On 03/13/2012 07:46 PM, Tom Gundersen wrote:
Hi Matthew,
On Wed, Mar 14, 2012 at 1:27 AM, Matthew Monaco <dgbaley27@0x01b.net> wrote:
The ultimate goal here is FS#17131. I couldn't quite tell the best approach in some places from looking at the existing code because there's a little bit of everything.
Thanks for the patches. I'll just make some high-level remarks and I'll look at the details later:
Patch 1, 2 and 4 look good in principle.
However, patch 3 (implementing the FS) has an issue (which is the reason this has not been implemented yet). That is, it will not work as expected if /var is encrypted.
This is why prior to cryptsetup is just an attempt. If that isn't possible, then it's still performed in the same spot as before.
In my opinion the proper solution for this is to split the crypttab handling into two parts: one that does not use /dev/urandom and one that does (which should be done after the random seed has been initialized. I know that Dave has been looking into refactoring the crypttab stuff, and hopefully that should make it much easier to make this happen.
Yes, it'd be nice to run cryptsetup on as much as possible early, and then use volums with a major/minor 1/{8,9} later.
I wanted to keep the status text in rc.sysinit. Is this worthwhile?
I think that is a good idea wherever possible.
-t