2 ### udpkey.keyscript KEY/SERVER:PORT[=TAG][#HASH];...
4 ### This is an example cryptsetup key-script for fetching keys during early
5 ### boot. The argument is obtained as the `key-file' field from the
6 ### crypttab(5) file. The KEY is the key tag name requested from the
7 ### server(s); the rest of the argument is a udpkey(1) source-spec.
9 ### A hook script or similar should arrange for /usr/bin/udpkey to be
10 ### installed and for the following things to be placed in /etc/udpkey in the
11 ### initramfs. See udpkey.initramfs-hook for an example.
13 ### keyring The keyring file used by udpkey.
15 ### KEY.local A locally held key fragment. (Optional.)
17 ### seed A key for udpkey's random-number generator. Ideally, a hook
18 ### script should write high-quality random data to this file
19 ### each time the initramfs is constructed.
21 ### The generated initramfs will contain important secrets. It must not be
22 ### left readable by unprivileged users.
26 ## Check the command-line argument.
28 1,*/*:*) tag=${1%%/*} server=${1#*/} ;;
29 *) echo >&2 "Usage: $0 KEY/SERVER:PORT[=TAG][#HASH];..."; exit 16 ;;
32 ## Some preflight checks.
33 if [ ! -x /usr/bin/udpkey ]; then
34 echo >&2 "$0: can't find udpkey executable"
37 if [ ! -f /etc/udpkey/keyring ]; then
38 echo >&2 "$0: can't find local keyring"
42 ## Make sure we have networking.
43 if [ -f /scripts/functions ]; then
48 ## Build a command line.
49 cmd="/usr/bin/udpkey -k/etc/udpkey/keyring"
50 if [ -f /etc/udpkey/seed ]; then
51 cmd="$cmd -r/etc/udpkey/seed"
53 cmd="$cmd $tag $server"
54 if [ -f /etc/udpkey/$tag.local ]; then
55 cmd="$cmd /etc/udpkey/$tag.local"