SVN: geninitrd/trunk/geninitrd

[glen]

Author: glen
Date: Wed Nov 12 22:24:07 2008
New Revision: 9983

Modified:
   geninitrd/trunk/geninitrd
Log:
- luks: add keyfile sypport
- luks: process lukstab by device name not LUKSNAME as these might not match
- luks: load aes and cbc modules

Modified: geninitrd/trunk/geninitrd
==============================================================================
--- geninitrd/trunk/geninitrd	(original)
+++ geninitrd/trunk/geninitrd	Wed Nov 12 22:24:07 2008
@@ -835,6 +835,10 @@
 
 	findmodule "dm-crypt"
 
+	# TODO: autodetect
+	findmodule "aes"
+	findmodule "cbc"
+
 	have_luks=yes
 
 	# recurse
@@ -1279,7 +1283,7 @@
 
 	while read dst src key opt; do
 		[ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
-		[ "$dst" != "$LUKSNAME" ] && continue
+		[ "$src" != "$LUKSDEV" ] && continue
 
 		if [ -n "$key" -a "x$key" != "xnone" ]; then
 			if test -e "$key" ; then
@@ -1305,7 +1309,17 @@
 			if [ -n "$opt" ]; then
 				warn "$dst: options are invalid for LUKS partitions, ignoring them"
 			fi
-			echo "cryptsetup ${key:+-d $key} luksOpen '$src' '$dst' <&1" | add_linuxrc
+			if [ "$key" ]; then
+				keyfile=/etc/luks-$LUKSNAME.key
+				inst $key $keyfile
+			fi
+
+			debug "+ cryptsetup ${keyfile:+-d $keyfile} luksOpen '$src' '$dst'"
+			add_linuxrc <<-EOF
+			cryptsetup ${keyfile:+-d $keyfile} luksOpen '$src' '$dst' <&1
+
+			debugshell
+			EOF
 		else
 			die "$dst: only LUKS encryption supported"
 		fi
@@ -1324,6 +1338,7 @@
 	mount_sys
 	initrd_gen_devices
 
+	debug "luks: process /etc/crypttab $LUKSNAME $LUKSDEV"
 	luks_crypttab $LUKSNAME $LUKSDEV
 }