dracut icon indicating copy to clipboard operation
dracut copied to clipboard

Published 20 hours ago verified publisher icon dracutdevs

improvement: Add support for single password boot on non-systemd setups.

Open jovaska1337 opened this issue 3 years ago • 3 comments

ask_for_password() in the crypt module (modules.d/90crypt/crypt-lib.sh) can now store passwords in the kernel keyring via keyctl, mimicing the behavior of systemd-ask-password. This allows pam_gdm.so (a standalone PAM module from GDM) to work on non-systemd setups and unlock a GNOME keyring when autologin is enabled without asking for a password. (given that the keyring password is the same as the disk encryption password)

Changes

  • keyctl (and tee) added as an optional includes in the crypt module. (detected with find_binary() in install())
  • ask_for_password() will pipe passwords to keyctl (via a helper script) if it's available and the --key-name option is used.
  • The helper script (modules.d/90crypt/password-helper.sh) is required due to the way plymouth handles the --command parameter.
  • modules.d/90crypt/cryptroot-ask.sh will now try to store the result of ask_for_password() in the kernel keyring with the name "cryptsetup", allowing pam_gdm.so to work.

Checklist

  • [x] I have tested it locally
  • [ ] I have reviewed and updated any documentation if relevant
  • [ ] I am providing new code and test(s) for it

jovaska1337 avatar Mar 29 '22 07:03 jovaska1337

This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions.

stale[bot] avatar May 25 '22 21:05 stale[bot]

This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions.

stale[bot] avatar Jul 21 '22 07:07 stale[bot]

This should now pass all the required checks.

jovaska1337 avatar Jul 21 '22 18:07 jovaska1337

This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions.

stale[bot] avatar Aug 31 '22 11:08 stale[bot]