diff -urpa dracut-048.orig/modules.d/90crypt/cryptroot-ask.sh dracut-048/modules.d/90crypt/cryptroot-ask.sh --- dracut-048.orig/modules.d/90crypt/cryptroot-ask.sh 2018-07-06 08:37:51.000000000 +0000 +++ dracut-048/modules.d/90crypt/cryptroot-ask.sh 2018-07-21 14:44:47.121435253 +0000 @@ -106,6 +106,9 @@ while [ $# -gt 0 ]; do header=*) cryptsetupopts="${cryptsetupopts} --${1}" ;; + keyscript=*) + keyscript=${1##keyscript=} + ;; esac shift done @@ -163,6 +166,14 @@ else done fi +if [ ! -z "$keyscript" -a -x "$keyscript" ]; then + info "Executing keyscript $keyscript" + eval $keyscript + if [ $? -eq 0 ]; then + ask_passphrase=0 + fi +fi + if [ $ask_passphrase -ne 0 ]; then luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen" _timeout=$(getargs "rd.luks.timeout") diff -urpa dracut-048.orig/modules.d/90crypt/module-setup.sh dracut-048/modules.d/90crypt/module-setup.sh --- dracut-048.orig/modules.d/90crypt/module-setup.sh 2018-07-06 08:37:51.000000000 +0000 +++ dracut-048/modules.d/90crypt/module-setup.sh 2018-07-21 14:44:47.121435253 +0000 @@ -97,10 +97,26 @@ install() { forceentry="yes" break ;; + keyscript=*) + keyscript=${1##keyscript=} + break + ;; esac shift done + if [ ! -z "${keyscript}" ]; then + if [ -x "${keyscript}" ]; then + if [ ! -d "${initdir}/etc/keyscripts" ]; then + mkdir "${initdir}/etc/keyscripts" 2>/dev/null + fi + inst_script "${keyscript}" /etc/keyscripts/${keyscript##*/} + _luksoptions=${_luksoptions/${keyscript%%=*}/\/etc\/keyscripts\/${keyscript##*/}} + else + dwarning "Missing keyscript referenced in crypttab: ${keyscript}" + fi + fi + # include the entry regardless if [ "${forceentry}" = "yes" ]; then echo "$_mapper $_dev $_luksfile $_luksoptions"