "$luksfile" $cryptsetupopts luksOpen "$device" "$luksname"; then

[134] Fix | Delete

ask_passphrase=0

[135] Fix | Delete

[136] Fix | Delete

else

[137] Fix | Delete

while [ -n "$(getarg rd.luks.key)" ]; do

[138] Fix | Delete

if tmp=$(getkey /tmp/luks.keys $device); then

[139] Fix | Delete

keydev="${tmp%%:*}"

[140] Fix | Delete

keypath="${tmp#*:}"

[141] Fix | Delete

else

[142] Fix | Delete

if [ $numtries -eq 0 ]; then

[143] Fix | Delete

warn "No key found for $device. Fallback to passphrase mode."

[144] Fix | Delete

break

[145] Fix | Delete

[146] Fix | Delete

sleep 1

[147] Fix | Delete

info "No key found for $device. Will try $numtries time(s) more later."

[148] Fix | Delete

initqueue --unique --onetime --settled \

[149] Fix | Delete

--name cryptroot-ask-$luksname \

[150] Fix | Delete

$(command -v cryptroot-ask) "$device" "$luksname" "$(($numtries-1))"

[151] Fix | Delete

exit 0

[152] Fix | Delete

[153] Fix | Delete

unset tmp

[154] Fix | Delete

[155] Fix | Delete

info "Using '$keypath' on '$keydev'"

[156] Fix | Delete

readkey "$keypath" "$keydev" "$device" \

[157] Fix | Delete

| cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"

[158] Fix | Delete

unset keypath keydev

[159] Fix | Delete

ask_passphrase=0

[160] Fix | Delete

break

[161] Fix | Delete

done

[162] Fix | Delete

[163] Fix | Delete

[164] Fix | Delete

if [ $ask_passphrase -ne 0 ]; then

[165] Fix | Delete

luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen"

[166] Fix | Delete

_timeout=$(getargs "rd.luks.timeout")

[167] Fix | Delete

_timeout=${_timeout:-0}

[168] Fix | Delete

ask_for_password --ply-tries 5 \

[169] Fix | Delete

--ply-cmd "$luks_open -T1 $device $luksname" \

[170] Fix | Delete

--ply-prompt "Password ($device)" \

[171] Fix | Delete

--tty-tries 1 \

[172] Fix | Delete

--tty-cmd "$luks_open -T5 -t $_timeout $device $luksname"

[173] Fix | Delete

unset luks_open

[174] Fix | Delete

unset _timeout

[175] Fix | Delete

[176] Fix | Delete

[177] Fix | Delete

unset device luksname luksfile

[178] Fix | Delete

[179] Fix | Delete

# mark device as asked

[180] Fix | Delete

>> $asked_file

[181] Fix | Delete

[182] Fix | Delete

need_shutdown

[183] Fix | Delete

udevsettle

[184] Fix | Delete

[185] Fix | Delete

exit 0

[186] Fix | Delete

[187] Fix | Delete