[systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

Lennart Poettering lennart at poettering.net
Wed Feb 5 00:16:00 CET 2014

On Thu, 30.01.14 10:40, David Härdeman (david at hardeman.nu) wrote:

> a) getting the name of the cryptdev that the password request
> corresponds to currently involves parsing the prompt message
> ("Please enter passphrase for disk %s!") which is obviously not a
> real solution...
> This issue is fixable with minor upstream changes, e.g. by extending
> the PasswordAgent protocol to add "Subsystem=cryptsetup" and
> "Target=<diskname>" entries to the "ask.xxxx" file.

I'd be fine with adding a field "Id=" or so, which then is filled by an
identifier of some kind be the cryptsetup tool that is useful to
identify the device to query things on. for example:
"Id=cryptsetup:/dev/sda5" or so could be one way how this could be
filled in. We wouldn't enfoce any kind of syntax on this, just suggest
some common sense so that people choose identifiers that are unlikely to
clash with other subsystems, and somewhat reasonable to read...

> b) the password agent implementation in systemd doesn't seem to
> handle binary strings (i.e. strings with '\0'), as can be seen by
> calls to e.g. "strlen()"...
> Whether making it binary safe would be a major change or not is
> something I haven't researched yet but it seems like a change that
> should be generally useful upstream...

I'd be OK with this, as discussed at FOSDEM, and I see you already
posted a ptach for this.

> a) the cryptsetup package
> b) as part of the Debian systemd package
> c) upstream systemd

I'd prefer to keep this tool in a Debian-specific package. I am not
convinced that the key script thing is something we should standardize
on cross-distributions.


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list