On Sat, Nov 5, 2011 at 5:29 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 05.11.2011 10:05, schrieb Tom Gundersen:
My issue is with allowing passwords to be written "inline", as well as the fact that we intepret the file as bash rather than plaintext.
When automatically opening volumes, you are not supposed to use passphrases, but keyfiles.
Yeah, I think I'll add a warning when a passphrase is used. Having looked through it, that should take care of most of my gripes.
If we skip those possibilities and move closer to the Debian format from which (I assume) we started, things should be simpler.
I have no idea what that format is, but there is a shitload of possibilities for crypto, and a "one line per volume" format doesn't seem to cover them all.
This is Ubuntu's manpage: <http://manpages.ubuntu.com/manpages/jaunty/man5/crypttab.5.html>. It seems that most distros use something similar to this. I haven't studied what everyone does in detail though. As always, if we are going to change something, I suggest we don't invent our own format but try to see if we can use something that already exists (preferably something that is used by "everyone else").
I also heard that Gnome should soon get support for dealing with the Debian- style crypttab format from a GUI, which we might want to take advantage of (not that I use Gnome, but it sounded neat).
I'd rather have a working format than support for a broken one in a GUI.
No argument there. The assumption is that the format is not broken :-)
Why would you need GUI support for crypttab anyway? I don't see the benefit.
I don't use these kind of tools, but I imagine it would be sensible to integrate this into whatever tool is used to manage/format disks. -t