Ensure we can decrypt the luks key before attempting to use it

This just fails earlier when the wrong GPG key is used. The correct solution is to avoid the failure by testing for GPG keys before offering disks to boot.
author: Andrew Cady <d@jerkface.net> 2017-03-26 23:08:20 -0400
committer: Andrew Cady <d@jerkface.net> 2017-03-28 09:19:06 -0400
commit: 49f70f198a0bd1b72ae05b76ba8c2a013aa9ec5b (patch)
tree: 8a8d1aef853ac942096944cf424191e1342e1dea /src/initrd
parent: 3af02e032f39ba16c3f8de2e606abec317d99354 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 3066331..c076b9e 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -224,12 +224,18 @@ open_samizdat_blockdev_from_loop()
 open_samizdat_blockdev()
 {
  local dev="$1" keyfile="$2"
+  local cryptname=samizdatcrypt decrypted_keyfile=/luks.secret
-  local cryptname=samizdatcrypt
  gpg2 --verify "$keyfile" || return
+  # TODO: we should be ensuring we can decrypt this secret key before even
+  # offering the option to boot the encrypted filesystem
  # The first --decrypt merely strips the signature.  The option is
  # poorly named for that case.
-  gpg2 --decrypt "$keyfile" | gpg2 --decrypt | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return
+  gpg2 --decrypt "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
+  cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return
  [ -b /dev/mapper/"$cryptname" ] || return
author	Andrew Cady <d@jerkface.net>	2017-03-26 23:08:20 -0400
committer	Andrew Cady <d@jerkface.net>	2017-03-28 09:19:06 -0400
commit	49f70f198a0bd1b72ae05b76ba8c2a013aa9ec5b (patch)
tree	8a8d1aef853ac942096944cf424191e1342e1dea /src/initrd
parent	3af02e032f39ba16c3f8de2e606abec317d99354 (diff)