[Pkg-cryptsetup-devel] Bug#465902: Bug#465902: Bug#465902: cryptroot remote unlocking on boot feature

David Härdeman david at hardeman.nu
Wed Feb 27 14:33:59 UTC 2008


On Tue, February 26, 2008 22:31, Jonas Meurer wrote:
> On 20/02/2008 debian at x.ray.net wrote:
>>> I object against this. At least I believe that David had something in
>>> mind when he added the '< /dev/console >' redirections to invocations
>>> of cryptsetup.
>>
>> it looks like this was simply because of the stdin redirection for the
>> read, changing the std* of the processes inside the loop therefore looks
>> like collateral damage and the < /dev/console > /dev/console like a
>> workaround, which the construct according to the diff simply fixes.
>>
>> i hope david will point it out in case there is any additional knack to
>> it.
>
> David, can you comment on this. I have to admit that I don't understand
> the initramfs stuff good enough yet to make a decision regarding this
> bugreport.

I think removing the redirections is ok, it is cleaner and it shouldn't
break anything (and if we do get reports that it does, we can change it
back).

The addition of "[ "`tty`" == "/dev/console" ]" I did not quite
understand. What was the purpose there? Manual invocations of the
cryptsetup initramfs script I assume?

As for the rest of the patch, I am still not convinced.

On the other hand, I already have some code for a simple program (in C)
that automatically uses usplash or console to get a passphrase from a
user. Perhaps it is time to dust it off, add fifo as a third input method
and add it to cryptsetup.

It should make writing keyscripts simpler and should allow this ssh
support to be written as a keyscript...in addition, we could remove some
special cases from the initramfs script as that binary could be used as
the keyscript when no particular keyscript has been defined (meaning we
always run a "keyscript" and can move some of the usplash special cases
from the initramfs script).

I have exams on 4:th, 5:th, 6:th and 12:th of March, so I won't have time
to hack on that for another week or two though (not intended to try your
patience Chris :))

On an unrelated note...what host key does the dropbear daemon use in the
initramfs?

-- 
David Härdeman






More information about the Pkg-cryptsetup-devel mailing list