On 20/06/2008 Christoph Anton Mitterer wrote: > I'd like to have something like a dep-scripts=script1,script2,... option > added to crypttab and supported all of by cryptsetup's hooks/scripts > from and for the initrd and the normal boot-scripts and so on ... > > The meaning should be the following: > Bevor the keyscript is invoked with the key-file as its parameter, all > dep-scripts are invoked in order. > > The main idea behind this is,.. that the dep-scripts could do tasks > like: > - mount the filesystem where you find the key-file > (That's my main-reason, as I need all this in the initrd of an USB > stick from which I boot, and the USB-stick must be mounted in order to > have access to the keyfile. I don't want to put the key file in the > initrd itself) > - kill unsecure applications that might otherwise get access to the > keyfile > - etc. > > Any ideas? > > I also thought about making this an parameter to the key-script itself, > but I don't think that making the key-file available is the key-scripts > task, is it?
I would say that exactly this is what keyscripts are for. Do anything that is needed to make the keyfile/passphrase available to cryptsetup. And I don't think that yet another option should be added to crypttab, it's already to bloated. You should really implement such tasks in your keyscripts directly. Also if you need to mount a device to read the key from, passdev, a keyscript recently added to the cryptsetup package and developed by David is your friend. Please see README.initramfs section 10. The "passdev" keyscript for more information. greetings, jonas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
