1 files changed, 27 insertions, 7 deletions

diff --git a/initramfs-tools/scripts/samizdat b/initramfs-tools/scripts/samizdat
index 0c511e8..b1752cd 100644
--- a/initramfs-tools/scripts/samizdat
+++ b/initramfs-tools/scripts/samizdat
@@ -7,28 +7,48 @@ mountroot()
   samizdat_install_udev_rules
   mkfifo "$MENUFIFO"
 
-  # Note: this blocks waiting for the network
   if [ "${nbdroot%%,*}" ]; then
-    try_nbd
+    # I guess this isn't getting called otherwise? I don't know why this should
+    # be necessary, but it is.
+    sh /scripts/local-top/nbd >/dev/null 2>&1
   fi
 
+  if keys_via_network; then
+    wait_for_gnupghome_tar "$tftp_key_server"
+  fi
+  bootwait samizdat-gpg
   bootmenu
   bootwait root-mounted
   chvt 1
 }
 
-try_nbd()
+# Sets $tftp_key_server or returns false.
+keys_via_network()
 {
-  sh /scripts/local-top/nbd >/dev/null 2>&1 & # I guess this isn't getting called otherwise?
-  wait_for_gnupghome_tar
-  (. common.sh && force_grok_block)
+    [ "${nbdroot%%,*}" ] || return
+    local arg cmdline
+    read cmdline < /proc/cmdline
+    for arg in $cmdline; do
+        case "$arg" in
+            netkeys)
+                tftp_key_server="${nbdroot%%,*}"
+                return 0
+            ;;
+            netkeys=*)
+                tftp_key_server="${arg#netkeys=}"
+                return 0
+            ;;
+        esac
+    done
+    return 1
 }
 
 wait_for_gnupghome_tar()
 {
+  local tftp_server="$1"
   [ -e /gnupghome.tar ] && return
   echo -n Waiting to receive GPG keys through the network...
-  (while ! tftp -g -r gnupghome.tar -l /gnupghome.tar.$$ ${nbdroot%%,*} 2>/dev/null; do
+  (while ! tftp -g -r gnupghome.tar -l /gnupghome.tar.$$ "$tftp_server" 2>/dev/null; do
     sleep 1;
     echo -n .
   done