On Tue, Jun 25, 2013 at 05:47:19PM +0200, Michael Biebl wrote: >Am 25.06.2013 13:13, schrieb Harald Jenny: >> Dear Michael Biebl, >> >> following the systemd survey and discussion I think these mails might be >> of interest to you concerning possible ways to solve the current issue >> (not only in Debian but also SuSE/upstream interest). >> >> http://lists.freedesktop.org/archives/systemd-devel/2012-June/thread.html#5693 >> http://lists.freedesktop.org/archives/systemd-devel/2012-July/thread.html#5835 > >I personally don't own such hardware, and I never have userd >cryptsetup's keyscript support. So I'm probably not the most qualified >to evaluate the situation.
You don't actually need any hardware though. A keyscript (for a testing environment) could simply echo a fixed password and be used to decrypt a loopback device. >That said, reading the upstream discussion, I guess we have 3 options >a/ do nothing about it >b/ apply the patch from David Härdeman downstream and maintaining it as >a downstream patch forever >c/ try to implement keyscript support based on the PasswordAgent interface > >a/ is obviously not very compelling. As for b/, we try to avoid >downstream patches as much as possible. >Regarding c/, I dunno how much effort that would be. > >Bringing David into the loop here. Maybe he has some further insight on >this matter. I still think it's too early to rule out option c). Contrary to what some other people seem to think, I don't find Lennart difficult to work with (not more so than any other average upstream). It would probably be a lot of work though since a good solution would probably need further additions to the PasswordAgent API (to name but one problem, imagine a keyscript that would in turn fetch a key from a smartcard and which needed to get the PIN from the user...it would in effect require two calls through the PasswordAgent stack but only one prompt - the one for the PIN - should be displayed to the user). I don't believe that I will have the time to implement and drive a change of that scope in the foreseeable future... -- David Härdeman -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
