From 4869d2c2f83e46cb18e7ff60fc513bf06fd9d6b9 Mon Sep 17 00:00:00 2001
From: "Gerd v. Egidy" <gerd@egidy.de>
Date: Mon, 25 Sep 2023 22:28:26 +0200
Subject: [PATCH] Fix findroot loop when the password to any encrypted device
 is unknown (#342)

Do this by asking max 6 times for a password, then continue with the next device.

Also fix a bug when an encrypted device on LVM leads to the same device
name for the encrypted and unencrypted device.
---
 ChangeLog                            |  1 +
 airootfs/etc/initcpio/hooks/findroot | 13 ++++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0f18209..984a0bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@ SystemRescue ChangeLog
 ------------------------------------------------------------------------------
 10.03 (YYYY-MM-DD):
 ------------------------------------------------------------------------------
+* Fix findroot loop when the password to any encrypted device is unknown (#342)
 * Fix using findroot when /sbin/init is an absolute symlink (#340)
 * Added sleuthkit (Tools for raw file system inspection) (#349)
 * Added timeshift (snapshot-based backup solution) (#350)
diff --git a/airootfs/etc/initcpio/hooks/findroot b/airootfs/etc/initcpio/hooks/findroot
index 9934ed7..0a49213 100644
--- a/airootfs/etc/initcpio/hooks/findroot
+++ b/airootfs/etc/initcpio/hooks/findroot
@@ -17,12 +17,15 @@ run_hook() {
         if cryptsetup isLuks ${curdev} >/dev/null 2>&1
         then
             echo "A passphrase is required to access device ${curdev}:"
-            local cryptname="${curdev##*/}"
+            local cryptname="luks-${curdev##*/}"
             local cryptargs=""
-            while ! eval cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs}
-            do
-                sleep 2;
-            done
+            if ! cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs}; then
+                if ! cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs}; then
+                    # each cryptsetup call offers 3 tries to enter a valid password
+                    # all 6 failed failed, so continue with the next device
+                    continue
+                fi
+            fi
             if [ ! -e "/dev/mapper/${cryptname}" ]
             then
                 err "Password succeeded but ${cryptname} creation failed, aborting..."