On Jul 28, 2012 3:36 PM, "Heiko Baums" <lists@baums-on-web.de> wrote:
>
> Am Sat, 28 Jul 2012 13:02:38 +0200
> schrieb Tom Gundersen <teg@jklm.no>:
>
> > Could you please include the old and the new syntax you use so I can
> > understand the problem?
>
> The old syntax:
> home /dev/sdaX /dev/usbkey:15675879:1024
>
> The new syntax:
> home /dev/sdaX /dev/usbkey
> size=1024,keyfile-offset=15675879
>
> The old syntax and the cryptsetup handling of initscripts, most part of
> which I have written, btw., just works.
>
> The new syntax and the cryptsetup handling of systemd does not.
Please double check that the units are correct in your new file.
> See the /dev*) part in do_unlock_legacy(), and there particularly the
> *) part. This is what I need.
>
> > The key file is never written anywhere.
>
> Are you sure? How is the key read and passed to cryptsetup? This
> usually has to be done by entering the password manually or by passing
> a key file. So if a key is read by dd it has to be written to a
> temporary file, which then can passed to cryptsetup. And for security
> reasons this temp file should first be overwritten and then deleted
> directly after the container is opened.
>
> Heiko