Bug#618862: systemd: ignores keyscript in crypttab

[Marc Haber]

severity #618862 important
thanks

On Sat, Mar 19, 2011 at 03:40:25AM +0100, Mourad De Clerck wrote:
> my root and swap partition are encrypted with cryptsetup; root uses a custom
> keyscript and swap uses the cryptsetup-provided "decrypt_derived" keyscript.
> systemd seems to be unable to work with keyscripts at all, and requires
> password input for every volume that wasn't activated already. Luckily, my
> root FS is activated by the initramfs.
> 
> I don't want to have to type in a password for every encrypted volume: on
> some of my machines this would mean having to type five or more passwords on
> boot.

I have a quite similar setup, only that the keys needed to unlock the
12 LVs are like 300 bytes of binary gibberish long. Typing them during
system boot is kind of out of the question.

Missing keyscript support is a total surprise to me, which breaks my
three most important systems. I am thus raising the severity of this
bug to important. It could also be higher, since it breaks the system.

I am also concerned since I remember well analyzing the scripts in the
initrd when I developed my cryptdisk setup. Since these mechanics seem
to have moved into systemd, I have learned that I would not have been
able to find out what's going on during system boot if we had systemd
back then. I don't like that idea at all.

Management Summary: Please make keyscript work.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062