xianlin · August 10, 2024 05:12 · xianlin · Aug 10, 2024
diff --git a/cryptsetup-functions.patch b/cryptsetup-functions.patch
 --- orig/functions	2023-06-12 19:44:03.169739289 +0200
 +++ /usr/lib/cryptsetup/functions	2023-06-12 19:45:25.780386107 +0200
 @@ -83,6 +83,7 @@
              CRYPTTAB_OPTION_keyslot \
              CRYPTTAB_OPTION_header \
              CRYPTTAB_OPTION_tcrypthidden \
 +             CRYPTTAB_OPTION_timeout \
              CRYPTTAB_OPTION_same_cpu_crypt \
              CRYPTTAB_OPTION_submit_from_crypt_cpus \
              CRYPTTAB_OPTION_no_read_workqueue \
 @@ -186,7 +187,7 @@
             fi
         ;;
         # numeric options >=0
 -        offset|skip|tries|keyslot|keyfile-offset)
 +        offset|skip|tries|keyslot|keyfile-offset|timeout)
             if ! printf '%s' "${VALUE-}" | grep -Exq "[0-9]+"; then
                 return 1
             fi
diff --git a/cryptsetup-initramfs-cryptroot.patch b/cryptsetup-initramfs-cryptroot.patch
 --- /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig	2023-04-21 00:54:29.000000000 +0200
 +++ /usr/share/initramfs-tools/scripts/local-top/cryptroot	2023-06-12 19:38:06.706673696 +0200
 @@ -148,8 +148,16 @@
         fi
     fi
 
 -    local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv
 +    local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" poweroffpid=0 fstype vg rv
     while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
 +        if [ "${CRYPTTAB_OPTION_timeout:-0}" -gt 15 ]; then
 +            # Power down if not key has been entered within $timeout seconds.
 +            # Ignore values below 15 seconds to give the user a chance
 +            # to enter his passphrase in case of a typo in /etc/crypttab.
 +            cryptsetup_message "Timeout in $CRYPTTAB_OPTION_timeout seconds"
 +	    (sleep "$CRYPTTAB_OPTION_timeout" && cryptsetup_message "poweroff" && poweroff -f) &
 +            poweroffpid=$!
 +        fi
         if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
             # unlock via keyfile
             unlock_mapping "$CRYPTTAB_KEY"
 @@ -159,6 +167,9 @@
         fi
         rv=$?
         count=$(( $count + 1 ))
 +        if [ "$poweroffpid" -gt 0 ]; then
 +            kill "$poweroffpid"
 +        fi
 
         if [ $rv -ne 0 ]; then
             cryptsetup_message "ERROR: $CRYPTTAB_NAME: cryptsetup failed, bad password or options?"
	--- orig/functions 2023-06-12 19:44:03.169739289 +0200
	+++ /usr/lib/cryptsetup/functions 2023-06-12 19:45:25.780386107 +0200
	@@ -83,6 +83,7 @@
	CRYPTTAB_OPTION_keyslot \
	CRYPTTAB_OPTION_header \
	CRYPTTAB_OPTION_tcrypthidden \
	+ CRYPTTAB_OPTION_timeout \
	CRYPTTAB_OPTION_same_cpu_crypt \
	CRYPTTAB_OPTION_submit_from_crypt_cpus \
	CRYPTTAB_OPTION_no_read_workqueue \
	@@ -186,7 +187,7 @@
	fi
	;;
	# numeric options >=0
	- offset\|skip\|tries\|keyslot\|keyfile-offset)
	+ offset\|skip\|tries\|keyslot\|keyfile-offset\|timeout)
	if ! printf '%s' "${VALUE-}" \| grep -Exq "[0-9]+"; then
	return 1
	fi
	--- /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig 2023-04-21 00:54:29.000000000 +0200
	+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot 2023-06-12 19:38:06.706673696 +0200
	@@ -148,8 +148,16 @@
	fi
	fi

	- local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv
	+ local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" poweroffpid=0 fstype vg rv
	while [ $maxtries -le 0 ] \|\| [ $count -lt $maxtries ]; do
	+ if [ "${CRYPTTAB_OPTION_timeout:-0}" -gt 15 ]; then
	+ # Power down if not key has been entered within $timeout seconds.
	+ # Ignore values below 15 seconds to give the user a chance
	+ # to enter his passphrase in case of a typo in /etc/crypttab.
	+ cryptsetup_message "Timeout in $CRYPTTAB_OPTION_timeout seconds"
	+ (sleep "$CRYPTTAB_OPTION_timeout" && cryptsetup_message "poweroff" && poweroff -f) &
	+ poweroffpid=$!
	+ fi
	if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
	# unlock via keyfile
	unlock_mapping "$CRYPTTAB_KEY"
	@@ -159,6 +167,9 @@
	fi
	rv=$?
	count=$(( $count + 1 ))
	+ if [ "$poweroffpid" -gt 0 ]; then
	+ kill "$poweroffpid"
	+ fi

	if [ $rv -ne 0 ]; then
	cryptsetup_message "ERROR: $CRYPTTAB_NAME: cryptsetup failed, bad password or options?"