napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't include keyfile in initramfs on unencrypted /boot.

Browse Source
This commit is contained in:
Teo Mrnjavac 2016-11-17 18:14:37 +01:00 committed by Philip
parent 433d6ded6d
commit b04dcdc42f
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/modules/initcpiocfg/main.py
View File

@ -94,6 +94,7 @@ def modify_mkinitcpio_conf(partitions, root_mount_point):
files = []
encrypt_hook = False
openswap_hook = False
unencrypted_separate_boot = False
# It is important that the plymouth hook comes before any encrypt hook
plymouth_bin = os.path.join(root_mount_point, "usr/bin/plymouth")
@ -112,9 +113,13 @@ def modify_mkinitcpio_conf(partitions, root_mount_point):
if partition["mountPoint"] == "/" and "luksMapperName" in partition:
encrypt_hook = True
if partition["mountPoint"] == "/boot" and "luksMapperName" not in partition:
unencrypted_separate_boot = True
if encrypt_hook:
hooks.append("encrypt")
if os.path.isfile(os.path.join(root_mount_point, "crypto_keyfile.bin")):
if not unencrypted_separate_boot and \
os.path.isfile(os.path.join(root_mount_point, "crypto_keyfile.bin")):
files.append("/crypto_keyfile.bin")
if swap_uuid is not "":