[Pkg-cryptsetup-devel] Bug#465902: Bug#465902: Bug#465902: cryptroot remote unlocking on boot feature
david at hardeman.nu
Wed Feb 27 14:33:59 UTC 2008
On Tue, February 26, 2008 22:31, Jonas Meurer wrote:
> On 20/02/2008 debian at x.ray.net wrote:
>>> I object against this. At least I believe that David had something in
>>> mind when he added the '< /dev/console >' redirections to invocations
>>> of cryptsetup.
>> it looks like this was simply because of the stdin redirection for the
>> read, changing the std* of the processes inside the loop therefore looks
>> like collateral damage and the < /dev/console > /dev/console like a
>> workaround, which the construct according to the diff simply fixes.
>> i hope david will point it out in case there is any additional knack to
> David, can you comment on this. I have to admit that I don't understand
> the initramfs stuff good enough yet to make a decision regarding this
I think removing the redirections is ok, it is cleaner and it shouldn't
break anything (and if we do get reports that it does, we can change it
The addition of "[ "`tty`" == "/dev/console" ]" I did not quite
understand. What was the purpose there? Manual invocations of the
cryptsetup initramfs script I assume?
As for the rest of the patch, I am still not convinced.
On the other hand, I already have some code for a simple program (in C)
that automatically uses usplash or console to get a passphrase from a
user. Perhaps it is time to dust it off, add fifo as a third input method
and add it to cryptsetup.
It should make writing keyscripts simpler and should allow this ssh
support to be written as a keyscript...in addition, we could remove some
special cases from the initramfs script as that binary could be used as
the keyscript when no particular keyscript has been defined (meaning we
always run a "keyscript" and can move some of the usplash special cases
from the initramfs script).
I have exams on 4:th, 5:th, 6:th and 12:th of March, so I won't have time
to hack on that for another week or two though (not intended to try your
patience Chris :))
On an unrelated note...what host key does the dropbear daemon use in the
More information about the Pkg-cryptsetup-devel