added autoretry stop mechansm

desultory · desultory · commit 784c96880c1e · 2023-11-02T19:50:36.000-05:00
Signed-off-by: Zen &lt;z@pyl.onl&gt;
diff --git a/readme.md b/readme.md
@@ -255,6 +255,8 @@ This configuration can be overriden in the specified user config if an actual se
 
 Depends on the `ugrd.crypto.gpg` submodule, meant to be used with a YubiKey.
 
+> Sets `cryptsetup_autoretry` to false
+
 `sc_public_key` should point to the public key associated with the smarcard used to decrypt the GPG protected LUKS keyfile.
 This file is added as a dependency and pulled into the initramfs.
 
@@ -301,6 +303,7 @@ Cryptsetup global config:
 
 * `cryptsetup_key_type` (keyfile) Used to determine how a key is unlocked, setting it globally changes the default for definitions
 * `cryptsetup_retries` (5) The default number of times to try to unlock a device.
+* `cryptsetup_autoretry` (false) Whether or not to automatically retry mount attempts.
 
 ##### Key type definitions
 
diff --git a/ugrd/crypto/cryptsetup.py b/ugrd/crypto/cryptsetup.py
@@ -132,6 +132,9 @@ def open_crypt_device(self, name, parameters):
             '       break',
             '    else',
             f'        echo "Failed to open device: {name} ($i / {retries})"']
+    # Halt if the autoretry is disabled
+    if not self.config_dict['cryptsetup_autoretry']:
+        out += ['        read -sr -p "Press enter to retry"']
     # Add the reset command if it exists
     if reset_command := parameters.get('reset_command'):
         out += ['        echo "Running key reset command"',
diff --git a/ugrd/crypto/cryptsetup.toml b/ugrd/crypto/cryptsetup.toml
@@ -5,6 +5,7 @@ paths = [ "run" ]
 _kmod_depend = [ "dm_crypt", "crc32c" ]
 
 cryptsetup_retries = 5
+cryptsetup_autoretry = true
 cryptsetup_key_type = "keyfile"
 
 [imports.config_processing]
@@ -30,3 +31,4 @@ cryptsetup = "dict"  # Dict of cryptsetup volume to be unlocked, keyed by mapped
 cryptsetup_key_type = "str"  # The default key type to use for unlocking devices
 cryptsetup_key_types = "dict"  # Dict containing key types and their associated mount commands
 cryptsetup_retries = "int"  # Number of times to retry unlocking a device
+cryptsetup_autoretry = "bool"  # Whether to automatically retry unlocking devices
diff --git a/ugrd/crypto/smartcard.toml b/ugrd/crypto/smartcard.toml
@@ -3,6 +3,7 @@ modules = [ "ugrd.crypto.gpg" ]
 binaries = [ "/usr/libexec/scdaemon" ]
 
 _kmod_depend = "uhid"
+cryptsetup_autoretry = false
 
 [cryptsetup_key_types.gpg]
 reset_command = "gpgconf --reload scdaemon && gpg --card-status"
