crypt: only manually activate systemd-cryptsetup, if not in crypttab

Only additional rd.luks.UUID have to be manually activated.

diff --git a/modules.d/90crypt/crypt-lib.sh b/modules.d/90crypt/crypt-lib.sh
index ebe09f8..f48397d 100755 (executable)
--- a/modules.d/90crypt/crypt-lib.sh
+++ b/modules.d/90crypt/crypt-lib.sh
@@ -4,6 +4,19 @@
 
 command -v getarg >/dev/null || . /lib/dracut-lib.sh
 
+# check if the crypttab contains an entry for a LUKS UUID
+crypttab_contains() {
+    local luks="$1"
+    local l d rest
+    if [ -f /etc/crypttab ]; then
+        while read l d rest; do
+            strstr "${l##luks-}" "${luks##luks-}" && return 0
+            strstr "$d" "${luks##luks-}" && return 0
+        done < /etc/crypttab
+    fi
+    return 1
+}
+
 # ask_for_password
 #
 # Wraps around plymouth ask-for-password and adds fallback to tty password ask

diff --git a/modules.d/90crypt/crypt-run-generator.sh b/modules.d/90crypt/crypt-run-generator.sh
index a610d42..f66162d 100755 (executable)
--- a/modules.d/90crypt/crypt-run-generator.sh
+++ b/modules.d/90crypt/crypt-run-generator.sh
@@ -3,16 +3,12 @@
 # ex: ts=8 sw=4 sts=4 et filetype=sh
 
 . /lib/dracut-lib.sh
+type crypttab_contains >/dev/null 2>&1 || . /lib/dracut-crypt-lib.sh
 
 dev=$1
 luks=$2
 
-if [ -f /etc/crypttab ]; then
-    while read l d rest; do
-        strstr "${l##luks-}" "${luks##luks-}" && exit 0
-        strstr "$d" "${luks##luks-}" && exit 0
-    done < /etc/crypttab
-fi
+crypttab_contains "$luks" && exit 0
 
 allowdiscards="-"
 

diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index 4e42d59..a6b5252 100755 (executable)
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -2,6 +2,8 @@
 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
 # ex: ts=8 sw=4 sts=4 et filetype=sh
 
+type crypttab_contains >/dev/null 2>&1 || . /lib/dracut-crypt-lib.sh
+
 if ! getargbool 1 rd.luks -d -n rd_NO_LUKS; then
     info "rd.luks=0: removing cryptoluks activation"
     rm -f -- /etc/udev/rules.d/70-luks.rules
@@ -28,13 +30,15 @@ else
                     printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
                 } >> /etc/udev/rules.d/70-luks.rules.new
             else
-                {
-                    printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
-                    printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
-                    printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
-                    printf -- '--name systemd-cryptsetup-%%k %s start ' $(command -v systemctl)
-                    printf -- 'systemd-cryptsetup@luks$$(dev_unit_name -$env{ID_FS_UUID}).service"\n'
-                } >> /etc/udev/rules.d/70-luks.rules.new
+                if ! crypttab_contains "$luksid"; then
+                    {
+                        printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
+                        printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
+                        printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
+                        printf -- '--name systemd-cryptsetup-%%k %s start ' $(command -v systemctl)
+                        printf -- 'systemd-cryptsetup@luks$$(dev_unit_name -$env{ID_FS_UUID}).service"\n'
+                    } >> /etc/udev/rules.d/70-luks.rules.new
+                fi
             fi
 
             uuid=$luksid