LUKS uses remote header, which is currently hard-coded as /header.img

denes
Denes Matetelki 10 years ago
parent 80d3241329
commit 0bd3587494

@ -193,11 +193,21 @@ _open_luks() {
bad_msg "{luks_key} on ${real_luks_keydev} not found."
continue
fi
good_msg "${luks_key} on device ${real_luks_keydev} found"
if [ ! -e "${mntkey}/header.img" ]; then
umount -n "${mntkey}"
key_error=1
keydev_error=1
bad_msg "header.img on ${real_luks_keydev} not found."
continue
fi
good_msg "header.img on device ${real_luks_keydev} found"
fi
# At this point a candidate key exists
# (either mounted before or not)
good_msg "${luks_key} on device ${real_luks_keydev} found"
if [ "$(echo ${luks_key} | grep -o '.gpg$')" = ".gpg" ] && \
[ -e /usr/bin/staticgpg ]; then
@ -222,8 +232,10 @@ _open_luks() {
# At this point, keyfile or not, we're ready!
local ply_cmd="${gpg_ply_cmd}${CRYPTSETUP_BIN}"
local tty_cmd="${gpg_tty_cmd}${CRYPTSETUP_BIN}"
ply_cmd="${ply_cmd} ${cryptsetup_opts} luksOpen ${luks_device} ${luks_dev_name}"
tty_cmd="${tty_cmd} ${cryptsetup_opts} luksOpen ${luks_device} ${luks_dev_name}"
# Using hard-coded remote header, which is at the same place as the key.
ply_cmd="${ply_cmd} ${cryptsetup_opts} --header=${mntkey}/header.img luksOpen ${luks_device} ${luks_dev_name}"
tty_cmd="${tty_cmd} ${cryptsetup_opts} --header=${mntkey}/header.img luksOpen ${luks_device} ${luks_dev_name}"
# send to a temporary shell script, so plymouth can
# invoke the pipeline successfully
local ply_cmd_file="$(mktemp -t "ply_cmd.XXXXXX")"

Loading…
Cancel
Save