diff options
Diffstat (limited to 'app-crypt/clevis/files')
| -rw-r--r-- | app-crypt/clevis/files/clevis-dracut.patch | 250 | ||||
| -rw-r--r-- | app-crypt/clevis/files/clevis-meson.patch | 11 |
2 files changed, 0 insertions, 261 deletions
diff --git a/app-crypt/clevis/files/clevis-dracut.patch b/app-crypt/clevis/files/clevis-dracut.patch deleted file mode 100644 index 7aec43e..0000000 --- a/app-crypt/clevis/files/clevis-dracut.patch +++ /dev/null @@ -1,250 +0,0 @@ -From a5aa695821e34fb218c7d705065aaf7077737c8c Mon Sep 17 00:00:00 2001 -From: Jonathan Davies <jpds@protonmail.com> -Date: Fri, 5 Nov 2021 15:24:12 +0000 -Subject: [PATCH] Moved dracut directory up to top-level to decouple it with - systemd. - -Adds a clevis-luks-generic-unlocker for alternative use without systemd. - -Based on patch by Sergio Correia <scorreia@redhat.com> - -Closes: #346 - -Signed-off-by: Jonathan Davies <jpds@protonmail.com> ---- - .../dracut/clevis-pin-sss/meson.build | 0 - .../dracut/clevis-pin-sss/module-setup.sh.in | 0 - .../dracut/clevis-pin-tang/meson.build | 0 - .../dracut/clevis-pin-tang/module-setup.sh.in | 0 - .../dracut/clevis-pin-tpm2/meson.build | 0 - .../dracut/clevis-pin-tpm2/module-setup.sh.in | 0 - src/dracut/clevis/clevis-hook.sh.in | 3 + - .../clevis/clevis-luks-generic-unlocker | 70 +++++++++++++++++++ - .../systemd => }/dracut/clevis/meson.build | 1 + - .../dracut/clevis/module-setup.sh.in | 19 +++-- - src/{luks/systemd => }/dracut/meson.build | 0 - .../systemd/dracut/clevis/clevis-hook.sh.in | 2 - - src/luks/systemd/meson.build | 1 - - src/meson.build | 1 + - 14 files changed, 90 insertions(+), 7 deletions(-) - rename src/{luks/systemd => }/dracut/clevis-pin-sss/meson.build (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-sss/module-setup.sh.in (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tang/meson.build (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tang/module-setup.sh.in (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/meson.build (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/module-setup.sh.in (100%) - create mode 100755 src/dracut/clevis/clevis-hook.sh.in - create mode 100755 src/dracut/clevis/clevis-luks-generic-unlocker - rename src/{luks/systemd => }/dracut/clevis/meson.build (87%) - rename src/{luks/systemd => }/dracut/clevis/module-setup.sh.in (76%) - rename src/{luks/systemd => }/dracut/meson.build (100%) - delete mode 100755 src/luks/systemd/dracut/clevis/clevis-hook.sh.in - -diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build -rename to src/dracut/clevis-pin-sss/meson.build -diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in -rename to src/dracut/clevis-pin-sss/module-setup.sh.in -diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build -rename to src/dracut/clevis-pin-tang/meson.build -diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in -rename to src/dracut/clevis-pin-tang/module-setup.sh.in -diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build -rename to src/dracut/clevis-pin-tpm2/meson.build -diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in -rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in -diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in -new file mode 100755 -index 0000000..91ff2bd ---- /dev/null -+++ b/src/dracut/clevis/clevis-hook.sh.in -@@ -0,0 +1,3 @@ -+#!/bin/bash -+ -+@libexecdir@/clevis-luks-generic-unlocker -l -diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker -new file mode 100755 -index 0000000..a3b9d62 ---- /dev/null -+++ b/src/dracut/clevis/clevis-luks-generic-unlocker -@@ -0,0 +1,70 @@ -+#!/bin/bash -+set -eu -+# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: -+# -+# Copyright (c) 2020-2021 Red Hat, Inc. -+# Author: Sergio Correia <scorreia@redhat.com> -+# -+# This program is free software: you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation, either version 3 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program. If not, see <http://www.gnu.org/licenses/>. -+# -+ -+. clevis-luks-common-functions -+ -+# Make sure to exit cleanly if SIGTERM is received. -+trap 'echo "Exiting due to SIGTERM" && exit 0' TERM -+ -+loop= -+while getopts ":l" o; do -+ case "${o}" in -+ l) loop=true;; -+ *) ;; -+ esac -+done -+ -+to_unlock() { -+ local _devices='' _d _uuid -+ for _d in $(lsblk -o PATH,FSTYPE,RM \ -+ | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u); -+ do -+ if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \ -+ || [ -z "${bindings}" ]; then -+ continue -+ fi -+ _uuid="$(cryptsetup luksUUID "${_d}")" -+ if clevis_is_luks_device_by_uuid_open "${_uuid}"; then -+ continue -+ fi -+ _devices="$(printf '%s\n%s' "${_devices}" "${_d}")" -+ done -+ echo "${_devices}" | sed -e 's/^\n$//' -+} -+ -+while true; do -+ for d in $(to_unlock); do -+ uuid="$(cryptsetup luksUUID "${d}")" -+ if ! clevis luks unlock -d "${d}"; then -+ echo "Unable to unlock ${d} (UUID=${uuid})" >&2 -+ continue -+ fi -+ echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2 -+ done -+ -+ [ "${loop}" != true ] && break -+ # Checking for pending devices to be unlocked. -+ if remaining=$(to_unlock) && [ -z "${remaining}" ]; then -+ break; -+ fi -+ -+ sleep 0.5 -+done -diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build -similarity index 87% -rename from src/luks/systemd/dracut/clevis/meson.build -rename to src/dracut/clevis/meson.build -index 167e708..224e27f 100644 ---- a/src/luks/systemd/dracut/clevis/meson.build -+++ b/src/dracut/clevis/meson.build -@@ -16,6 +16,7 @@ if dracut.found() - install_dir: dracutdir, - configuration: data, - ) -+ install_data('clevis-luks-generic-unlocker', install_dir: libexecdir) - else - warning('Will not install dracut module due to missing dependencies!') - endif -diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in -similarity index 76% -rename from src/luks/systemd/dracut/clevis/module-setup.sh.in -rename to src/dracut/clevis/module-setup.sh.in -index bfe657c..dbce790 100755 ---- a/src/luks/systemd/dracut/clevis/module-setup.sh.in -+++ b/src/dracut/clevis/module-setup.sh.in -@@ -19,7 +19,11 @@ - # - - depends() { -- echo crypt systemd -+ local __depends=crypt -+ if dracut_module_included "systemd"; then -+ __depends=$(printf '%s systemd' "${_depends}") -+ fi -+ echo "${__depends}" - return 255 - } - -@@ -27,17 +31,24 @@ install() { - if dracut_module_included "systemd"; then - inst_multiple \ - $systemdsystemunitdir/clevis-luks-askpass.service \ -- $systemdsystemunitdir/clevis-luks-askpass.path -+ $systemdsystemunitdir/clevis-luks-askpass.path \ -+ @SYSTEMD_REPLY_PASS@ \ -+ @libexecdir@/clevis-luks-askpass - systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path - else - inst_hook initqueue/online 60 "$moddir/clevis-hook.sh" - inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh" -+ -+ inst_multiple \ -+ @libexecdir@/clevis-luks-generic-unlocker \ -+ clevis-luks-unlock \ -+ lsblk \ -+ sort \ -+ awk - fi - - inst_multiple \ - /etc/services \ -- @SYSTEMD_REPLY_PASS@ \ -- @libexecdir@/clevis-luks-askpass \ - clevis-luks-common-functions \ - grep sed cut \ - clevis-decrypt \ -diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/meson.build -rename to src/dracut/meson.build -diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in -deleted file mode 100755 -index cb257c9..0000000 ---- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in -+++ /dev/null -@@ -1,2 +0,0 @@ --#!/bin/bash --@libexecdir@/clevis-luks-askpass -diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build -index e3b3d91..b10494e 100644 ---- a/src/luks/systemd/meson.build -+++ b/src/luks/systemd/meson.build -@@ -10,7 +10,6 @@ sd_reply_pass = find_program( - - if systemd.found() and sd_reply_pass.found() - data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path()) -- subdir('dracut') - - unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir') - -diff --git a/src/meson.build b/src/meson.build -index c4e696f..a0dff5b 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -1,6 +1,7 @@ - subdir('bash') - subdir('luks') - subdir('pins') -+subdir('dracut') - subdir('initramfs-tools') - - bins += join_paths(meson.current_source_dir(), 'clevis-decrypt') diff --git a/app-crypt/clevis/files/clevis-meson.patch b/app-crypt/clevis/files/clevis-meson.patch deleted file mode 100644 index bfd517d..0000000 --- a/app-crypt/clevis/files/clevis-meson.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build -index b10494e3ca4d620437aee0d5e440eecf323b03d9..09f7fb51e7320aa71e275c34baa0561233821d69 100644 ---- a/src/luks/systemd/meson.build -+++ b/src/luks/systemd/meson.build -@@ -5,6 +5,7 @@ sd_reply_pass = find_program( - join_paths(get_option('prefix'), 'lib', 'systemd', 'systemd-reply-password'), - join_paths('/', 'usr', get_option('libdir'), 'systemd', 'systemd-reply-password'), - join_paths('/', 'usr', 'lib', 'systemd', 'systemd-reply-password'), -+ join_paths('/', 'lib', 'systemd', 'systemd-reply-password'), - required: false - ) |