diff options
author | Jan Janssen <medhefgo@web.de> | 2014-12-02 18:49:29 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-12-05 01:29:43 +0100 |
commit | 6cd5b12aa5a62d6bf4afb78ec1a7787ff01b54ce (patch) | |
tree | 34406dfada5dec9e2a614b2cb826500d7dfb8416 | |
parent | 0fa9e53d12a64981e071e0adb24698f4735e2599 (diff) |
cryptsetup-generator: Add support for UUID-specific key files on kernel command line
-rw-r--r-- | man/systemd-cryptsetup-generator.xml | 11 | ||||
-rw-r--r-- | src/cryptsetup/cryptsetup-generator.c | 17 |
2 files changed, 22 insertions, 6 deletions
diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index ff94e88f99..d4a9cc73ec 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -165,11 +165,16 @@ <term><varname>luks.key=</varname></term> <term><varname>rd.luks.key=</varname></term> - <listitem><para>Takes a password file as argument.</para> + <listitem><para>Takes a password file name as argument or + a LUKS super block UUID followed by a '=' and a password + file name.</para> + <para>For those entries specified with <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>, - the password file will be set to the password file specified by - <varname>rd.luks.key=</varname> or <varname>luks.key</varname></para> + the password file will be set to the one specified by + <varname>rd.luks.key=</varname> or <varname>luks.key=</varname> + of the corresponding UUID, or the password file that was specified + without a UUID.</para> <para><varname>rd.luks.key=</varname> is honored only by initial RAM disk (initrd) while diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index c1581ef9c8..efbcb3afbc 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -36,6 +36,7 @@ typedef struct crypto_device { char *uuid; + char *keyfile; char *options; bool create; } crypto_device; @@ -264,6 +265,7 @@ static void free_arg_disks(void) { while ((d = hashmap_steal_first(arg_disks))) { free(d->uuid); + free(d->keyfile); free(d->options); free(d); } @@ -284,7 +286,7 @@ static crypto_device *get_crypto_device(const char *uuid) { return NULL; d->create = false; - d->options = NULL; + d->keyfile = d->options = NULL; d->uuid = strdup(uuid); if (!d->uuid) { @@ -348,7 +350,16 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) { - if (free_and_strdup(&arg_default_keyfile, value)) + r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); + if (r == 2) { + d = get_crypto_device(uuid); + if (!d) + return log_oom(); + + free(d->keyfile); + d->keyfile = uuid_value; + uuid_value = NULL; + } else if (free_and_strdup(&arg_default_keyfile, value)) return log_oom(); } @@ -455,7 +466,7 @@ static int add_proc_cmdline_devices(void) { else options = "timeout=0"; - r = create_disk(name, device, arg_default_keyfile, options); + r = create_disk(name, device, d->keyfile ?: arg_default_keyfile, options); if (r < 0) return r; } |