| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
Handle case when the crypt header is a normal file which is included in
initramfs and not a blockdevice.
|
|
|
|
|
|
|
|
|
|
| |
if search device is prefixed with ZFS= then we search for a label with
the zpool name in the zfs path. For example, if search device is
"ZFS=tank/alpine/root" then we search for device that is type
"zfs_member" and label "tank".
This makes it work better with grub which creates a boot cmdline with
ZFS=
|
|
|
|
|
|
|
| |
The "cryptkey" boot parameter enables keyfile decryption. By default,
init will look for a keyfile named "/crypto_keyfile.bin". Another file
may be specified like so: "cryptkey=/path/to/keyfile.bin". If keyfile
decryption fails, init will fall back to passphrase mode.
|
| |
|
|
|
|
|
|
|
|
|
| |
Since we previously specified an explicit request_type for the
crypt_load() function nlplug-findfs couldn't open LUKS2 containers. By
using CRYPT_LUKS crypt_load accepts any known LUKUS container format.
We could add an additional command line flag to nlplug-finds for
specifying the request_type but I guess this is good enough for now.
|
|
|
|
|
| |
When enabled allows the use of discard (TRIM) requests for the device.
See cryptsetup(1) for more information.
|
|
|
|
|
|
|
|
| |
Without a call to crypt_set_data_device(), the cryptsetup system does
not know where to find the data device. It works whether the header is
deported or not, according to
https://github.com/mbroz/cryptsetup/blob/8f84fb49faa69b0ddde3d534ee9c72119256f4c9/src/cryptsetup.c#L782
so it is fine to call it in all cases.
|
| |
|
| |
|
|
|
|
| |
move the logic to separate function
|
|
|
|
|
| |
put all data related cryptsetup in a struct. No changes in
functionality.
|
| |
|
|
|
|
|
| |
We could sucessfully read the password but fail to reset the tty. If
that happens, then just warn, but return success.
|
| |
|
| |
|
|
|
|
|
| |
we dont need mount and scan the tree if not explicitly told to look for
apkovls or bootrepos.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ref #6473
|
|
|
|
|
| |
Likely introduced in the major rehaul done in
e4af128b30855b2b29a27c2fd7580b62059bbe51
|
|
|
|
| |
makes things a bit cleaner
|
|
|
|
|
|
|
|
|
| |
Increase timeout to 5sec if we have not found anything so we don't get
error too early.
If boot repos are found then reduce the event timeout to 250ms. If
usb_storage is found, then always add 1 second of delay in addition, to
let the usb host settle.
|
|
|
|
|
| |
certain platform and usb devices expose things deep down the tree,
increase the recursion limit
|
|
|
|
|
|
|
|
| |
raid disks are created zero sized. when mdadm has found all the
disks it finally enables it. this causes md devices to be zero
sized for some time after their creation, and blkid will not
detect them. catch the 'change' notification and rescan block
devices for updated blkid.
|
|
|
|
|
|
|
| |
Based on patch by donoban. Limit recursion depth for repository
search to 2 levels (shell script had -maxdepth 3 for finding the
file entry, so it's maximum of 2 levels of directories). For sysfs
entries deeper search is allowed. ref #5192
|
|
|
|
|
| |
add -n option to allow return success even if nothing was found. This is
useful for net boot, where apkovl and repositories are on network.
|
|
|
|
|
|
|
| |
kernel does not set any "DRIVER" env var in uevent from netlink so we
use kmod to find usb_storage driver.
We also reduce the timeout to 1 sec, which should be enough.
|
|
|
|
|
| |
Avoid printing error message if there are lvm devices but root is not on
any of those.
|
|
|
|
|
|
|
| |
we want print the device name that user is looking for when we prompt
for cryptsetup password instead of the devname from kernel uevent.
If user specified UUID, then we print kernel provided name.
|
|
|
|
|
| |
we want avoid lvm messages be printed after password prompt for
cryptsetup is displayed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need run cryptsetup in parallel so that keyboard drivers are loaded
while waiting for password input.
But cryptsetup will recreate the device which means that the uevent for
new device node will first be added then changed and finally will it
create the /dev/mapper/* device node. We handle the first generated
uevent and while handling, the device node might have disappeared
causeing blkid not find any UUID, and the /dev/mapper/* does not yet
exist.
This means that we need to:
- handle uevents in parallel while waiting for password input
- block uevent handling while actually setting up the crypt device
So we use libcryptsetup and add a mutex while setting up the crypt
device.
|
|
|
|
|
| |
Use a bit mask to indicate trigger thread. This is so we can have more
threads in future.
|
|
|
|
|
|
|
|
|
| |
Fix issue where /dev/vg0/lv_device is used as crypt device. We compare
the major/minor of the event with the device we are searching for. That
way we can find the device we are looking for regardless of the name it
gets.
ref #4863
|
|
|
|
|
|
|
| |
- print only once when we reset timeout
- print what the timeout was set to on exit
This helps to show if what we were looking for was found or not
|
|
|
|
|
|
|
|
| |
instead of waiting each child to run end before continuing, fork
or queue each command allowing up to CPU count concurrent childs.
this enables full use of SMP cores, and allows loading of modules
after a blocking command is started; fixing e.g. keyboard driver
to load even if crypto disk command is waiting keyboard input.
|
|
|
|
| |
just to be on the safe side
|
| |
|
|
|
|
|
|
| |
Using clearenv and setenv is slow, non-thread safe and problematic.
This makes PATH inherited from parent environment, and explicitly
constructs the rest of the environment for mdev.
|
|
|
|
| |
this is so we also can specify cryptroot=/dev/sdaX at boot prompt
|
|
|
|
|
|
|
|
|
|
| |
we want handle all the events in queue, even if we find the devices we
are looking for. This is so we load kernel module for framebuffer even
if the apkvol and bootrepo are found first.
This means that the only valid exit condition is a poll timeout and that
we can set the timeout to 0 once we found all the things we are looking
for.
|
|
|
|
|
|
| |
make sure that we dont exit before the trigger thread is complete,
regardless if we find the devices/bootrepo/apkovl we are looking for or
not.
|
| |
|