Moved dracut directory up to top-level to decouple it with systemd.

Adds a clevis-luks-generic-unlocker for alternative use without systemd.

Based on patch by Sergio Correia <[email protected]>

Closes: #346

Signed-off-by: Jonathan Davies <[email protected]>

Author: jpds

src/luks/systemd/dracut/clevis-pin-sss/meson.build src/dracut/clevis-pin-sss/meson.build

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+@libexecdir@/clevis-luks-generic-unlocker -l

src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in src/dracut/clevis-pin-sss/module-setup.sh.in

@@ -0,0 +1,70 @@
+#!/bin/bash
+set -eu
+# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2020-2021 Red Hat, Inc.
+# Author: Sergio Correia <[email protected]>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+. clevis-luks-common-functions
+
+# Make sure to exit cleanly if SIGTERM is received.
+trap 'echo "Exiting due to SIGTERM" && exit 0' TERM
+
+loop=
+while getopts ":l" o; do
+    case "${o}" in
+    l) loop=true;;
+    *) ;;
+    esac
+done
+
+to_unlock() {
+    local _devices='' _d _uuid
+    for _d in $(lsblk -o PATH,FSTYPE,RM \
+               | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u);
+    do
+        if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \
+                         || [ -z "${bindings}" ]; then
+            continue
+        fi
+        _uuid="$(cryptsetup luksUUID "${_d}")"
+        if clevis_is_luks_device_by_uuid_open "${_uuid}"; then
+            continue
+        fi
+        _devices="$(printf '%s\n%s' "${_devices}" "${_d}")"
+    done
+    echo "${_devices}" | sed -e 's/^\n$//'
+}
+
+while true; do
+    for d in $(to_unlock); do
+        uuid="$(cryptsetup luksUUID "${d}")"
+        if ! clevis luks unlock -d "${d}"; then
+            echo "Unable to unlock ${d} (UUID=${uuid})" >&2
+            continue
+        fi
+        echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2
+    done
+
+    [ "${loop}" != true ] && break
+    # Checking for pending devices to be unlocked.
+    if remaining=$(to_unlock) && [ -z "${remaining}" ]; then
+        break;
+    fi
+
+    sleep 0.5
+done

src/luks/systemd/dracut/clevis-pin-tang/meson.build src/dracut/clevis-pin-tang/meson.build

@@ -16,6 +16,7 @@ if dracut.found()
     install_dir: dracutdir,
     configuration: data,
   )
+  install_data('clevis-luks-generic-unlocker', install_dir: libexecdir)
 else
   warning('Will not install dracut module due to missing dependencies!')
 endif

src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in src/dracut/clevis-pin-tang/module-setup.sh.in

@@ -19,25 +19,36 @@
 #
 
 depends() {
-    echo crypt systemd
+    local __depends=crypt
+    if dracut_module_included "systemd"; then
+        __depends=$(printf '%s systemd' "${_depends}")
+    fi
+    echo "${__depends}"
     return 255
 }
 
 install() {
     if dracut_module_included "systemd"; then
         inst_multiple \
             $systemdsystemunitdir/clevis-luks-askpass.service \
-            $systemdsystemunitdir/clevis-luks-askpass.path
+            $systemdsystemunitdir/clevis-luks-askpass.path \
+            @SYSTEMD_REPLY_PASS@ \
+            @libexecdir@/clevis-luks-askpass
         systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
     else
         inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
         inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"
+
+	inst_multiple \
+            @libexecdir@/clevis-luks-generic-unlocker \
+            clevis-luks-unlock \
+            lsblk \
+            sort \
+            awk
     fi
 
     inst_multiple \
         /etc/services \
-        @SYSTEMD_REPLY_PASS@ \
-        @libexecdir@/clevis-luks-askpass \
         clevis-luks-common-functions \
         grep sed cut \
         clevis-decrypt \

src/luks/systemd/dracut/clevis-pin-tpm2/meson.build src/dracut/clevis-pin-tpm2/meson.build

@@ -10,7 +10,6 @@ sd_reply_pass = find_program(
 
 if systemd.found() and sd_reply_pass.found()
   data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path())
-  subdir('dracut')
 
   unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir')
 

src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in src/dracut/clevis-pin-tpm2/module-setup.sh.in

@@ -1,6 +1,7 @@
 subdir('bash')
 subdir('luks')
 subdir('pins')
+subdir('dracut')
 subdir('initramfs-tools')
 
 bins += join_paths(meson.current_source_dir(), 'clevis-decrypt')