I see. If I understand correctly, "readonly" (-r) is currently the
only meaningful parameter from crypttab configuration of LUKS
formatted device that can be passed to cryptsetup (for luksOpen).
The rest of the parameters is useful for non-LUKS devices and can
(should) be ignored for luksOpen (patch attached).
Also man page for crypttab should mention this.
Regards,
Martin
--- cryptdisks.functions.orig 2011-03-08 02:32:11.000000000 +0100
+++ cryptdisks.functions 2011-03-22 18:03:33.000000000 +0100
@@ -28,6 +28,7 @@ parse_opts () {
# Strip comments - https://bugs.launchpad.net/bugs/185380
opts=$(echo -n $1 | sed 's/ *#.*//')
PARAMS=""
+ LUKSPARAMS=""
CHECK=""
CHECKARGS=""
PRECHECK=""
@@ -50,6 +51,7 @@ parse_opts () {
case "$PARAM" in
readonly)
PARAMS="$PARAMS -r"
+ LUKSPARAMS="$LUKSPARAMS -r"
;;
cipher)
if [ -z "$VALUE" ]; then
@@ -314,15 +316,15 @@ do_luks () {
KEYSCRIPT="cat"
fi
- PARAMS="$PARAMS --key-file=$key"
+ LUKSPARAMS="$LUKSPARAMS --key-file=$key"
while [ "$tried" -lt "$TRIES" ] || [ "$TRIES" -eq "0" ]; do
if [ -n "$KEYSCRIPT" ]; then
- if $KEYSCRIPT "$keyscriptarg" | cryptsetup $PARAMS luksOpen "$src" "${dst}_unformatted"; then
+ if $KEYSCRIPT "$keyscriptarg" | cryptsetup $LUKSPARAMS luksOpen "$src" "${dst}_unformatted"; then
break
fi
else
- if cryptsetup $PARAMS luksOpen "$src" "${dst}_unformatted"; then
+ if cryptsetup $LUKSPARAMS luksOpen "$src" "${dst}_unformatted"; then
break
fi
fi
