[pkg-cryptsetup-devel] Bug#901795: cryptsetup: new version may break 3rd party keyscripts (and thus boot)
Guilhem Moulin
guilhem at debian.org
Mon Jun 18 19:19:38 BST 2018
Control: tag -1 moreinfo
Hi Christoph,
On Mon, 18 Jun 2018 at 15:06:59 +0200, Christoph Anton Mitterer wrote:
> Fritst thanks for work you've done in the recent new versions. Sooo many
> nice things have been implemented/fixed :-)
:-)
> The problem seems that in earlier versions, the initramfs got this file:
> main/conf/conf.d/cryptroot with:
> target=system,source=/dev/disk/by-uuid/97d2d814-72f6-11e8-a274-742b62897688,rootdev,keyscript=/lib/cryptsetup/scripts/decrypt_openpgp,tries=0,key=device=/dev/disk/by-label/keyFilePart:pathname=/etc/dm-crypt/keys/keyfile_for_system
> […]
> 1) Such a file/format change should go to the NEWS file ;-)
I disagree, the location of this file and its format are internal
(undocumented) implementation details, so third-party keyscripts
shouldn't rely on this. Please use the interface documented in
crypttab(5) to determine which device your keyscript is processing.
You should find the following in the keyscript's environment:
CRYPTTAB_NAME=system
CRYPTTAB_SOURCE=/path/to/source/device
CRYPTTAB_KEY=device=/dev/disk/by-label/keyFilePart:pathname=/etc/dm-crypt/keys/heisenberg.scientia.net_system
CRYPTTAB_OPTION_loud=yes
CRYPTTAB_OPTION_luks=yes
CRYPTTAB_OPTION_keyscript=/lib/cryptsetup/scripts/decrypt_openpgp
CRYPTTAB_OPTION_tries=0
IMHO this bug should either be closed (not a bug) or, if there is a need
to improve the documentation, its severity lowered to wishlist, and its
title changed accordingly. It's not a regression in either case; it's
in no way ‘important’ since you were the one shooting yourself in the
foot by relying on undocumented behavior :-P
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180618/0a58008d/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list