From 423c7b57e35fad0fe28901700a2f0e0540c76f14 Mon Sep 17 00:00:00 2001 From: Kevin Kofler Date: Sat, 19 Nov 2016 02:13:04 +0100 Subject: [PATCH] [initramfscfg] Don't include keyfile in initramfs on unencrypted /boot. This matches the fix in initcpiocfg. I had to create an encrypt_hook_nokey that is a copy of encrypt_hook without the part that copies the keyfile. --- src/modules/initramfscfg/encrypt_hook_nokey | 22 +++++++++++++++++++++ src/modules/initramfscfg/main.py | 10 +++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100755 src/modules/initramfscfg/encrypt_hook_nokey diff --git a/src/modules/initramfscfg/encrypt_hook_nokey b/src/modules/initramfscfg/encrypt_hook_nokey new file mode 100755 index 000000000..db51475bd --- /dev/null +++ b/src/modules/initramfscfg/encrypt_hook_nokey @@ -0,0 +1,22 @@ +#!/bin/sh + + PREREQ="" + + prereqs() + { + echo "$PREREQ" + } + + case $1 in + # get pre-requisites + prereqs) + prereqs + exit 0 + ;; + esac + + . /usr/share/initramfs-tools/hook-functions + if [ -f /etc/crypttab ] + then + cp /etc/crypttab ${DESTDIR}/etc/ + fi diff --git a/src/modules/initramfscfg/main.py b/src/modules/initramfscfg/main.py index ece0b1ea0..f889b7b16 100644 --- a/src/modules/initramfscfg/main.py +++ b/src/modules/initramfscfg/main.py @@ -6,6 +6,7 @@ # Copyright 2014, Rohan Garg # Copyright 2015, Philip Müller # Copyright 2016, David McKinney +# Copyright 2016, Kevin Kofler # # Calamares is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -31,13 +32,20 @@ def copy_initramfs_hooks(partitions, root_mount_point): :param root_mount_point: """ encrypt_hook = False + unencrypted_separate_boot = False for partition in partitions: if partition["mountPoint"] == "/" and "luksMapperName" in partition: encrypt_hook = True + if partition["mountPoint"] == "/boot" and "luksMapperName" not in partition: + unencrypted_separate_boot = True + if encrypt_hook: - shutil.copy2("/usr/lib/calamares/modules/initramfscfg/encrypt_hook", "{!s}/usr/share/initramfs-tools/hooks/".format(root_mount_point)) + if unencrypted_separate_boot: + shutil.copy2("/usr/lib/calamares/modules/initramfscfg/encrypt_hook_nokey", "{!s}/usr/share/initramfs-tools/hooks/encrypt_hook".format(root_mount_point)) + else: + shutil.copy2("/usr/lib/calamares/modules/initramfscfg/encrypt_hook", "{!s}/usr/share/initramfs-tools/hooks/".format(root_mount_point)) os.chmod("{!s}/usr/share/initramfs-tools/hooks/encrypt_hook".format(root_mount_point), 0o755) def run():