[arch-projects] [initscripts] next release

[Tom Gundersen]

On Sat, Nov 5, 2011 at 5:29 PM, Thomas Bächler <thomas at archlinux.org> wrote:
> Am 05.11.2011 10:05, schrieb Tom Gundersen:
>
>> My issue is with allowing passwords to be written "inline", as well as the
>> fact that we intepret the file as bash rather than plaintext.
>
> When automatically opening volumes, you are not supposed to use
> passphrases, but keyfiles.

Yeah, I think I'll add a warning when a passphrase is used. Having
looked through it, that should take care of most of my gripes.

>> If we skip those
>> possibilities and move closer to the Debian format from which (I assume) we
>> started, things should be simpler.
>
> I have no idea what that format is, but there is a shitload of
> possibilities for crypto, and a "one line per volume" format doesn't
> seem to cover them all.

This is Ubuntu's manpage:
<http://manpages.ubuntu.com/manpages/jaunty/man5/crypttab.5.html>. It
seems that most distros use something similar to this. I haven't
studied what everyone does in detail though. As always, if we are
going to change something, I suggest we don't invent our own format
but try to see if we can use something that already exists (preferably
something that is used by "everyone else").

>> I also heard that Gnome should soon get support for dealing with the Debian-
>> style crypttab format from a GUI, which we might want to take advantage of
>> (not that I use Gnome, but it sounded neat).
>
> I'd rather have a working format than support for a broken one in a GUI.

No argument there. The assumption is that the format is not broken :-)

> Why would you need GUI support for crypttab anyway? I don't see the benefit.

I don't use these kind of tools, but I imagine it would be sensible to
integrate this into whatever tool is used to manage/format disks.

-t