2 ### udpkey.keyscript KEY/SERVER:PORT[=TAG][#HASH];...
4 ### This is an example cryptsetup key-script for fetching keys during early
5 ### boot. The argument is obtained as the `key-file' field from the
6 ### crypttab(5) file. The KEY is the key tag name requested from the
7 ### server(s); the rest of the argument is a udpkey(1) source-spec.
9 ### A hook script or similar should arrange for /usr/bin/udpkey to be
10 ### installed and for the following things to be placed in /etc/udpkey in the
11 ### initramfs. See udpkey.initramfs-hook for an example.
13 ### keyring The keyring file used by udpkey.
15 ### KEY.local A locally held key fragment. (Optional.)
17 ### seed A key for udpkey's random-number generator. Ideally, a hook
18 ### script should write high-quality random data to this file
19 ### each time the initramfs is constructed.
21 ### The generated initramfs will contain important secrets. It must not be
22 ### left readable by unprivileged users.
26 ## Check the command-line argument.
28 1,*/*:*) tag
=${1%%/*} server
=${1#*/} ;;
29 *) echo >&2 "Usage: $0 KEY/SERVER:PORT[=TAG][#HASH];..."; exit 16 ;;
32 ## Some preflight checks.
33 if [ ! -x
/usr
/bin
/udpkey
]; then
34 echo >&2 "$0: can't find udpkey executable"
37 if [ ! -f
/etc
/udpkey
/keyring
]; then
38 echo >&2 "$0: can't find local keyring"
42 ## Make sure we have networking.
43 if [ -f
/scripts
/functions
]; then
48 ## Build a command line.
49 cmd
="/usr/bin/udpkey -k/etc/udpkey/keyring"
50 if [ -f
/etc
/udpkey
/seed
]; then
51 cmd
="$cmd -r/etc/udpkey/seed"
53 cmd
="$cmd $tag $server"
54 if [ -f
/etc
/udpkey
/$tag.
local ]; then
55 cmd
="$cmd /etc/udpkey/$tag.local"
~mdw / udpkey / blob