Blob Blame Raw
From b3ecb8a981e0f09279a995aad9fd308e6217ff6c Mon Sep 17 00:00:00 2001
Message-Id: <b3ecb8a981e0f09279a995aad9fd308e6217ff6c.1479593016.git.kevin.kofler@chello.at>
From: Kevin Kofler <kevin.kofler@chello.at>
Date: Sat, 19 Nov 2016 02:30:34 +0100
Subject: [PATCH] [dracutlukscfg] Don't include keyfile in initramfs on
 unencrypted /boot.

This matches the fix in initcpiocfg and initramfscfg.
---
 src/modules/dracutlukscfg/DracutLuksCfgJob.cpp | 31 +++++++++++++++++++++++---
 src/modules/dracutlukscfg/DracutLuksCfgJob.h   |  5 ++++-
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp b/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp
index 273ff98..0b66ca6 100644
--- a/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp
+++ b/src/modules/dracutlukscfg/DracutLuksCfgJob.cpp
@@ -33,15 +33,23 @@
 const QString DracutLuksCfgJob::CONFIG_FILE = QStringLiteral( "/etc/dracut.conf.d/calamares-luks.conf" );
 
 // static
-const char *DracutLuksCfgJob::CONFIG_FILE_CONTENTS =
+const char *DracutLuksCfgJob::CONFIG_FILE_HEADER =
     "# Configuration file automatically written by the Calamares system installer\n"
     "# (This file is written once at install time and should be safe to edit.)\n"
     "# Enables support for LUKS full disk encryption with single sign on from GRUB.\n"
-    "\n"
+    "\n";
+
+// static
+const char *DracutLuksCfgJob::CONFIG_FILE_CRYPTTAB_KEYFILE_LINE =
     "# force installing /etc/crypttab even if hostonly=\"no\", install the keyfile\n"
     "install_items+=\" /etc/crypttab /crypto_keyfile.bin \"\n";
 
 // static
+const char *DracutLuksCfgJob::CONFIG_FILE_CRYPTTAB_LINE =
+    "# force installing /etc/crypttab even if hostonly=\"no\"\n"
+    "install_items+=\" /etc/crypttab \"\n";
+
+// static
 const QString DracutLuksCfgJob::CONFIG_FILE_SWAPLINE = QStringLiteral( "# enable automatic resume from swap\nadd_device+=\" /dev/disk/by-uuid/%1 \"\n" );
 
 // static
@@ -76,6 +84,21 @@ DracutLuksCfgJob::isRootEncrypted()
 }
 
 // static
+bool
+DracutLuksCfgJob::hasUnencryptedSeparateBoot()
+{
+    const QVariantList partitions = DracutLuksCfgJob::partitions();
+    for ( const QVariant &partition : partitions )
+    {
+        QVariantMap partitionMap = partition.toMap();
+        QString mountPoint = partitionMap.value( QStringLiteral( "mountPoint" ) ).toString();
+        if ( mountPoint == QStringLiteral( "/boot" ) )
+            return !partitionMap.contains( QStringLiteral( "luksMapperName" ) );
+    }
+    return false;
+}
+
+// static
 QString
 DracutLuksCfgJob::swapOuterUuid()
 {
@@ -126,7 +149,9 @@ DracutLuksCfgJob::exec()
             return Calamares::JobResult::error( tr( "Failed to open %1" ).arg( realConfigFilePath ) );
         }
         QTextStream outStream( &configFile );
-        outStream << CONFIG_FILE_CONTENTS;
+        outStream << CONFIG_FILE_HEADER
+                  << ( hasUnencryptedSeparateBoot() ? CONFIG_FILE_CRYPTTAB_LINE
+                                                    : CONFIG_FILE_CRYPTTAB_KEYFILE_LINE );
         const QString swapOuterUuid = DracutLuksCfgJob::swapOuterUuid();
         if ( ! swapOuterUuid.isEmpty() )
         {
diff --git a/src/modules/dracutlukscfg/DracutLuksCfgJob.h b/src/modules/dracutlukscfg/DracutLuksCfgJob.h
index bfedb85..6d5eae8 100644
--- a/src/modules/dracutlukscfg/DracutLuksCfgJob.h
+++ b/src/modules/dracutlukscfg/DracutLuksCfgJob.h
@@ -42,12 +42,15 @@ public:
 
 private:
     static const QString CONFIG_FILE;
-    static const char *CONFIG_FILE_CONTENTS;
+    static const char *CONFIG_FILE_HEADER;
+    static const char *CONFIG_FILE_CRYPTTAB_KEYFILE_LINE;
+    static const char *CONFIG_FILE_CRYPTTAB_LINE;
     static const QString CONFIG_FILE_SWAPLINE;
 
     static QString rootMountPoint();
     static QVariantList partitions();
     static bool isRootEncrypted();
+    static bool hasUnencryptedSeparateBoot();
     static QString swapOuterUuid();
 };
 
-- 
2.7.4