[systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

Lennart Poettering lennart at poettering.net
Tue Feb 11 12:29:16 CET 2014


On Sat, 08.02.14 21:07, David Härdeman (david at hardeman.nu) wrote:

> 
> On Wed, Feb 05, 2014 at 12:16:00AM +0100, Lennart Poettering wrote:
> >On Thu, 30.01.14 10:40, David Härdeman (david at hardeman.nu) wrote:
> >> This issue is fixable with minor upstream changes, e.g. by extending
> >> the PasswordAgent protocol to add "Subsystem=cryptsetup" and
> >> "Target=<diskname>" entries to the "ask.xxxx" file.
> >
> >I'd be fine with adding a field "Id=" or so, which then is filled by an
> >identifier of some kind be the cryptsetup tool that is useful to
> >identify the device to query things on. for example:
> >"Id=cryptsetup:/dev/sda5" or so could be one way how this could be
> >filled in. We wouldn't enfoce any kind of syntax on this, just suggest
> >some common sense so that people choose identifiers that are unlikely to
> >clash with other subsystems, and somewhat reasonable to read...
> 
> In the patches I sent I split it into "Purpose" and "Target" and my
> thinking was more or less the same as yours...i.e. that there's no
> particular syntax and that the meaning of the string is subsystem
> specific.
> 
> I'd be happy to change the patch to use "Id=<subsystem>:<target>" if
> you'd prefer.

Yes, please!

> >> b) the password agent implementation in systemd doesn't seem to
> >> handle binary strings (i.e. strings with '\0'), as can be seen by
> >> calls to e.g. "strlen()"...
> >> 
> >> Whether making it binary safe would be a major change or not is
> >> something I haven't researched yet but it seems like a change that
> >> should be generally useful upstream...
> >
> >I'd be OK with this, as discussed at FOSDEM, and I see you already
> >posted a ptach for this.
> 
> Yes. I take it you're pretty busy with the kdbus stuff right now but a
> review of those patches would be nice when you have the time.
> 


Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list