From 99fb6737482069170ae576e8929e57100a4958cd Mon Sep 17 00:00:00 2001 From: "Gerd v. Egidy" Date: Mon, 25 Sep 2023 21:44:03 +0200 Subject: [PATCH 1/2] Fix using findroot when /sbin/init is an absolute symlink (#340) Also add basic safeguards against bad usrmerge implementations: that would be when /sbin is a absolute symlink instead of a relative one. --- ChangeLog | 1 + airootfs/etc/initcpio/hooks/findroot | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4af54cb..0f18209 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ SystemRescue ChangeLog ------------------------------------------------------------------------------ 10.03 (YYYY-MM-DD): ------------------------------------------------------------------------------ +* Fix using findroot when /sbin/init is an absolute symlink (#340) * Added sleuthkit (Tools for raw file system inspection) (#349) * Added timeshift (snapshot-based backup solution) (#350) diff --git a/airootfs/etc/initcpio/hooks/findroot b/airootfs/etc/initcpio/hooks/findroot index 63923d4..9934ed7 100644 --- a/airootfs/etc/initcpio/hooks/findroot +++ b/airootfs/etc/initcpio/hooks/findroot @@ -45,7 +45,15 @@ run_hook() { echo "Checking for ${init} on device ${curdev} ..." if mount -r ${curdev} ${newroot} 2>/dev/null then - if test -x ${newroot}/${init} + # check if /sbin is a symlink and if it is absolute or relative + if test -L "${newroot}/sbin" && readlink "${newroot}/sbin" | grep -q "^/" + then + echo "Absolute /sbin symlink on device ${curdev}" + echo "This usrmerge layout is currently not supported by findroot." + umount ${newroot} + continue + fi + if test -x ${newroot}/${init} || test -L ${newroot}/${init} then echo "Found ${init} on device ${curdev}" rootcount=$((rootcount + 1)) From 4869d2c2f83e46cb18e7ff60fc513bf06fd9d6b9 Mon Sep 17 00:00:00 2001 From: "Gerd v. Egidy" Date: Mon, 25 Sep 2023 22:28:26 +0200 Subject: [PATCH 2/2] Fix findroot loop when the password to any encrypted device is unknown (#342) Do this by asking max 6 times for a password, then continue with the next device. Also fix a bug when an encrypted device on LVM leads to the same device name for the encrypted and unencrypted device. --- ChangeLog | 1 + airootfs/etc/initcpio/hooks/findroot | 13 ++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0f18209..984a0bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ SystemRescue ChangeLog ------------------------------------------------------------------------------ 10.03 (YYYY-MM-DD): ------------------------------------------------------------------------------ +* Fix findroot loop when the password to any encrypted device is unknown (#342) * Fix using findroot when /sbin/init is an absolute symlink (#340) * Added sleuthkit (Tools for raw file system inspection) (#349) * Added timeshift (snapshot-based backup solution) (#350) diff --git a/airootfs/etc/initcpio/hooks/findroot b/airootfs/etc/initcpio/hooks/findroot index 9934ed7..0a49213 100644 --- a/airootfs/etc/initcpio/hooks/findroot +++ b/airootfs/etc/initcpio/hooks/findroot @@ -17,12 +17,15 @@ run_hook() { if cryptsetup isLuks ${curdev} >/dev/null 2>&1 then echo "A passphrase is required to access device ${curdev}:" - local cryptname="${curdev##*/}" + local cryptname="luks-${curdev##*/}" local cryptargs="" - while ! eval cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs} - do - sleep 2; - done + if ! cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs}; then + if ! cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs}; then + # each cryptsetup call offers 3 tries to enter a valid password + # all 6 failed failed, so continue with the next device + continue + fi + fi if [ ! -e "/dev/mapper/${cryptname}" ] then err "Password succeeded but ${cryptname} creation failed, aborting..."