[systemd-devel] keyscript support in systemd-cryptsetup

Lennart Poettering lennart at poettering.net
Wed Oct 19 20:35:27 UTC 2016

On Wed, 19.10.16 15:28, Ryan Castellucci (ryan.castellucci+systemd-devel at gmail.com) wrote:

> Systemd broke a use case that people were actively using, and cryptsetup
> comes with scripts to support.

Humm, the keyscript thing was a Debian-specific extension. It was
never supported on systemd or any non-Debian distro. I wouldn't really
call that breaking... But yeah, we don't support this scheme natively.

> If you won't merge the patch that addresses this, can you explain what
> needs to be done to support the "use some administrator defined program to
> supply the password" use case that you will merge? Depending on the scope,
> I may be able to write the code. Is there any way this can be done with a
> wrapper so that people don't have to maintain two versions of their
> programs?

I don't think the keyscript= concept fits into systemd, sorry. I can
understand you want this, but all I can suggest is to write a bit of
glue to make it possible to run keyscript= scripts via the ask
password logic. It's not too hard, an the API to use is documented here:



Lennart Poettering, Red Hat

More information about the systemd-devel mailing list