projects / platform / upstream / dracut.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3909d7e)
new module - 91crypt-gpg
authorAmadeusz Żołnowski <aidecoe@aidecoe.name>
Thu, 5 May 2011 11:34:21 +0000 (13:34 +0200)
committerHarald Hoyer <harald@redhat.com>
Fri, 6 May 2011 10:23:52 +0000 (12:23 +0200)
It's an extension to 90crypt module.  Adds support for GPG-encrypted
keys (symmetrically, of course).  Module is optional.

modules.d/91crypt-gpg/crypt-gpg-lib.sh [new file with mode: 0644] patch | blob
modules.d/91crypt-gpg/module-setup.sh [new file with mode: 0755] patch | blob

diff --git a/modules.d/91crypt-gpg/crypt-gpg-lib.sh b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
new file mode 100644 (file)
index 0000000..f934cae
--- /dev/null
+++ b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=4 sw=4 sts=0 et filetype=sh
+
+command -v ask_for_password >/dev/null || . /lib/dracut-crypt-lib.sh
+
+# gpg_decrypt mnt_point keypath keydev device
+#
+# Decrypts encrypted symmetrically key to standard output.
+#
+# mnt_point - mount point where <keydev> is already mounted
+# keypath - GPG encrypted key path relative to <mnt_point>
+# keydev - device on which key resides; only to display in prompt
+# device - device to be opened by cryptsetup; only to display in prompt
+gpg_decrypt() {
+    local mntp="$1"
+    local keypath="$2"
+    local keydev="$3"
+    local device="$4"
+
+    local gpghome=/tmp/gnupg
+    local opts="--homedir $gpghome --no-mdc-warning --skip-verify --quiet"
+    opts="$opts --logger-file /dev/null --batch --no-tty --passphrase-fd 0"
+
+    mkdir -m 0700 -p "$gpghome"
+
+    ask_for_password \
+        --cmd "gpg $opts --decrypt $mntp/$keypath" \
+        --prompt "Password ($keypath on $keydev for $device)" \
+        --tries 3 --tty-echo-off
+
+    rm -rf -- "$gpghome"
+}
diff --git a/modules.d/91crypt-gpg/module-setup.sh b/modules.d/91crypt-gpg/module-setup.sh
new file mode 100755 (executable)
index 0000000..3adb3a6
--- /dev/null
+++ b/modules.d/91crypt-gpg/module-setup.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# GPG support is optional
+check() {
+    type -P gpg >/dev/null || return 1
+
+    return 255
+}
+
+depends() {
+    echo crypt
+}
+
+install() {
+    dracut_install gpg
+    inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"
+}
Domain: System / Base;