>>>>> On Fri, 21 Dec 2018 01:27:09 +1300, Andrew Ruthven <and...@etc.gen.nz> >>>>> said:
> Using the default of cryptsetup sounds sane, however I'd still like the > option of over riding this. OK, then I can just remove this code, and it's still possible to set your own parameters. Here's the diff diff --git a/lib/setup-storage/Commands.pm b/lib/setup-storage/Commands.pm index 22efe113..3844bf84 100755 --- a/lib/setup-storage/Commands.pm +++ b/lib/setup-storage/Commands.pm @@ -253,12 +253,7 @@ sub build_cryptsetup_commands { "", "keyfile_$real_dev" ); my $lukscreateopts = $vol->{lukscreateopts} // ""; - if ($lukscreateopts !~ /(^|\s)-c\s+\S+/) { - $lukscreateopts .= " -c aes-xts-plain64"; - } - if ($lukscreateopts !~ /(^|\s)-s\s+\d+/) { - $lukscreateopts .= " -s 256"; - } + # encrypt &FAI::push_command( "yes YES | cryptsetup luksFormat $real_dev $keyfile $lukscreateopts", -- regards Thomas