This really should not be marked Invalid since it represents a very real
regression on recommended and documented functionality that many
installs using LUKS rely upon. Workarounds of varying security quality
abound as a result instead of a single, well designed and integrated
solution.

Indeed, in December 2020 Lennart Poettering created a simple patch for
this by extending the cryptsetup code to read an AF_SOCKET [1] and
recommended linking that with a system-service that sets
StandardOutput=socket [2][3] where the key data can be read from.

[1] hasn't been merged into systemd as yet but with some additional push
upstream that could likely happen.


[1] 
https://github.com/poettering/systemd/commit/e2c2f868b28f1445e061bf7eb475b0c49efe3ac2

[2] https://github.com/systemd/systemd/pull/3007#issuecomment-710212323

[3] https://github.com/systemd/systemd/pull/3007#issuecomment-713860129

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1451032

Title:
  keyscript option in crypttab not implemented

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1451032/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to