@@ 107,9 107,11 @@ LIBKMOD_CFLAGS := $(shell $(PKGCONF) --cflags libkmod)
LIBKMOD_LIBS := $(shell $(PKGCONF) --libs libkmod)
CRYPTSETUP_CFLAGS := $(shell $(PKGCONF) --cflags libcryptsetup)
CRYPTSETUP_LIBS := $(shell $(PKGCONF) --libs libcryptsetup)
+LIBKEYUTILS_CFLAGS := $(shell $(PKGCONF) --cflags libkeyutils)
+LIBKEYUTILS_LIBS := $(shell $(PKGCONF) --libs libkeyutils)
-CFLAGS += $(BLKID_CFLAGS) $(LIBKMOD_CFLAGS) $(CRYPTSETUP_CFLAGS)
-LIBS = $(BLKID_LIBS) $(LIBKMOD_LIBS) $(CRYPTSETUP_LIBS)
+CFLAGS += $(BLKID_CFLAGS) $(LIBKMOD_CFLAGS) $(CRYPTSETUP_CFLAGS) $(LIBKEYUTILS_CFLAGS)
+LIBS = $(BLKID_LIBS) $(LIBKMOD_LIBS) $(CRYPTSETUP_LIBS) $(LIBKEYUTILS_LIBS)
%.o: %.c
$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ -c $<
@@ 535,9 535,16 @@ ln -s /proc/mounts "$ROOT"/etc/mtab
# check if root=... was set
if [ -n "$KOPT_root" ]; then
+ keyctl newring hackweek @u
+ keyctl chown %:hackweek 1000
+ keyctl setperm %:hackweek 0x3f3f3f3f
+ keyid=$(keyctl add user hackweek "the-secret" %:hackweek)
+ keyctl chown "$keyid" 1000
+ keyctl setperm "$keyid" 0x3f3f3f3f
+
# run nlplug-findfs before SINGLEMODE so we load keyboard drivers
ebegin "Mounting root"
- $MOCK nlplug-findfs $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} \
+ $MOCK nlplug-findfs -i "$keyid" $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} \
${KOPT_uevent_buf_size:+-U $KOPT_uevent_buf_size} \
$KOPT_root
@@ 40,6 40,7 @@
#include <libkmod.h>
#include <blkid.h>
#include <libcryptsetup.h>
+#include <keyutils.h>
#define MAX_EVENT_TIMEOUT 5000
#define DEFAULT_EVENT_TIMEOUT 250
@@ 59,6 60,8 @@ static char *default_envp[2];
char *argv0;
static int use_mdadm, use_lvm, use_zpool;
+static long keyid;
+
#if defined(DEBUG)
#include <stdarg.h>
static void dbg(const char *fmt, ...)
@@ 621,10 624,18 @@ static void *cryptsetup_thread(void *data)
pass, strlen(pass),
c->crypt.flags);
pthread_mutex_unlock(&c->crypt.mutex);
- memset(pass, 0, sizeof(pass)); /* wipe pass after use */
- if (r >= 0)
+ if (r >= 0) {
+ printf("The keyid for hackweek is %ld\n", keyid);
+ if (keyctl_update(keyid, pass, strlen(pass)) < 0) {
+ printf("error updating keyring\n");
+ }
+
+ memset(pass, 0, sizeof(pass)); /* wipe pass after use */
goto free_out;
+ }
+
+ memset(pass, 0, sizeof(pass)); /* wipe pass after use */
printf("No key available with this passphrase.\n");
}
printf("Mounting %s failed, amount of tries exhausted.\n", c->crypt.data.devnode);
@@ 1285,7 1296,7 @@ int main(int argc, char *argv[])
{ "uevent-buffer-size", required_argument, NULL, 'U'},
};
- int c = getopt_long(argc, argv, "a:b:c:hH:k:m:no:Ddf:p:t:U:", options, NULL);
+ int c = getopt_long(argc, argv, "a:b:c:hH:k:m:no:Ddf:p:t:U:i:", options, NULL);
if (c == -1)
break;
@@ 1311,6 1322,9 @@ int main(int argc, char *argv[])
case 'h':
usage(0);
break;
+ case 'i':
+ keyid = atoi(optarg);
+ break;
case 'k':
conf.crypt.data.key = optarg;
break;