-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: cryptsetup Version: 2:1.3.0-3 Tags: patch
encrypted root can be remote unlocked with dropbear ssh in initramfs. The current initramfs script can be set up so it will wait for a file containing the password and feed trough a keyscript (as explained in /usr/share/doc/cryptsetup/README.remote) However, the current script does not recognize if a disk had been unlocked manually outside the script (eg the ssh-user runs cryptsetup instead passing the password to the script). As far as i have observed, the cryptsetup command then simply fails and the script is stuck. The patch adds a simple test if the device apears to already been unlocked (by checking that the required device-mapper file exists, the same test is done after cryptsetup was successfull to ensure all is fine) and will try continue the process (eg, try active lvm or alike as it would do if cryptsetup has worked). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk73jqoACgkQjLvx8ViUjYJ3HACgukIqCXbmuogKpolSzf1l+mRr WnsAoKgZXAMNz5yV4zCXaozNp4a+Yav3 =mxHB -----END PGP SIGNATURE-----
--- cryptroot-script.orig 2011-05-10 02:48:10.000000000 +0200 +++ cryptroot-script 2011-12-25 21:18:49.200781323 +0100 @@ -274,11 +274,12 @@ fi fi - - if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ - $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then - message "cryptsetup: cryptsetup failed, bad password or options?" - continue + if [ ! -e "$NEWROOT" ]; then + if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ + $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then + message "cryptsetup: cryptsetup failed, bad password or options?" + continue + fi fi if [ ! -e "$NEWROOT" ]; then
