decrypt-root-with-usb: ubuntu-22.04 patch.

This commit is contained in:
Ole Tange 2022-05-21 13:01:40 +02:00
parent 6e546e1190
commit 1483a6c011
2 changed files with 62 additions and 1 deletions

View file

@ -0,0 +1,61 @@
--- cryptroot.orig 2022-05-21 12:59:09.224162975 +0200
+++ usr/share/initramfs-tools/scripts/local-top/cryptroot 2022-04-23 19:58:19.872003766 +0200
@@ -1,5 +1,7 @@
#!/bin/sh
+# Search for cryptkey.txt
+
PREREQ="cryptroot-prepare"
#
@@ -159,8 +161,48 @@
# unlock via keyfile
unlock_mapping "$CRYPTTAB_KEY"
else
- # unlock interactively or via keyscript
- run_keyscript "$count" | unlock_mapping
+ if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ]; then
+ # Wait for USB to settle
+ /bin/sleep 3
+
+ # Test all devices
+ mkdir /mnt
+ echo -n "Searching for cryptkey.txt on available disks... "
+ local partition
+ for partition in `cat /proc/partitions |awk '{print $4}'|tail -n +3`; do
+ echo -n " $partition"
+ if mount -oro /dev/"$partition" /mnt 2>/dev/null; then
+ echo -n "(mounted)"
+ cat /mnt/cryptkey.txt >> /tmp/cryptkeys.txt 2>/dev/null
+ umount /dev/"$partition"
+ fi
+ done
+ echo "done."
+ fi
+
+ if [ -s /tmp/cryptkeys.txt ]; then
+ local keyfound
+ keyfound=0
+ echo "Trying keys from cryptkey.txt for opening $CRYPTTAB_SOURCE as $CRYPTTAB_NAME"
+ for key in `cat /tmp/cryptkeys.txt`; do
+ if echo -n "$key" | unlock_mapping; then
+ # Found the key
+ echo Key found in cryptkey.txt
+ keyfound=1
+ key=""
+ fi
+ done
+ # Remove traces of the key
+ rm /tmp/cryptkeys.txt
+ unset key
+ if [ "$keyfound" = "0" ]; then
+ # Fall back to manual entry
+ run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping
+ fi
+ else
+ # unlock interactively or via keyscript
+ run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping
+ fi
fi
rv=$?
count=$(( $count + 1 ))

View file

@ -183,7 +183,7 @@ setup_mapping() {
if [ -s /tmp/cryptkeys.txt ]; then if [ -s /tmp/cryptkeys.txt ]; then
local keyfound local keyfound
keyfound=0 keyfound=0
echo Trying keys from cryptkey.txt echo "Trying keys from cryptkey.txt for opening $CRYPTTAB_SOURCE as $CRYPTTAB_NAME"
for key in `cat /tmp/cryptkeys.txt`; do for key in `cat /tmp/cryptkeys.txt`; do
if echo -n "$key" | unlock_mapping; then if echo -n "$key" | unlock_mapping; then
# Found the key # Found the key