[arch-projects] [initscripts][RFC] cryptsetup: deprecate old syntax and default to the systemd one

Tom Gundersen teg at jklm.no
Sat Jul 28 10:21:40 EDT 2012


On Jul 28, 2012 3:36 PM, "Heiko Baums" <lists at baums-on-web.de> wrote:
>
> Am Sat, 28 Jul 2012 13:02:38 +0200
> schrieb Tom Gundersen <teg at jklm.no>:
>
> > Could you please include the old and the new syntax you use so I can
> > understand the problem?
>
> The old syntax:
> home            /dev/sdaX               /dev/usbkey:15675879:1024
>
> The new syntax:
> home         /dev/sdaX        /dev/usbkey
> size=1024,keyfile-offset=15675879
>
> The old syntax and the cryptsetup handling of initscripts, most part of
> which I have written, btw., just works.
>
> The new syntax and the cryptsetup handling of systemd does not.

Please double check that the units are correct in your new file.

> See the /dev*) part in do_unlock_legacy(), and there particularly the
> *) part. This is what I need.
>
> > The key file is never written anywhere.
>
> Are you sure? How is the key read and passed to cryptsetup? This
> usually has to be done by entering the password manually or by passing
> a key file. So if a key is read by dd it has to be written to a
> temporary file, which then can passed to cryptsetup. And for security
> reasons this temp file should first be overwritten and then deleted
> directly after the container is opened.
>
> Heiko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20120728/67073a82/attachment.html>


More information about the arch-projects mailing list