[pkg-cryptsetup-devel] Bug#471727: Bug#471727: passdev keyscript

Jonas Meurer jonas at freesources.org
Tue Jul 29 10:00:18 UTC 2008


Hey Christoph,

On 29/07/2008 Christoph Anton Mitterer wrote:
> On Tue, 2008-07-29 at 11:30 +0200, Jonas Meurer wrote:
> > You can invoke /lib/cryptsetup/passdev from your keyscript directly. It
> > is currently not possible to combine several keyscripts in /etc/crypttab.
> Unfortunately this has the problem, that the keyscript always invokes
> passdev (except you do ugly tests or so ;) )... but perhaps it's not
> required when setting up devices (e.g. non-root-filesystems).

I'm not sure that I understand what you mean. If you want your keyscript
to mount any removable media to read the keyfile from, passdev is the
way to go. If you don't need that, simply don't use passdev.
In case that you want to support both, just check for existance of the
keyfile *in your keyscript* and invoke passdev only when the keyfile is
not available yet.

> Wouldn't it make sense that cryptsetups scripts _always_ run passdev
> automatically,... checking whether the file is available, and if not,
> mounting the source?
> One could even be backwards compatible by making
> [source-device:]key-file optional

I don't see any reason to do that. Please stop requesting the
implementation of any random function in cryptdisks only because you
think that it would be useful for your keyscript. cryptdisks is already
way to cluttered.

If it is possible to implement the required functionality inside the
keyscript, that's the way to go.

Also, what would be the advantage of doing "ugly tests or so" in
cryptdisks over doing them in the keyscript directly?

greetings,
 jonas





More information about the pkg-cryptsetup-devel mailing list