Goal is to be able to unlock root partition via an SSH shell remotely,
while plymouth is installed and used in initramfs.

I sent a patch that works well for me on Debian 7.8 "Wheezy" when
plymouth is asking for password on local screen and I connect remotely
via SSH.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782024

--- /usr/share/initramfs-tools/scripts/local-top/cryptroot      2012-11-07 
16:28:47.000000000 +0100
+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot      2015-03-11 
23:25:18.000000000 +0100
@@ -16,11 +16,15 @@ prereqs()
        done
 }
 
+NOPLYMOUTH=0
+
 case $1 in
 prereqs)
        prereqs
        exit 0
        ;;
+noplymouth)
+       NOPLYMOUTH=1
 esac
 
 # source for log_*_msg() functions, see LP: #272301
@@ -31,7 +35,7 @@ esac
 #
 message()
 {
-       if [ -x /bin/plymouth ] && plymouth --ping; then
+       if [ "${NOPLYMOUTH}" -eq 0 -a -x /bin/plymouth ] && plymouth --ping; 
then
                plymouth message --text="$@"
        else
                echo "$@" >&2
@@ -269,7 +273,7 @@ setup_mapping()
 
                if [ -z "$cryptkeyscript" ]; then
                        cryptkey="Unlocking the disk $cryptsource 
($crypttarget)\nEnter passphrase: "
-                       if [ -x /bin/plymouth ] && plymouth --ping; then
+                       if [ "${NOPLYMOUTH}" -eq 0 -a -x /bin/plymouth ] && 
plymouth --ping; then
                                cryptkeyscript="plymouth ask-for-password 
--prompt"
                                cryptkey=$(printf "$cryptkey")
                        else
@@ -291,6 +295,12 @@ setup_mapping()
                        return 1
                fi
 
+               # Kill all remaining processes that ask for the password
+               for PID in $(ps | grep -e '/lib/cryptsetup/askpass' -e 
'plymouth.*ask-for-password' | sed -n -e '/grep/! { 
s#[[:space:]]*\([0-9]\+\)[[:space:]]*.*#\1#p ; }')
+                do
+                       kill -9 "${PID}"
+               done
+
                #FSTYPE=''
                #eval $(fstype < "$NEWROOT")
                FSTYPE="$(blkid -s TYPE -o value "$NEWROOT")"
--- /usr/share/initramfs-tools/hooks/cryptroot_unlock.sh        2014-12-28 
22:16:37.909586616 +0100
+++ /usr/share/initramfs-tools/hooks/cryptroot_unlock.sh        2015-03-11 
22:33:41.000000000 +0100
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+#
+# This InitRAMFS hook provides:
+# Simple script to easily unlock LUKS encrypted root partition from remote 
(SSH, Telnet)
+# Intended for Debian 6.0 Squeeze
+#
+# Copyright: Matthias Bücher, see http://www.maddes.net/
+# License: GNU GPL v2 or later, see http://www.gnu.org/licenses/gpl.html
+#
+# Adopted from 
http://www.howtoforge.com/unlock-a-luks-encrypted-root-partition-via-ssh-on-ubuntu#comment-25990
+#
+# Thanks to:
+# - Wulf Coulmann; http://gpl.coulmann.de/ssh_luks_unlock.html
+#   for his tremendeous effort to unlock LUKS root parititon remotely on 
Debian 5.0 Lenny and before
+#
+# History:
+# v1.0 - 2011-02-15
+#  initial release
+# v1.1 - 2011-03-29
+#  fixed some typos
+#  (also thanks to Sven Greuer)
+#
+
+PREREQ=""
+
+prereqs()
+{
+       echo "${PREREQ}"
+}
+
+case "${1}" in
+ prereqs)
+       prereqs
+       exit 0
+       ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+#
+# Begin real processing
+#
+
+SCRIPTNAME=unlock
+
+# 1) Create script to unlock luks partitions
+cat > ${DESTDIR}/bin/${SCRIPTNAME} << '__EOF'
+#!/bin/sh
+PATH='/sbin:/bin'
+/scripts/local-top/cryptroot noplymouth
+__EOF
+chmod 700 ${DESTDIR}/bin/${SCRIPTNAME}
+
+
+# 2) Enhance Message Of The Day (MOTD) with info how to unlock luks partition
+cat >> ${DESTDIR}/etc/motd << __EOF
+
+To unlock root partition, and maybe others like swap, run "${SCRIPTNAME}"
+__EOF

Reply via email to