modules.d/90crypt/parse-crypt.sh

   1 #!/bin/sh
   2
   3 type crypttab_contains >/dev/null 2>&1 || . /lib/dracut-crypt-lib.sh
   4
   5 if ! getargbool 1 rd.luks -d -n rd_NO_LUKS; then
   6     info "rd.luks=0: removing cryptoluks activation"
   7     rm -f -- /etc/udev/rules.d/70-luks.rules
   8 else
   9     {
  10         echo 'SUBSYSTEM!="block", GOTO="luks_end"'
  11         echo 'ACTION!="add|change", GOTO="luks_end"'
  12     } > /etc/udev/rules.d/70-luks.rules.new
  13
  14     LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID)
  15     tout=$(getarg rd.luks.key.tout)
  16
  17     if [ -e /etc/crypttab ]; then
  18         while read _mapper _dev _rest ; do
  19             set_systemd_timeout_for_dev $_dev
  20         done < /etc/crypttab
  21     fi
  22
  23     if [ -n "$LUKS" ]; then
  24         for luksid in $LUKS; do
  25
  26             luksid=${luksid##luks-}
  27
  28             if [ -z "$DRACUT_SYSTEMD" ]; then
  29                 {
  30                     printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
  31                     printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
  32                     printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
  33                     printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask)
  34                     printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
  35                 } >> /etc/udev/rules.d/70-luks.rules.new
  36             else
  37                 if ! crypttab_contains "$luksid"; then
  38                     {
  39                         printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
  40                         printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
  41                         printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
  42                         printf -- '--name systemd-cryptsetup-%%k %s start ' $(command -v systemctl)
  43                         printf -- 'systemd-cryptsetup@luks$$(dev_unit_name -$env{ID_FS_UUID}).service"\n'
  44                     } >> /etc/udev/rules.d/70-luks.rules.new
  45                 fi
  46             fi
  47
  48             uuid=$luksid
  49             while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done
  50             printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' $uuid \
  51                 >> $hookdir/initqueue/finished/90-crypt.sh
  52
  53             {
  54                 printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' $luksid
  55                 printf -- 'warn "crypto LUKS UUID "%s" not found"\n' $luksid
  56             } >> $hookdir/emergency/90-crypt.sh
  57         done
  58     elif getargbool 0 rd.auto; then
  59         if [ -z "$DRACUT_SYSTEMD" ]; then
  60             {
  61                 printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
  62                 printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
  63                 printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout
  64             } >> /etc/udev/rules.d/70-luks.rules.new
  65         else
  66             {
  67                 printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
  68                 printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '
  69                 printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $(command -v crypt-run-generator)
  70             } >> /etc/udev/rules.d/70-luks.rules.new
  71         fi
  72     fi
  73
  74     echo 'LABEL="luks_end"' >> /etc/udev/rules.d/70-luks.rules.new
  75     mv /etc/udev/rules.d/70-luks.rules.new /etc/udev/rules.d/70-luks.rules
  76 fi