napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[initramfscfg] Don't include keyfile in initramfs on unencrypted /boot.

Browse Source 
This matches the fix in initcpiocfg.

I had to create an encrypt_hook_nokey that is a copy of encrypt_hook
without the part that copies the keyfile.
This commit is contained in:
Kevin Kofler 2016-11-19 02:13:04 +01:00 committed by Philip
parent 8f68f9bdef
commit 88d6989c8f
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/modules/initramfscfg/encrypt_hook_nokey Executable file
View File

@ -0,0 +1,22 @@
#!/bin/sh
PREREQ=""
prereqs()
{
echo "$PREREQ"
}
case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
if [ -f /etc/crypttab ]
then
cp /etc/crypttab ${DESTDIR}/etc/
fi

10
src/modules/initramfscfg/main.py
View File

@ -6,6 +6,7 @@
# Copyright 2014, Rohan Garg <rohan@kde.org> # Copyright 2014, Rohan Garg <rohan@kde.org>
# Copyright 2015, Philip Müller <philm@manjaro.org> # Copyright 2015, Philip Müller <philm@manjaro.org>
# Copyright 2016, David McKinney <mckinney@subgraph.com> # Copyright 2016, David McKinney <mckinney@subgraph.com>
# Copyright 2016, Kevin Kofler <kevin.kofler@chello.at>
# #
# Calamares is free software: you can redistribute it and/or modify # Calamares is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -31,13 +32,20 @@ def copy_initramfs_hooks(partitions, root_mount_point):
:param root_mount_point: :param root_mount_point:
""" """
encrypt_hook = False encrypt_hook = False
unencrypted_separate_boot = False
for partition in partitions: for partition in partitions:
if partition["mountPoint"] == "/" and "luksMapperName" in partition: if partition["mountPoint"] == "/" and "luksMapperName" in partition:
encrypt_hook = True encrypt_hook = True
if partition["mountPoint"] == "/boot" and "luksMapperName" not in partition:
unencrypted_separate_boot = True
if encrypt_hook: if encrypt_hook:
shutil.copy2("/usr/lib/calamares/modules/initramfscfg/encrypt_hook", "{!s}/usr/share/initramfs-tools/hooks/".format(root_mount_point)) if unencrypted_separate_boot:
shutil.copy2("/usr/lib/calamares/modules/initramfscfg/encrypt_hook_nokey", "{!s}/usr/share/initramfs-tools/hooks/encrypt_hook".format(root_mount_point))
else:
shutil.copy2("/usr/lib/calamares/modules/initramfscfg/encrypt_hook", "{!s}/usr/share/initramfs-tools/hooks/".format(root_mount_point))
os.chmod("{!s}/usr/share/initramfs-tools/hooks/encrypt_hook".format(root_mount_point), 0o755) os.chmod("{!s}/usr/share/initramfs-tools/hooks/encrypt_hook".format(root_mount_point), 0o755)
def run(): def run():