Is --askpass is specified and kdumpctl is invoked via terminal, then
kdumpctl may ask password for crypt target.
Signed-off-by: Kairui Song <kasong(a)redhat.com>
---
dracut-module-setup.sh | 3 --
kdumpctl | 66 ++++++++++++++++++++++++++++++++----------
2 files changed, 51 insertions(+), 18 deletions(-)
diff --git a/dracut-module-setup.sh b/dracut-module-setup.sh
index 88764e0..54094bf 100755
--- a/dracut-module-setup.sh
+++ b/dracut-module-setup.sh
@@ -834,9 +834,6 @@ kdump_check_crypt_targets()
inst cryptsetup
instmods dm_crypt
- echo > "$initdir/etc/cmdline.d/90crypt.conf"
- echo > "$initdir/etc/crypttab"
-
dracut_need_initqueue
}
diff --git a/kdumpctl b/kdumpctl
index c6acfdb..d9b6d4d 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -21,6 +21,7 @@ TARGET_INITRD=""
FADUMP_REGISTER_SYS_NODE="/sys/kernel/fadump_registered"
#kdump shall be the default dump mode
DEFAULT_DUMP_MODE="kdump"
+KDUMP_DECRYPT_ASKPASS=""
image_time=0
standard_kexec_args="-d -p"
@@ -699,7 +700,7 @@ prepare_luks_initramfs()
local _dev _uuid
for _dev in $_crypt_devices; do
_uuid=$(get_block_uuid "$_dev")
- if ! get_luks_dev_master_key "$_dev"
"$KEXEC_CRYPTO_TMPDIR/rootfs/.kexec-luks-key.$_uuid";
+ if ! get_luks_dev_master_key "$_dev"
"$KEXEC_CRYPTO_TMPDIR/rootfs/.kexec-luks-key.$_uuid"
"$KDUMP_DECRYPT_ASKPASS";
then
dwarn "Can't retrive LUKS key, crashkernel value should be large enough for
LUKS key decryption, and kdump kernel will prompt for password."
clean_luks_initramfs
@@ -709,6 +710,10 @@ prepare_luks_initramfs()
lsinitrd "$TARGET_INITRD" -f /init >
"$KEXEC_CRYPTO_TMPDIR/rootfs/init.kexec.orig"
cp /usr/lib/kdump/kexec-crypt-init.sh "$KEXEC_CRYPTO_TMPDIR/rootfs/init"
+
+ echo > "$KEXEC_CRYPTO_TMPDIR/etc/cmdline.d/90crypt.conf"
+ echo > "$KEXEC_CRYPTO_TMPDIR/etc/crypttab"
+
chmod -R 0700 "$KEXEC_CRYPTO_TMPDIR/rootfs/init"
chmod -R 0700 "$KEXEC_CRYPTO_TMPDIR/rootfs/init.kexec.orig"
@@ -1314,13 +1319,47 @@ if [ ! -f "$KDUMP_CONFIG_FILE" ]; then
exit 1
fi
-main ()
+usage()
+{
+ dinfo $"Usage: $0 {start|stop|status|restart|reload|rebuild|propagate|showmem}
[--askpass]"
+ exit 1
+}
+
+main()
{
# Determine if the dump mode is kdump or fadump
determine_dump_mode
+ local cmd
+
case "$1" in
- start)
+ condrestart|start|stop|status|restart|reload|rebuild|propagate|showmem)
+ cmd=$1
+ ;;
+ *)
+ usage
+ ;;
+ esac
+ shift
+
+ while [ $# -ge 1 ]; do
+ case "$1" in
+ --askpass)
+ if [[ -t 1 ]]; then
+ KDUMP_DECRYPT_ASKPASS="true"
+ else
+ derror "Ignoring --askpass, kdumpctl not invoked via console"
+ fi
+ ;;
+ *)
+ usage
+ ;;
+ esac
+ shift
+ done
+
+ case "$cmd" in
+ start)
if [ -s /proc/vmcore ]; then
save_core
reboot
@@ -1328,10 +1367,10 @@ main ()
start
fi
;;
- stop)
+ stop)
stop
;;
- status)
+ status)
EXIT_CODE=0
check_current_status
case "$?" in
@@ -1346,27 +1385,24 @@ main ()
esac
exit $EXIT_CODE
;;
- reload)
+ reload)
reload
;;
- restart)
+ restart)
stop
start
;;
- rebuild)
+ rebuild)
rebuild
;;
- condrestart)
+ condrestart)
;;
- propagate)
+ propagate)
propagate_ssh_key
;;
- showmem)
+ showmem)
show_reserved_mem
;;
- *)
- dinfo $"Usage: $0
{start|stop|status|restart|reload|rebuild|propagate|showmem}"
- exit 1
esac
}
@@ -1375,6 +1411,6 @@ single_instance_lock
# To avoid fd 9 leaking, we invoke a subshell, close fd 9 and call main.
# So that fd isn't leaking when main is invoking a subshell.
-(exec 9<&-; main $1)
+(exec 9<&-; main "$@")
exit $?
--
2.30.2