[fstab] Write configurable options to crypttab (default: luks).

fstab.conf: Add a new "crypttabOptions" option that defaults to "luks". Document that for Debian and Debian-based distributions, the setting should be changed to "luks,keyscript=/bin/cat". main.py: Append the options from the above setting to the end of every line in crypttab. At least the "luks" option should always be there, because there may be different encryption types. The Debian initramfs-tools also require the Debian-specific keyscript option and will otherwise ignore the keyfile entirely (see pull request #254).

[fstab] Write configurable options to crypttab (default: luks).
0876af63 · Kevin Kofler · 4d28544e · 0876af63 · 0876af63
Commit 0876af63 authored 8 years ago by Kevin Kofler
--- a/src/modules/fstab/fstab.conf
+++ b/src/modules/fstab/fstab.conf
@@ -8,3 +8,6 @@ ssdExtraMountOptions:
    xfs: discard
    swap: discard
    btrfs: discard,compress=lzo
+crypttabOptions: luks
+# For Debian and Debian-based distributions, change the above line to:
+# crypttabOptions: luks,keyscript=/bin/cat
--- a/src/modules/fstab/main.py
+++ b/src/modules/fstab/main.py
@@ -102,11 +102,13 @@ class FstabGenerator(object):
    :param mount_options:
    :param ssd_extra_mount_options:
    """
-    def __init__(self, partitions, root_mount_point, mount_options, ssd_extra_mount_options):
+    def __init__(self, partitions, root_mount_point, mount_options,
+                 ssd_extra_mount_options, crypttab_options):
        self.partitions = partitions
        self.root_mount_point = root_mount_point
        self.mount_options = mount_options
        self.ssd_extra_mount_options = ssd_extra_mount_options
+        self.crypttab_options = crypttab_options
        self.ssd_disks = set()
        self.root_is_ssd = False
@@ -156,14 +158,16 @@ class FstabGenerator(object):
            name=mapper_name,
            device="UUID=" + luks_uuid,
            password="/crypto_keyfile.bin",
+            options=self.crypttab_options,
        )
    def print_crypttab_line(self, dct, file=None):
        """ Prints line to '/etc/crypttab' file. """
-        line = "{:21} {:<45} {}".format(dct["name"],
+        line = "{:21} {:<45} {} {}".format(dct["name"],
-                                        dct["device"],
+                                           dct["device"],
-                                        dct["password"],
+                                           dct["password"],
-                                       )
+                                           dct["options"],
+                                          )
        print(line, file=file)
@@ -255,9 +259,11 @@ def run():
    root_mount_point = global_storage.value("rootMountPoint")
    mount_options = conf["mountOptions"]
    ssd_extra_mount_options = conf.get("ssdExtraMountOptions", {})
+    crypttab_options = conf.get("crypttabOptions", "luks")
    generator = FstabGenerator(partitions,
                               root_mount_point,
                               mount_options,
-                               ssd_extra_mount_options)
+                               ssd_extra_mount_options,
+                               crypttab_options)
    return generator.run()