diff -urpa dracut-056.orig/modules.d/90crypt/cryptroot-ask.sh dracut-056/modules.d/90crypt/cryptroot-ask.sh --- dracut-056.orig/modules.d/90crypt/cryptroot-ask.sh 2022-02-18 12:32:53.000000000 +0100 +++ dracut-056/modules.d/90crypt/cryptroot-ask.sh 2022-08-28 19:27:11.079536407 +0200 @@ -112,6 +112,9 @@ while [ $# -gt 0 ]; do header=*) cryptsetupopts="${cryptsetupopts} --${1}" ;; + keyscript=*) + keyscript=${1##keyscript=} + ;; esac shift done @@ -174,6 +177,15 @@ else done fi +if [ ! -z "$keyscript" -a -x "$keyscript" ]; then + info "Executing keyscript $keyscript" + eval $keyscript "$luksfile" | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname" + cryptsetup status "$luksname" > /dev/null 2>&1 + if [ $? -eq 0 ]; then + ask_passphrase=0 + fi +fi + if [ $ask_passphrase -ne 0 ]; then luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen" _timeout=$(getargs "rd.luks.timeout") diff -urpa dracut-056.orig/modules.d/90crypt/module-setup.sh dracut-056/modules.d/90crypt/module-setup.sh --- dracut-056.orig/modules.d/90crypt/module-setup.sh 2022-02-18 12:32:53.000000000 +0100 +++ dracut-056/modules.d/90crypt/module-setup.sh 2022-08-28 19:27:11.079536407 +0200 @@ -136,10 +136,26 @@ install() { forceentry="yes" break ;; + keyscript=*) + keyscript=${1##keyscript=} + break + ;; esac shift done + if [ ! -z "${keyscript}" ]; then + if [ -x "${keyscript}" ]; then + if [ ! -d "${initdir}/etc/keyscripts" ]; then + mkdir "${initdir}/etc/keyscripts" 2>/dev/null + fi + inst_script "${keyscript}" /etc/keyscripts/${keyscript##*/} + _luksoptions=${_luksoptions/${keyscript%%=*}/\/etc\/keyscripts\/${keyscript##*/}} + else + dwarning "Missing keyscript referenced in crypttab: ${keyscript}" + fi + fi + # include the entry regardless if [ "${forceentry}" = "yes" ]; then echo "$_mapper $_dev $_luksfile $_luksoptions"