From 2d3130c289b293269dcf558a26674f83f77729a6 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Tue, 14 Jun 2022 17:10:01 +0800 Subject: [PATCH 10/10] templates: import /etc/crypttab to grub.cfg The /etc/crypptab is used to setup location of encryption key files during boot, among other things. It is useful to make use the information by grub to determine where keys are being looked up. This script can be used to import relevant /etc/crypptab entry to grub.cfg. Signed-off-by: Michael Chang --- Makefile.util.def | 7 ++++++ util/grub.d/05_crypttab.in | 50 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 util/grub.d/05_crypttab.in --- a/Makefile.util.def +++ b/Makefile.util.def @@ -477,6 +477,13 @@ }; script = { + name = '05_crypttab'; + common = util/grub.d/05_crypttab.in; + installdir = grubconf; + condition = COND_HOST_LINUX; +}; + +script = { name = '10_windows'; common = util/grub.d/10_windows.in; installdir = grubconf; --- /dev/null +++ b/util/grub.d/05_crypttab.in @@ -0,0 +1,50 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2022 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="@prefix@" +exec_prefix="@exec_prefix@" +datarootdir="@datarootdir@" + +export TEXTDOMAIN=@PACKAGE@ +export TEXTDOMAINDIR="@localedir@" + +. "$pkgdatadir/grub-mkconfig_lib" + +CRYPTTAB=/etc/crypttab + +if [ -r "$CRYPTTAB" ]; then + awk ' + $3 ~ /(^\/dev\/|^\/proc\/|^\/sys\/|:)/ { next } + { key[0] = $3 } + $3 ~ /(^$|none|-)/ { + key[0] = "/etc/cryptsetup-keys.d/" $1 ".key" + key[1] = "/run/cryptsetup-keys.d/" $1 ".key" + } + { + for (d in key) + if (system("test -f " key[d]) == 0) + next + } + /UUID=/ { + sub(/UUID=/,"",$2); + gsub(/-/,"",$2); + printf("crypttab_entry %s %s %s\n",$1,$2,$3) + } + ' "$CRYPTTAB" +fi