[systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution
David Härdeman
david at hardeman.nu
Sat Feb 8 21:07:04 CET 2014
On Wed, Feb 05, 2014 at 12:16:00AM +0100, Lennart Poettering wrote:
>On Thu, 30.01.14 10:40, David Härdeman (david at hardeman.nu) wrote:
>> This issue is fixable with minor upstream changes, e.g. by extending
>> the PasswordAgent protocol to add "Subsystem=cryptsetup" and
>> "Target=<diskname>" entries to the "ask.xxxx" file.
>
>I'd be fine with adding a field "Id=" or so, which then is filled by an
>identifier of some kind be the cryptsetup tool that is useful to
>identify the device to query things on. for example:
>"Id=cryptsetup:/dev/sda5" or so could be one way how this could be
>filled in. We wouldn't enfoce any kind of syntax on this, just suggest
>some common sense so that people choose identifiers that are unlikely to
>clash with other subsystems, and somewhat reasonable to read...
In the patches I sent I split it into "Purpose" and "Target" and my
thinking was more or less the same as yours...i.e. that there's no
particular syntax and that the meaning of the string is subsystem
specific.
I'd be happy to change the patch to use "Id=<subsystem>:<target>" if
you'd prefer.
>> b) the password agent implementation in systemd doesn't seem to
>> handle binary strings (i.e. strings with '\0'), as can be seen by
>> calls to e.g. "strlen()"...
>>
>> Whether making it binary safe would be a major change or not is
>> something I haven't researched yet but it seems like a change that
>> should be generally useful upstream...
>
>I'd be OK with this, as discussed at FOSDEM, and I see you already
>posted a ptach for this.
Yes. I take it you're pretty busy with the kdbus stuff right now but a
review of those patches would be nice when you have the time.
--
David Härdeman
More information about the systemd-devel
mailing list