[arch-projects] [initscripts][RFC] cryptsetup: deprecate old syntax and default to the systemd one

Heiko Baums lists at baums-on-web.de
Sat Jul 28 09:36:30 EDT 2012


Am Sat, 28 Jul 2012 13:02:38 +0200
schrieb Tom Gundersen <teg at jklm.no>:

> Could you please include the old and the new syntax you use so I can
> understand the problem?

The old syntax:
home		/dev/sdaX		/dev/usbkey:15675879:1024

The new syntax:
home         /dev/sdaX        /dev/usbkey
size=1024,keyfile-offset=15675879

The old syntax and the cryptsetup handling of initscripts, most part of
which I have written, btw., just works.

The new syntax and the cryptsetup handling of systemd does not.

See the /dev*) part in do_unlock_legacy(), and there particularly the
*) part. This is what I need.

> The key file is never written anywhere.

Are you sure? How is the key read and passed to cryptsetup? This
usually has to be done by entering the password manually or by passing
a key file. So if a key is read by dd it has to be written to a
temporary file, which then can passed to cryptsetup. And for security
reasons this temp file should first be overwritten and then deleted
directly after the container is opened.

Heiko


More information about the arch-projects mailing list