[pkg-cryptsetup-devel] Bug#697156: [patch] maybe a better solution
Matthias Buecher / Germany
maddes+debian at maddes.net
Mon Apr 6 16:08:22 UTC 2015
Goal is to be able to unlock root partition via an SSH shell remotely,
while plymouth is installed and used in initramfs.
I sent a patch that works well for me on Debian 7.8 "Wheezy" when
plymouth is asking for password on local screen and I connect remotely
via SSH.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782024
-------------- next part --------------
--- /usr/share/initramfs-tools/scripts/local-top/cryptroot 2012-11-07 16:28:47.000000000 +0100
+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot 2015-03-11 23:25:18.000000000 +0100
@@ -16,11 +16,15 @@ prereqs()
done
}
+NOPLYMOUTH=0
+
case $1 in
prereqs)
prereqs
exit 0
;;
+noplymouth)
+ NOPLYMOUTH=1
esac
# source for log_*_msg() functions, see LP: #272301
@@ -31,7 +35,7 @@ esac
#
message()
{
- if [ -x /bin/plymouth ] && plymouth --ping; then
+ if [ "${NOPLYMOUTH}" -eq 0 -a -x /bin/plymouth ] && plymouth --ping; then
plymouth message --text="$@"
else
echo "$@" >&2
@@ -269,7 +273,7 @@ setup_mapping()
if [ -z "$cryptkeyscript" ]; then
cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
- if [ -x /bin/plymouth ] && plymouth --ping; then
+ if [ "${NOPLYMOUTH}" -eq 0 -a -x /bin/plymouth ] && plymouth --ping; then
cryptkeyscript="plymouth ask-for-password --prompt"
cryptkey=$(printf "$cryptkey")
else
@@ -291,6 +295,12 @@ setup_mapping()
return 1
fi
+ # Kill all remaining processes that ask for the password
+ for PID in $(ps | grep -e '/lib/cryptsetup/askpass' -e 'plymouth.*ask-for-password' | sed -n -e '/grep/! { s#[[:space:]]*\([0-9]\+\)[[:space:]]*.*#\1#p ; }')
+ do
+ kill -9 "${PID}"
+ done
+
#FSTYPE=''
#eval $(fstype < "$NEWROOT")
FSTYPE="$(blkid -s TYPE -o value "$NEWROOT")"
--- /usr/share/initramfs-tools/hooks/cryptroot_unlock.sh 2014-12-28 22:16:37.909586616 +0100
+++ /usr/share/initramfs-tools/hooks/cryptroot_unlock.sh 2015-03-11 22:33:41.000000000 +0100
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+#
+# This InitRAMFS hook provides:
+# Simple script to easily unlock LUKS encrypted root partition from remote (SSH, Telnet)
+# Intended for Debian 6.0 Squeeze
+#
+# Copyright: Matthias Bücher, see http://www.maddes.net/
+# License: GNU GPL v2 or later, see http://www.gnu.org/licenses/gpl.html
+#
+# Adopted from http://www.howtoforge.com/unlock-a-luks-encrypted-root-partition-via-ssh-on-ubuntu#comment-25990
+#
+# Thanks to:
+# - Wulf Coulmann; http://gpl.coulmann.de/ssh_luks_unlock.html
+# for his tremendeous effort to unlock LUKS root parititon remotely on Debian 5.0 Lenny and before
+#
+# History:
+# v1.0 - 2011-02-15
+# initial release
+# v1.1 - 2011-03-29
+# fixed some typos
+# (also thanks to Sven Greuer)
+#
+
+PREREQ=""
+
+prereqs()
+{
+ echo "${PREREQ}"
+}
+
+case "${1}" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+#
+# Begin real processing
+#
+
+SCRIPTNAME=unlock
+
+# 1) Create script to unlock luks partitions
+cat > ${DESTDIR}/bin/${SCRIPTNAME} << '__EOF'
+#!/bin/sh
+PATH='/sbin:/bin'
+/scripts/local-top/cryptroot noplymouth
+__EOF
+chmod 700 ${DESTDIR}/bin/${SCRIPTNAME}
+
+
+# 2) Enhance Message Of The Day (MOTD) with info how to unlock luks partition
+cat >> ${DESTDIR}/etc/motd << __EOF
+
+To unlock root partition, and maybe others like swap, run "${SCRIPTNAME}"
+__EOF
More information about the pkg-cryptsetup-devel
mailing list