[fstab] Write configurable options to crypttab (default: luks).

fstab.conf: Add a new "crypttabOptions" option that defaults to "luks". Document that for Debian and Debian-based distributions, the setting should be changed to "luks,keyscript=/bin/cat". main.py: Append the options from the above setting to the end of every line in crypttab. At least the "luks" option should always be there, because there may be different encryption types. The Debian initramfs-tools also require the Debian-specific keyscript option and will otherwise ignore the keyfile entirely (see pull request #254).
2016-10-13 19:01:13 +02:00 · 2016-10-13 19:01:13 +02:00 · eb6bb49d5a
commit eb6bb49d5a
parent 17c0dd08c7
2 changed files with 15 additions and 6 deletions
--- a/src/modules/fstab/fstab.conf
+++ b/src/modules/fstab/fstab.conf
@ -8,3 +8,6 @@ ssdExtraMountOptions:
    xfs: discard
    swap: discard
    btrfs: discard,compress=lzo
+crypttabOptions: luks
+# For Debian and Debian-based distributions, change the above line to:
+# crypttabOptions: luks,keyscript=/bin/cat
--- a/src/modules/fstab/main.py
+++ b/src/modules/fstab/main.py
@ -102,11 +102,13 @@ class FstabGenerator(object):
    :param mount_options:
    :param ssd_extra_mount_options:
    """
-    def __init__(self, partitions, root_mount_point, mount_options, ssd_extra_mount_options):
+    def __init__(self, partitions, root_mount_point, mount_options,
+                 ssd_extra_mount_options, crypttab_options):
        self.partitions = partitions
        self.root_mount_point = root_mount_point
        self.mount_options = mount_options
        self.ssd_extra_mount_options = ssd_extra_mount_options
+        self.crypttab_options = crypttab_options
        self.ssd_disks = set()
        self.root_is_ssd = False

@ -156,13 +158,15 @@ class FstabGenerator(object):
            name=mapper_name,
            device="UUID=" + luks_uuid,
            password="/crypto_keyfile.bin",
+            options=self.crypttab_options,
        )

    def print_crypttab_line(self, dct, file=None):
        """ Prints line to '/etc/crypttab' file. """
-        line = "{:21} {:<45} {}".format(dct["name"],
+        line = "{:21} {:<45} {} {}".format(dct["name"],
                                           dct["device"],
                                           dct["password"],
+                                           dct["options"],
                                          )

        print(line, file=file)
@ -255,9 +259,11 @@ def run():
    root_mount_point = global_storage.value("rootMountPoint")
    mount_options = conf["mountOptions"]
    ssd_extra_mount_options = conf.get("ssdExtraMountOptions", {})
+    crypttab_options = conf.get("crypttabOptions", "luks")
    generator = FstabGenerator(partitions,
                               root_mount_point,
                               mount_options,
-                               ssd_extra_mount_options)
+                               ssd_extra_mount_options,
+                               crypttab_options)

    return generator.run()