[SOLVED]Choose different autologin-user depending on luks-keyslot used

viktordick · 2012-03-19 23:42:24

I got two users on this system and both have a passphrase for the system encryption with luks. Now I want to build a script that changes the gdm settings at boot time to change the user that is going to be logged in automatically depending on which slot was unlocked.
I already changed /lib/initcpio/hooks/encrypt to include a "-v" when cryptsetup is called (so it gives the number of the slot to the output) and also changed the appropriate lines to

while ! CRYPTSLOT=$(/sbin/cryptsetup -v luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}); do
  sleep 2;
done

which saves the output in the variable CRYPTSLOT.
Now I just need to export this variable somehow in a way that i can pick it up in some rc.d script (at a time when the filesystems are mounted etc.). I tried just

export CRYPTSLOT

, which did not work. Saving it to a file will also not be possible since the hook is run before / is mounted, in the initramdisk. Is there any other possibility? Can I write it to some file in /boot? (is it mounted?)
I also tried it without a variable, extracting the information from dmesg or /etc/messages.log, but it wasn't there. If I do not save it in the variable I see it in the boot screen, but I can not pass it to some later script.

Last edited by viktordick (2012-03-25 15:34:34)

Isola · 2012-03-22 00:32:56

The output of cryptsetup is probably not stored in the variable because it's printed on stderr not stdout!
You need to redirect it by adding 2>&1 to the end like this:

while ! CRYPTSLOT=$(/sbin/cryptsetup -v luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET} 2>&1); do
  sleep 2;
done

Then add something like this just after:

msg "This is the output from cryptsetup, with function msg: $CRYPTSLOT"
err "This is the output from cryptsetup, with function err: $CRYPTSLOT"

Then see which one, or if both, shows up in dmesg once the system is booted.

Don't forget that when the kernel or cryptsetup is upgraded, your changes to /lib are overwritten! I noticed this when I added a ASCII skull to my cryptsetup password prompt!

viktordick · 2012-03-22 08:17:08

The output is put to stdout, not stderr. Is msg some function inside the initramfs? Because bash does not find the command, but if I put it into the hook, it acts the same way as echo. Its argument still does not appear in dmesg.
Well, I found another way: I wrote the output to /dev/cryptslot. /dev is already there and it seems it is also writeable. So in /lib/initcpio/hooks/encrypt I have

while ! /sbin/cryptsetup -v luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET} > /dev/cryptslot; do
  sleep 2;
done

and then I created a script in /etc/rc.d/changeuser:

#!/bin/bash

case "$1" in
  start)
  	SLOT=$(cat /dev/cryptslot | cut -d ' ' -f 3)
	case $SLOT in
		0) cp /etc/gdm/custom-user1.conf /etc/gdm/custom.conf;;
		1) cp /etc/gdm/custom-user2.conf /etc/gdm/custom.conf;;
	esac
	;;
  stop)
    ;;
  restart)
    $0 stop
    sleep 1
    $0 start
    ;;
  *)
    echo "usage: $0 {start|stop|restart}"
esac
exit 0

Of course, this has to be added to /etc/rc.conf, too. Preferably before gdm and not in background.

Maybe this ist not such a good solution since /dev is not the right place for this. /proc might be better, but I cannot write anything there.

And yeah, the changes in /lib will probably be overwritten, but they are few, I can redo them when neccessary.

viktordick · 2012-03-22 08:22:57

So thanks for your reply. I am new to this forum (and have not been using other forums a lot either). How do I mark this as solved?

lifeafter2am · 2012-03-22 12:59:33

viktordick wrote:

So thanks for your reply. I am new to this forum (and have not been using other forums a lot either). How do I mark this as solved?

Edit your original post by clicking on the edit button. Then add [Solved] to the threads subject.

Arch Linux

#1 2012-03-19 23:42:24

[SOLVED]Choose different autologin-user depending on luks-keyslot used

#2 2012-03-22 00:32:56

Re: [SOLVED]Choose different autologin-user depending on luks-keyslot used

#3 2012-03-22 08:17:08

Re: [SOLVED]Choose different autologin-user depending on luks-keyslot used

#4 2012-03-22 08:22:57

Re: [SOLVED]Choose different autologin-user depending on luks-keyslot used

#5 2012-03-22 12:59:33

Re: [SOLVED]Choose different autologin-user depending on luks-keyslot used

Board footer