On Thu, 23.04.15 06:41, Andrei Borzenkov (arvidj...@gmail.com) wrote: > В Thu, 23 Apr 2015 00:48:38 +0200 > Lennart Poettering <lenn...@poettering.net> пишет: > > > On Fri, 20.02.15 10:56, Jan Synacek (jsyna...@redhat.com) wrote: > > > > Sorry for the late review. > > > > What's the precise background of this? Can you elaborate? Is there > > some feature request for this? > > There are multiple bug reports that switching to dracut with integrated > systemd breaks ability to auto-setup encrypted devices using keyfile > on external USB stick.
Hmm, but from Jan's mail I got the impression that this is a Dracut feature in the first place? Now I am confused? Which initrd implementations supported this scheme before? > > What does this actually do? Is the specified key file read from the > > specified device? > > It reads keyfile from filesystem on device identifed by keyfile_device. > > > The order of keyfile:device sounds weird, no? > > Shouldn't it be the other way round? > > > > keyfile is mandatory, keyfile_device is optional and can be omitted. I > believe dracut looked at all existing devices then. This order makes > it easier to omit optional parameter(s). Well, whether it is [device:]file or file[:device] is hardly any difference for the parser... > > Is this specific to Dracut so far? Is this widely used, and something > > that we really want. > > I can say about dracut only but yes, it is used and it is serious > regression when it is used comparing with pre-systemd version. Can you point me to documentation about the previous features in this regard? Which initrd implementations are you referring to? > > > First version of the patch that allows rd.luks.key to be specified > > > almost the same way as dracut can read it. > > > > > > The solution creates a temporary mount unit "mnt.mount" that the > > > generated cryptsetup service wants. The partition where the keyfile > > > is then mounted to /mnt and the absolute path to the keyfile is > > > changed so it points to this temporary mount instead. > > > > Well, I'd place this in /run somewhere. Maybe > > /run/systemd/cryptsetup/mount or so... > > > > > I'm not sure if temporarily mounting something to /mnt in initrd is > > > safe. If not, what would be a preffered way to do this? > > > > What does temporarily mean? When is this unmounted? > > To fetch keyfile dracut needs to mount USB stick. This mount is not > normally needed after cryptomount setup is completed. Well, sure, I am just wondering what precisely shall be used as trigger to unmount it again. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel