From: Harald Hoyer Date: Thu, 11 Apr 2013 13:44:33 +0000 (+0200) Subject: cryptsetup-generator: add support for rd.luks.key= X-Git-Tag: v202~23 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=951657bd0a5bb32b5f56cc6b91ad2ea4094bdfaf cryptsetup-generator: add support for rd.luks.key= Also clarify rd.luks.uuid and luks.uuid in the manual. https://bugzilla.redhat.com/show_bug.cgi?id=905683 --- diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index f24979817..6d064f637 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -237,6 +237,8 @@ rd.luks.crypttab= luks.uuid= rd.luks.uuid= + luks.key= + rd.luks.key= Configures the LUKS diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index 292e967be..795003294 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -128,7 +128,31 @@ (initrd) while luks.uuid= is honored by both the main system and - the initrd. + the initrd. + If /etc/crypttab contains entries with + the same UUID, then the options for this entry + will be used. + If /etc/crypttab exists, only those UUID + specified on the kernel command line + will be activated in the initrd or the real root. + + + + luks.key= + rd.luks.key= + + Takes a password file as argument. + For those entries specified with + rd.luks.uuid= or luks.uuid=, + the password file will be set to the password file specified by + rd.luks.key= or luks.key + rd.luks.key= + is honored only by initial RAM disk + (initrd) while + luks.key= is + honored by both the main system and + the initrd. + diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index fd2080b53..fd634ae74 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -233,7 +233,7 @@ static int create_disk( return 0; } -static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) { +static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cmdline_keyfile) { char _cleanup_free_ *line = NULL; char *w = NULL, *state = NULL; int r; @@ -300,6 +300,21 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) { return log_oom(); } + } else if (startswith(word, "luks.key=")) { + *arg_proc_cmdline_keyfile = strdup(word + 9); + if (! arg_proc_cmdline_keyfile) + return log_oom(); + + } else if (startswith(word, "rd.luks.key=")) { + + if (in_initrd()) { + if (*arg_proc_cmdline_keyfile) + free(*arg_proc_cmdline_keyfile); + *arg_proc_cmdline_keyfile = strdup(word + 12); + if (!arg_proc_cmdline_keyfile) + return log_oom(); + } + } else if (startswith(word, "luks.") || (in_initrd() && startswith(word, "rd.luks."))) { @@ -319,6 +334,7 @@ int main(int argc, char *argv[]) { char **i; char _cleanup_strv_free_ **arg_proc_cmdline_disks_done = NULL; char _cleanup_strv_free_ **arg_proc_cmdline_disks = NULL; + char _cleanup_free_ *arg_proc_cmdline_keyfile = NULL; if (argc > 1 && argc != 4) { log_error("This program takes three or no arguments."); @@ -334,7 +350,7 @@ int main(int argc, char *argv[]) { umask(0022); - if (parse_proc_cmdline(&arg_proc_cmdline_disks) < 0) + if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0) return EXIT_FAILURE; if (!arg_enabled) @@ -425,7 +441,7 @@ int main(int argc, char *argv[]) { if (!name || !device) return log_oom(); - if (create_disk(name, device, NULL, "timeout=0") < 0) + if (create_disk(name, device, arg_proc_cmdline_keyfile, "timeout=0") < 0) r = EXIT_FAILURE; }