[Pkg-cryptsetup-devel] Bug#487256: Bug#487256: cryptsetup: add dep-scripts option to crypttab

Christoph Anton Mitterer calestyo at scientia.net
Sat Jun 21 11:30:47 UTC 2008


On Sat, 2008-06-21 at 13:20 +0200, Jonas Meurer wrote:
> I would say that exactly this is what keyscripts are for. Do anything
> that is needed to make the keyfile/passphrase available to cryptsetup.
Yes and no ;) .
Putting all into one script has the advantage that you have one central
point which is responsible for "making the key available", as you said.
I agree with this, too.
But this has the disadvantage that users will most likely have to adapt
these scripts.
And it then the scripts would also have to be adapted to decide whether
they are run from initramfs (and thus e.g. need to mount an additional
filesystem where the key comes from) or from the startup script (where
the maybe might not have to do this).


> And I don't think that yet another option should be added to crypttab,
> it's already to bloated.
However,.. I agree with you,.. that we should try to limit new options
in crypttab.


>  You should really implement such tasks in your
> keyscripts directly.
I'll present you a nice solution later today on the mailinglist,.. where
I didn't put this into the keyscript but it still works (hopefully).


> Also if you need to mount a device to read the key from, passdev, a
> keyscript recently added to the cryptsetup package and developed by
> David is your friend. Please see README.initramfs section 10. The
> "passdev" keyscript for more information.
Will have a look into it :-)


Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5108 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20080621/902830a1/attachment.bin 


More information about the Pkg-cryptsetup-devel mailing list