From 733d4c37cb0e26aecc2e44e31e151734344213bc Mon Sep 17 00:00:00 2001 From: James Bunton Date: Sun, 9 Feb 2020 13:41:21 +1100 Subject: [PATCH] reboot-no-passphrase: support arbitrary devnames --- bin/reboot-no-passphrase | 23 +++++++++++-------- .../system/disable-crypto_keyfile@.service | 2 +- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/bin/reboot-no-passphrase b/bin/reboot-no-passphrase index 0f9b56d..139f0e0 100755 --- a/bin/reboot-no-passphrase +++ b/bin/reboot-no-passphrase @@ -5,7 +5,7 @@ # 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512 # 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf # 3. mkinitcpio -p linux -# 4. Enable the disable-crypto_keyfiles@.service +# 4. systemctl enable disable-crypto_keyfiles@$(systemd-escape /dev/disk/by-id/xxx).service # 5. Run this script when you want to reboot without a passphrase @@ -17,13 +17,16 @@ if [ ! -f "$crypto_keyfile" ]; then exit 1 fi -found_devices="" -for disk_id in $(ls /etc/systemd/system/basic.target.wants/disable-crypto_keyfile@*.service | cut -d'@' -f2 | cut -d. -f1); do - found=1 - found_devices="${found_devices} /dev/disk/by-id/${disk_id}" -done +readarray -t devnames < <( + find \ + /etc/systemd/system/basic.target.wants/ \ + -maxdepth 1 \ + -name 'disable-crypto_keyfile@*' \ + -printf '%f\0' \ + | xargs -0 -n1 systemd-escape -u --instance +) -if [ -z "$found_devices" ]; then +if [ ${#devnames[@]} = 0 ]; then echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled." exit 1 fi @@ -31,9 +34,9 @@ fi echo -n "Enter password for devices: " read -r -s pw echo "" -for device_filename in $found_devices; do - echo "Adding key to $device_filename" - sudo cryptsetup luksAddKey "$device_filename" "$crypto_keyfile" --key-slot 7 <