search

dracutdevs / dracut

dracut the event driven initramfs infrastructure
https://github.com/dracutdevs/dracut/wiki
GNU General Public License v2.0
597 stars 396 forks source link

fix(crypt): Encrypted root FS handling with generic initrd #2520

Open DanWin opened 11 months ago

DanWin commented 11 months ago

This pull request adds missing modules potentially required for disk decryption to a generic initrd. Additionally it changes the default for unlocking LUKS encrypted devices at boot from previously only doing so when rd.auto=1 was specified.

Checklist

Fixes #2437

adrelanos commented 7 months ago

Tested. Works for me. Bug fixed. Please review.

LaszloGombos commented 4 months ago

This PR would make dracut --no-hostonly -a crypt fail if the host does not have e.g. libfido2.so.* installed (because now fido2 is a mandatory dependency for crypt in no-hostonly mode).

I think this would be undesirable, especially where for this issue there is an obvious workaround just to manually add the missing modules.

Also https://bugzilla.redhat.com/show_bug.cgi?id=1018930

DanWin commented 3 months ago

Hi @LaszloGombos , actually there are no checks for these modules that require any files to be present. The modules can currently be included as dependency, without copying any files, because their module-setup.sh only copies the library files with inst_libdir_file which in turn has a check on whether the files exist, and otherwise silently ignores them. So the way I see it, there should be nothing against adding them as dependency, unless there are plans on adding checks whether all libraries exist? If so, we might make them optional dependencies like with the tpm2-tss module.

LaszloGombos commented 3 months ago

Hi @LaszloGombos , actually there are no checks for these modules that require any files to be present.

I have not had a chance to check, just saw that in some other places (e.g. https://github.com/dracutdevs/dracut/blob/master/modules.d/99squash/module-setup.sh#L46), there is -o, so i just assumed that without -o it would fail.

the library files with inst_libdir_file which in turn has a check on whether the files exist, and otherwise silently ignores them.

Ok, I see. Thanks !

Perhaps you can upload and improved version of https://github.com/dracut-ng/dracut-ng/pull/280 to https://github.com/dracut-ng/dracut-ng/ (without the rd.auto=1 change).