On 20/10/2006 Evgeni Golov wrote: > > could you elaborate on this? what is the exact line in /etc/crontab, > crypttab you mean ;-) ^^^^^^^
hehe, you're correct ;-) > # <target name> <source device> <key file> <options> > home /dev/sda6 /media/usbstick/keyfile-shinkupaddo.luks luks > > > and what is the exact output by '/etc/init.d/cryptsetup start'? > > # /etc/init.d/cryptdisks start > Starting remaining crypto disks...STICK! > home(starting) > - INSECURE MODE FOR /media/usbstick/keyfile-shinkupaddo.luks > done. where does this "STICK!" come from? which version of cryptsetup did you use before? i believe that this was 1.0.4~rc2-1 because 1.0.4-1 introduced 'set -e' for the initscript. > > also, how are permissions of the keyfile? > > the keyfile is on a vfat usb-stick, permissions are: > # ls -alh /media/usbstick/keyfile-shinkupaddo.luks > -rwxr-xr-x 1 root root 256 2006-08-28 > 09:08 /media/usbstick/keyfile-shinkupaddo.luks > > Because of this I get the insecure more message (as I did in prior > versions too, but there the luks partotion was open after that) > As I understand, the behavior should be "give warning, but > continue" (check_key || continue) - am I right? no, 'check_key || continue' actually says 'continue with the next device if check_key fails. i wonder whether this was different in the past. anyway it's not unusual to keep the key on a vfat usb-stick, so cryptsetup should be able to cope with this situation. maybe the permission check should include a check for filesystems which do not support file permissions, and go on with a warning in these cases. ... jonas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
