[PATCH 7/8] kdumpctl: accept a --askpass param for loading kdump resource

Is --askpass is specified and kdumpctl is invoked via terminal, then kdumpctl may ask password for crypt target. Signed-off-by: Kairui Song <kasong(a)redhat.com&gt; --- dracut-module-setup.sh | 3 -- kdumpctl | 66 ++++++++++++++++++++++++++++++++---------- 2 files changed, 51 insertions(+), 18 deletions(-) diff --git a/dracut-module-setup.sh b/dracut-module-setup.sh index 88764e0..54094bf 100755 --- a/dracut-module-setup.sh +++ b/dracut-module-setup.sh @@ -834,9 +834,6 @@ kdump_check_crypt_targets() inst cryptsetup instmods dm_crypt - echo > "$initdir/etc/cmdline.d/90crypt.conf" - echo > "$initdir/etc/crypttab" - dracut_need_initqueue } diff --git a/kdumpctl b/kdumpctl index c6acfdb..d9b6d4d 100755 --- a/kdumpctl +++ b/kdumpctl @@ -21,6 +21,7 @@ TARGET_INITRD="" FADUMP_REGISTER_SYS_NODE="/sys/kernel/fadump_registered" #kdump shall be the default dump mode DEFAULT_DUMP_MODE="kdump" +KDUMP_DECRYPT_ASKPASS="" image_time=0 standard_kexec_args="-d -p" @@ -699,7 +700,7 @@ prepare_luks_initramfs() local _dev _uuid for _dev in $_crypt_devices; do _uuid=$(get_block_uuid "$_dev") - if ! get_luks_dev_master_key "$_dev" "$KEXEC_CRYPTO_TMPDIR/rootfs/.kexec-luks-key.$_uuid"; + if ! get_luks_dev_master_key "$_dev" "$KEXEC_CRYPTO_TMPDIR/rootfs/.kexec-luks-key.$_uuid" "$KDUMP_DECRYPT_ASKPASS"; then dwarn "Can't retrive LUKS key, crashkernel value should be large enough for LUKS key decryption, and kdump kernel will prompt for password." clean_luks_initramfs @@ -709,6 +710,10 @@ prepare_luks_initramfs() lsinitrd "$TARGET_INITRD" -f /init > "$KEXEC_CRYPTO_TMPDIR/rootfs/init.kexec.orig" cp /usr/lib/kdump/kexec-crypt-init.sh "$KEXEC_CRYPTO_TMPDIR/rootfs/init" + + echo > "$KEXEC_CRYPTO_TMPDIR/etc/cmdline.d/90crypt.conf" + echo > "$KEXEC_CRYPTO_TMPDIR/etc/crypttab" + chmod -R 0700 "$KEXEC_CRYPTO_TMPDIR/rootfs/init" chmod -R 0700 "$KEXEC_CRYPTO_TMPDIR/rootfs/init.kexec.orig" @@ -1314,13 +1319,47 @@ if [ ! -f "$KDUMP_CONFIG_FILE" ]; then exit 1 fi -main () +usage() +{ + dinfo $"Usage: $0 {start|stop|status|restart|reload|rebuild|propagate|showmem} [--askpass]" + exit 1 +} + +main() { # Determine if the dump mode is kdump or fadump determine_dump_mode + local cmd + case "$1" in - start) + condrestart|start|stop|status|restart|reload|rebuild|propagate|showmem) + cmd=$1 + ;; + *) + usage + ;; + esac + shift + + while [ $# -ge 1 ]; do + case "$1" in + --askpass) + if [[ -t 1 ]]; then + KDUMP_DECRYPT_ASKPASS="true" + else + derror "Ignoring --askpass, kdumpctl not invoked via console" + fi + ;; + *) + usage + ;; + esac + shift + done + + case "$cmd" in + start) if [ -s /proc/vmcore ]; then save_core reboot @@ -1328,10 +1367,10 @@ main () start fi ;; - stop) + stop) stop ;; - status) + status) EXIT_CODE=0 check_current_status case "$?" in @@ -1346,27 +1385,24 @@ main () esac exit $EXIT_CODE ;; - reload) + reload) reload ;; - restart) + restart) stop start ;; - rebuild) + rebuild) rebuild ;; - condrestart) + condrestart) ;; - propagate) + propagate) propagate_ssh_key ;; - showmem) + showmem) show_reserved_mem ;; - *) - dinfo $"Usage: $0 {start|stop|status|restart|reload|rebuild|propagate|showmem}" - exit 1 esac } @@ -1375,6 +1411,6 @@ single_instance_lock # To avoid fd 9 leaking, we invoke a subshell, close fd 9 and call main. # So that fd isn't leaking when main is invoking a subshell. -(exec 9<&-; main $1) +(exec 9<&-; main "$@") exit $? -- 2.30.2