Hi Matthew, On Wed, Mar 14, 2012 at 1:27 AM, Matthew Monaco <dgbaley27@0x01b.net> wrote:
The ultimate goal here is FS#17131. I couldn't quite tell the best approach in some places from looking at the existing code because there's a little bit of everything.
Thanks for the patches. I'll just make some high-level remarks and I'll look at the details later: Patch 1, 2 and 4 look good in principle. However, patch 3 (implementing the FS) has an issue (which is the reason this has not been implemented yet). That is, it will not work as expected if /var is encrypted. In my opinion the proper solution for this is to split the crypttab handling into two parts: one that does not use /dev/urandom and one that does (which should be done after the random seed has been initialized. I know that Dave has been looking into refactoring the crypttab stuff, and hopefully that should make it much easier to make this happen.
I wanted to keep the status text in rc.sysinit. Is this worthwhile?
I think that is a good idea wherever possible. -t