From 6726860c3ee36e26ebae4fbc8b72c9955b50230f Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@cryptonomic.net>
Date: Tue, 2 Mar 2021 14:09:11 -0500
Subject: initrd: improve readability and robustness to recovery

The luks.secret is stored per block device, and any existing
/dev/mapper/samizdatcrypt is removed before we try to create
that device.

This makes it more possible to recover from a failed menu-select
from the emergency console.
---
 src/initrd/btrfs-create.sh | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 6e0f22e..969ddf6 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -311,21 +311,22 @@ open_samizdat_blockdev_from_loop()
 open_samizdat_blockdev()
 {
   local dev="$1" keyfile="$2"
-  local cryptname=samizdatcrypt decrypted_keyfile=/luks.secret
+  local cryptname=samizdatcrypt decrypted_keyfile=/luks.secret."${dev##*/}"
 
-  gpg2 --verify "$keyfile" || return
-
-  # TODO: we should be ensuring we can decrypt this secret key before even
-  # offering the option to boot the encrypted filesystem
+  if [ -b /dev/mapper/"$cryptname" ]
+  then
+    cryptsetup luksClose "$cryptname" || return
+  fi
 
-  # The first --decrypt merely strips the signature.  The option is
-  # poorly named for that case.
-  gpg2 --decrypt "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
+  if [ ! -e "$decrypted_keyfile" ]
+  then
+    gpg2 --verify "$keyfile" || return
+    gpg2 --output=- --verify "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
+  fi
 
   cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return
 
   [ -b /dev/mapper/"$cryptname" ] || return
-
 }
 
 init_samizdat_blockdev()
-- 
cgit v1.2.3