fix(crypt-gpg): do not use always --card-status

If no GPG smart card is used then the card-status breaks the decryption of the keyfile. Therefore, use the card-status only if a smart card is used to decrypt the keyfie. Fixes issue #2004
dracutdevs · Jan 6, 2023 · e3e8108 · e3e8108
1 parent f6bb4a3
commit e3e8108
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/modules.d/91crypt-gpg/crypt-gpg-lib.sh b/modules.d/91crypt-gpg/crypt-gpg-lib.sh
@@ -31,6 +31,7 @@ gpg_decrypt() {
     local useSmartcard="0"
     local gpgMajorVersion
     local gpgMinorVersion
+    local cmd
     gpgMajorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')"
     gpgMinorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')"
 
@@ -48,10 +49,13 @@ gpg_decrypt() {
         fi
         GNUPGHOME="$gpghome" gpg-connect-agent 1> /dev/null learn /bye
         opts="$opts --pinentry-mode=loopback"
+        cmd="GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath"
+    else
+        cmd="gpg $opts --decrypt $mntp/$keypath"
     fi
 
     ask_for_password \
-        --cmd "GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath" \
+        --cmd "$cmd" \
         --prompt "${inputPrompt:-Password ($keypath on $keydev for $device)}" \
         --tries 3 --tty-echo-off