>>>>> On Fri, 21 Dec 2018 01:27:09 +1300, Andrew Ruthven <and...@etc.gen.nz>
>>>>> said:
> Using the default of cryptsetup sounds sane, however I'd still like the
> option of over riding this.
OK, then I can just remove this code, and it's still possible to set
your own parameters. Here's the diff
diff --git a/lib/setup-storage/Commands.pm b/lib/setup-storage/Commands.pm
index 22efe113..3844bf84 100755
--- a/lib/setup-storage/Commands.pm
+++ b/lib/setup-storage/Commands.pm
@@ -253,12 +253,7 @@ sub build_cryptsetup_commands {
"", "keyfile_$real_dev" );
my $lukscreateopts = $vol->{lukscreateopts} // "";
- if ($lukscreateopts !~ /(^|\s)-c\s+\S+/) {
- $lukscreateopts .= " -c aes-xts-plain64";
- }
- if ($lukscreateopts !~ /(^|\s)-s\s+\d+/) {
- $lukscreateopts .= " -s 256";
- }
+
# encrypt
&FAI::push_command(
"yes YES | cryptsetup luksFormat $real_dev $keyfile $lukscreateopts",
--
regards Thomas
