From: Amadeusz Żołnowski <aidecoe@aidecoe.name>
Date: Thu, 5 May 2011 11:34:21 +0000 (+0200)
Subject: new module - 91crypt-gpg
X-Git-Tag: 011~60
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ba902275d5d15ad16b6cb1c9637ca5cf714452c6;p=platform%2Fupstream%2Fdracut.git

new module - 91crypt-gpg

It's an extension to 90crypt module.  Adds support for GPG-encrypted
keys (symmetrically, of course).  Module is optional.
---

diff --git a/modules.d/91crypt-gpg/crypt-gpg-lib.sh b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
new file mode 100644
index 0000000..f934cae
--- /dev/null
+++ b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=4 sw=4 sts=0 et filetype=sh
+
+command -v ask_for_password >/dev/null || . /lib/dracut-crypt-lib.sh
+
+# gpg_decrypt mnt_point keypath keydev device
+#
+# Decrypts encrypted symmetrically key to standard output.
+#
+# mnt_point - mount point where <keydev> is already mounted
+# keypath - GPG encrypted key path relative to <mnt_point>
+# keydev - device on which key resides; only to display in prompt
+# device - device to be opened by cryptsetup; only to display in prompt
+gpg_decrypt() {
+    local mntp="$1"
+    local keypath="$2"
+    local keydev="$3"
+    local device="$4"
+
+    local gpghome=/tmp/gnupg
+    local opts="--homedir $gpghome --no-mdc-warning --skip-verify --quiet"
+    opts="$opts --logger-file /dev/null --batch --no-tty --passphrase-fd 0"
+
+    mkdir -m 0700 -p "$gpghome"
+
+    ask_for_password \
+        --cmd "gpg $opts --decrypt $mntp/$keypath" \
+        --prompt "Password ($keypath on $keydev for $device)" \
+        --tries 3 --tty-echo-off
+
+    rm -rf -- "$gpghome"
+}
diff --git a/modules.d/91crypt-gpg/module-setup.sh b/modules.d/91crypt-gpg/module-setup.sh
new file mode 100755
index 0000000..3adb3a6
--- /dev/null
+++ b/modules.d/91crypt-gpg/module-setup.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# GPG support is optional
+check() {
+    type -P gpg >/dev/null || return 1
+
+    return 255
+}
+
+depends() {
+    echo crypt
+}
+
+install() {
+    dracut_install gpg
+    inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"
+}