[systemd-devel] keyscript support in systemd-cryptsetup

Ryan Castellucci ryan.castellucci+systemd-devel at gmail.com
Wed Oct 19 16:20:38 UTC 2016


What will it take to get keyscript support in systemd-cryptsetup fixed?

This is a nasty regression for people who were using that functionality,
and it necessitating some pretty ugly workarounds. I understand from
previous threads that there's an aversion to restoring this without some
more generic key handling functionality. I disagree with this stance, it's
a case of "perfect is the enemy of good" - keyscripts work well enough, are
easy to work with, and seem as though they should be easy to implement (I
think I even saw a patch).

Under older initscripts, I was able to write a very small shell script or
trivial statically compiled C program that does whatever custom
functionality I need to get a password for LUKS and dump it on STDOUT. I
don't want to have to rewrite my existing scripts or deal with anything
more complicated than this.

I mainly use non-interactive keyscripts, so I've been able to re-implement
the automapping of my encrypted volumes by some ugly udev hackery, but I
have other stuff I've used in the past (for example, requiring a quorum of
admins to enter passwords) for which this doesn't work.

bug references:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1451032
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618862
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20161019/97617eff/attachment.html>


More information about the systemd-devel mailing list