You are not logged in.
Hi all,
I'm trying to create my own version of the encrypt hook for mkinitcpio. The goal is to support fully encrypted root partition with a gpg encrypted keyfile that resides on an external usb drive. So at boot, I'd have to enter the correct password for the gpg encrypted keyfile which would then be piped to cryptsetup to open the luks encrypted root partion.
In my hook (which is in /lib/initcpio/hooks/), I got everything working, except the "piping gpg to cryptsetup" part. The following line fails to ask me for the password:
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}This will simply fail with a "no key available with this passphrase" message. I never get to enter the password.
All variables seem to be correct.
What am I missing?
EDIT:
Solved by doing something like this:
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fiMight not be the prettiest way to do it, but it works.
Last edited by fabriceb (2011-06-04 13:15:50)
Offline
To test, I removed the cryptsetup part. GPG gets executed but says:
gpg: cannot open '/dev/tty': No such device or addressAny ideas?
Last edited by fabriceb (2011-06-03 15:08:00)
Offline