cryptsetup-generator: Add support for UUID-specific key files on kernel command line

diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml
index ff94e88f996c994f2a69c4079f3fcafa06ba8031..d4a9cc73ecbfcbb6aac216253f19e94a017b5568 100644 (file)
--- a/man/systemd-cryptsetup-generator.xml
+++ b/man/systemd-cryptsetup-generator.xml
@@ -165,11 +165,16 @@
                                 <term><varname>luks.key=</varname></term>
                                 <term><varname>rd.luks.key=</varname></term>
 
-                                <listitem><para>Takes a password file as argument.</para>
+                                <listitem><para>Takes a password file name as argument or
+                                a LUKS super block UUID followed by a '=' and a password
+                                file name.</para>
+
                                 <para>For those entries specified with
                                 <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>,
-                                the password file will be set to the password file specified by
-                                <varname>rd.luks.key=</varname> or <varname>luks.key</varname></para>
+                                the password file will be set to the one specified by
+                                <varname>rd.luks.key=</varname> or <varname>luks.key=</varname>
+                                of the corresponding UUID, or the password file that was specified
+                                without a UUID.</para>
                                 <para><varname>rd.luks.key=</varname>
                                 is honored only by initial RAM disk
                                 (initrd) while

diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index c1581ef9c8a7be55a18044eed0c2356803780631..efbcb3afbcbbca1a9b85102882bfd8a43af2a7a4 100644 (file)
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -36,6 +36,7 @@
 
 typedef struct crypto_device {
         char *uuid;
+        char *keyfile;
         char *options;
         bool create;
 } crypto_device;
@@ -264,6 +265,7 @@ static void free_arg_disks(void) {
 
         while ((d = hashmap_steal_first(arg_disks))) {
                 free(d->uuid);
+                free(d->keyfile);
                 free(d->options);
                 free(d);
         }
@@ -284,7 +286,7 @@ static crypto_device *get_crypto_device(const char *uuid) {
                         return NULL;
 
                 d->create = false;
-                d->options = NULL;
+                d->keyfile = d->options = NULL;
 
                 d->uuid = strdup(uuid);
                 if (!d->uuid) {
@@ -348,7 +350,16 @@ static int parse_proc_cmdline_item(const char *key, const char *value) {
 
         } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
 
-                if (free_and_strdup(&arg_default_keyfile, value))
+                r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
+                if (r == 2) {
+                        d = get_crypto_device(uuid);
+                        if (!d)
+                                return log_oom();
+
+                        free(d->keyfile);
+                        d->keyfile = uuid_value;
+                        uuid_value = NULL;
+                } else if (free_and_strdup(&arg_default_keyfile, value))
                         return log_oom();
 
         }
@@ -455,7 +466,7 @@ static int add_proc_cmdline_devices(void) {
                 else
                         options = "timeout=0";
 
-                r = create_disk(name, device, arg_default_keyfile, options);
+                r = create_disk(name, device, d->keyfile ?: arg_default_keyfile, options);
                 if (r < 0)
                         return r;
         }