nixos/luksroot.nix: fallback to interactive password entry when no keyfile found

This commit is contained in:
Symphorien Gibol 2017-10-14 18:08:25 +02:00
parent 3fe7cddc30
commit 8158cd6d5e

View File

@ -43,8 +43,15 @@ let
open_normally() {
echo luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \
${optionalString (header != null) "--header=${header}"} \
${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \
> /.luksopen_args
${optionalString (keyFile != null) ''
if [ -e ${keyFile} ]; then
echo " --key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}" \
>> /.luksopen_args
else
echo "keyfile ${keyFile} not found -- fallback to interactive unlocking"
fi
''}
cryptsetup-askpass
rm /.luksopen_args
}