X-Git-Url: https://code.delx.au/monosys/blobdiff_plain/3afb7daadb9d52502a5816120b10cedecc02bcb6..594e65a87647eca3cbe00df3a270839a7a852186:/bin/reboot-no-passphrase

diff --git a/bin/reboot-no-passphrase b/bin/reboot-no-passphrase
new file mode 100755
index 0000000..0f9b56d
--- /dev/null
+++ b/bin/reboot-no-passphrase
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# When using the Arch Linux mkinitcpio encrypt if the file /crypto_keyfile.bin
+# exists in the initramfs then it will be used to attempt unlocking.
+# 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512
+# 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf
+# 3. mkinitcpio -p linux
+# 4. Enable the disable-crypto_keyfiles@<root-disk-id>.service
+# 5. Run this script when you want to reboot without a passphrase
+
+
+crypto_keyfile="/crypto_keyfile.bin"
+reboot_cmd="${1:-sudo reboot}"
+
+if [ ! -f "$crypto_keyfile" ]; then
+    echo "Failed to find $crypto_keyfile"
+    exit 1
+fi
+
+found_devices=""
+for disk_id in $(ls /etc/systemd/system/basic.target.wants/disable-crypto_keyfile@*.service | cut -d'@' -f2 | cut -d. -f1); do
+    found=1
+    found_devices="${found_devices} /dev/disk/by-id/${disk_id}"
+done
+
+if [ -z "$found_devices" ]; then
+    echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled."
+    exit 1
+fi
+
+echo -n "Enter password for devices: "
+read -r -s pw
+echo ""
+for device_filename in $found_devices; do
+    echo "Adding key to $device_filename"
+    sudo cryptsetup luksAddKey "$device_filename" "$crypto_keyfile" --key-slot 7 <<EOF
+${pw}
+EOF
+done
+
+$reboot_cmd