Comments (3)
This hook is only compatible with the legacy way of doing things.
systemd hooks work in a different manner. Basically legacy initrd loads the hook as a script and executes its run_hook
function, while systemd is - as usual - relying on service units and the likes. Hence even if you add this hook to the list, while in systemd mode its script is not executed.
I'm not sure how much work is needed to make this compatible with systemd: can the script be called as-is through a systemd unit ? would dropbear need to be handled in a dedicated unit ? ...
Up to now I did not have to make it work with systemd - I actually did not know/remember there was a systemd-way of doing this. I'm still interested to take a look at it, but depending on the difficulty and how much time I can - and am willing to - spend on it, it may take a while before it is done (if at all possible).
from archlinux-initrd-ssh-cryptsetup.
As an alternative, you can also try what is documented as Remote unlocking of the root (or other) partition.
Seems like there already are systemd tools for each necessary step (network, ssh, cryptsetup).
If it works as described, I guess there is even no need for me to update my hook.
Maybe even the other hooks mentionned (netconf, dropbear, ...) are so that what my hook do can be done as easily with those. The original legacy dropbear_initrd_encrypt AUR package, which was later split in those new hooks (as mentioned here), was not so easy to use at the time (which was one of the reasons that made me code my hook based on it).
from archlinux-initrd-ssh-cryptsetup.
So I did a quick test with mkinitcpio-systemd-tool, and it should meet your needs.
Basically I
- added the
systemd-tool
hook, which comes with necessary systemd units etcenabled the systemd(edit: the systemd units do not need to be enabled)initrd-network
,initrd-cryptsetup
andinitrd-dropbear
units- (on fresh install) had to manually create the
systemd-network
andsystemd-resolve
users/groups (*) - added the authorized public key in
/etc/dropbear/authorized_keys
- added the
sd-encrypt
hook (**)- a few tests showed that it needs to be placed after
systemd-tool
- copied
/etc/crypttab
to/etc/crypttab.initramfs
(the latter if present is included as/etc/crypttab
inside the initramfs)
- a few tests showed that it needs to be placed after
- re-generated the initramfs
- rebooted
The boot sequence now displays a prompt to enter the password:
secret>
The same prompt is displayed when connecting through SSH.
(*) In systemd 2.39, those users are dynamic and not created in /etc/passwd
and /etc/group
, and this prevents the network service from properly starting (at least inside initrd). See mkinitcpio-systemd-tool ticket #17.
(**) This makes initrd wait for partitions to be unlocked before continuing. Otherwise (in my test, I encrypt a partition that is not the system root) if the boot sequence reaches the point where sysroot is mounted (no password needed), it continues from the real root system and systemd-tool
units are stopped (and later, after intrd, the password for such partitions is asked).
According to the boot sequence I would say it is because the initrd target was reached at which point we leave this state (and thus systemd-tool
units are stopped because they only run within initrd).
from archlinux-initrd-ssh-cryptsetup.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from archlinux-initrd-ssh-cryptsetup.