On 2020-07-04 01:07:15 +0200, Guilhem Moulin wrote:
> On Sat, 04 Jul 2020 at 00:54:53 +0200, Vincent Lefevre wrote:
> > I suppose that's
> >
> > wait_for_dropbear() {
> > […]
> > }
> >
> > Couldn't it also check whether the user has typed the passphrase,
> > and quit in this case?
>
> That would introduce back the race condition described in #943459.
I don't think so, as this would be equivalent to the current code when
it reaches the 60-second timeout, except that the wait_for_dropbear()
function will return earlier (with return value 1). Thus this would be
no worse than the current code.
> configure_networking() runs in the background and might still be running
> at init-bottom stage, after the user has unlocked all drives from the
> console. Also dropbear-initramfs isn't only used for remote unlocking
> and I don't want to tie the two with adhoc hacks.
It could be a generic abort condition for all init-bottom cases.
For instance, if a file /run/initramfs/init-bottom-terminate is
created, then all the init-bottom scripts should terminate ASAP.
Alternatively, wait_for_dropbear() could run a user-provided
script (if it exists) as an additional "while" condition.
And for that, cryptsetup-initramfs should have a way to signal
that the disks have been unlocked.
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
