[arch-projects] [PATCH initscripts 0/4] allow random seed to be loaded before cryptsetup

[Tom Gundersen]

Hi Matthew,

On Wed, Mar 14, 2012 at 1:27 AM, Matthew Monaco <dgbaley27 at 0x01b.net> wrote:
> The ultimate goal here is FS#17131. I couldn't quite tell the best
> approach in some places from looking at the existing code because
> there's a little bit of everything.

Thanks for the patches. I'll just make some high-level remarks and
I'll look at the details later:

Patch 1, 2 and 4 look good in principle.

However, patch 3 (implementing the FS) has an issue (which is the
reason this has not been implemented yet). That is, it will not work
as expected if /var is encrypted.

In my opinion the proper solution for this is to split the crypttab
handling into two parts: one that does not use /dev/urandom and one
that does (which should be done after the random seed has been
initialized. I know that Dave has been looking into refactoring the
crypttab stuff, and hopefully that should make it much easier to make
this happen.

> I wanted to keep the status text in rc.sysinit. Is this worthwhile?

I think that is a good idea wherever possible.

-t