Update: Lennart's AF_SOCKET solution was added to systemd v248 in:

commit e2c2f868b28f1445e061bf7eb475b0c49efe3ac2
Author: Lennart Poettering <lenn...@poettering.net>
Date:   Wed Nov 4 17:24:53 2020 +0100

    cryptsetup: port cryptsetup's main key file logic over to 
read_full_file_full()
    
    Previously, we'd load the file with libcryptsetup's calls. Let's do that
    in our own, so that we can make use of READ_FULL_FILE_CONNECT_SOCKET,
    i.e. read in keys via AF_UNIX sockets, so that people can plug key
    providers into our logic.
    
    This provides functionality similar to Debian's keyscript= crypttab
    option (see → #3007), as it allows key scripts to be run as socket
    activated services, that have stdout connected to the activated socket.
    In contrast to traditional keyscript= support this logic runs stuff out
    of process however, which is beneficial, since it allows sandboxing and
    similar.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1451032

Title:
  keyscript option in crypttab not implemented

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1451032/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to