I have modified the patches to work with Debian 12 Bookworm.
Most noticeable, the "poweroff" command must now be called with the parameter
"-f" to switch off the system while waiting for an input.
--- orig/functions 2023-06-12 19:44:03.169739289 +0200
+++ /usr/lib/cryptsetup/functions 2023-06-12 19:45:25.780386107 +0200
@@ -83,6 +83,7 @@
CRYPTTAB_OPTION_keyslot \
CRYPTTAB_OPTION_header \
CRYPTTAB_OPTION_tcrypthidden \
+ CRYPTTAB_OPTION_timeout \
CRYPTTAB_OPTION_same_cpu_crypt \
CRYPTTAB_OPTION_submit_from_crypt_cpus \
CRYPTTAB_OPTION_no_read_workqueue \
@@ -186,7 +187,7 @@
fi
;;
# numeric options >=0
- offset|skip|tries|keyslot|keyfile-offset)
+ offset|skip|tries|keyslot|keyfile-offset|timeout)
if ! printf '%s' "${VALUE-}" | grep -Exq "[0-9]+"; then
return 1
fi
--- /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig 2023-04-21 00:54:29.000000000 +0200
+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot 2023-06-12 19:38:06.706673696 +0200
@@ -148,8 +148,16 @@
fi
fi
- local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv
+ local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" poweroffpid=0 fstype vg rv
while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
+ if [ "${CRYPTTAB_OPTION_timeout:-0}" -gt 15 ]; then
+ # Power down if not key has been entered within $timeout seconds.
+ # Ignore values below 15 seconds to give the user a chance
+ # to enter his passphrase in case of a typo in /etc/crypttab.
+ cryptsetup_message "Timeout in $CRYPTTAB_OPTION_timeout seconds"
+ (sleep "$CRYPTTAB_OPTION_timeout" && cryptsetup_message "poweroff" && /usr/sbin/poweroff -f) &
+ poweroffpid=$!
+ fi
if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
# unlock via keyfile
unlock_mapping "$CRYPTTAB_KEY"
@@ -159,6 +167,9 @@
fi
rv=$?
count=$(( $count + 1 ))
+ if [ "$poweroffpid" -gt 0 ]; then
+ kill "$poweroffpid"
+ fi
if [ $rv -ne 0 ]; then
cryptsetup_message "ERROR: $CRYPTTAB_NAME: cryptsetup failed, bad password or options?"
