On 04/06/2006 David Härdeman wrote: > On Sun, Jun 04, 2006 at 09:38:28PM +0200, Jonas Meurer wrote: > >>1) seperate the init-script and the decrypt-scripts so that anybody can > >> write his own decrypt-script without modify the init-script. The > >> decrypted key must be in "/tmp/cryptdisk.key" were it will be removed > >> after added a crypted disk. > > > >good idea, i will implement it soon. > > Writing a key to /tmp might not be a good idea since it could be > recoverable later.
yes, better pipe it through stdin. > Why not change the semantics of /etc/crypttab so that the third column > (keyfile) is interpreted as a script if the file exists and has the > executable bit set. If so, the script is executed and its stdout is > piped to cryptsetup via stdin. > > Sounds ok? yes, sounds like a nice feature, but i'm not sure whether implementing more non-obvious features is good. and adding one more option for the options field in /etc/crypttab is more obvious than extending the usage of the keyfile field. also, the keyfile still needs to be passed to the script, otherwise you need an own script for every encrypted disk. ... jonas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
