On 15/02/2008 [EMAIL PROTECTED] wrote: > this patch is part of three patches (initramfs-tools, cryptsetup, > dropbear) which enable mkinitramfs to create initramfss that provide the > ability to log in and unlock a cryptroot during the boot process from > remote via ssh.
Hey, This sounds like an interesting approach. As I got from #465901, this will enable dropbear per default if cryptroot is detected. While I like the idea to be able to enable ssh support for initramfs, I object against this default behaviour. Not everyone with cryptroot is in need of remote access during boot process. Thus I suggest to disable the whole feature per default, and make it configurable in any case. Also, please resend the patch in unified format (diff -rNu). > in the initramfs scripts, the target might be unlocked (from remote) in > the background. so on non-successful cryptsetup exit, check whether the > target is unlocked, only otherwise act on it as a failure. > for this unlocking in the background (and if successful, killing the > waiting cryptsetup), the cryptcreate script is added. > to call this unlocking script from remote, dropbear has to be added to > the initramfs, so dropbear is added to the suggested list. I have to admit that I don't get that. In your patch, a script /sbin/cryptcreate is created, which itself uses the variables $cryptcreate and $crypttarget. This script is made executable, but I cannot find the place where it actually is executed. Also, how does the script know about the variables used by it? greetings, jonas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
