diff options
| author | Tom Gundersen <teg@jklm.no> | 2012-03-17 13:46:12 +0100 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2012-03-17 13:46:12 +0100 |
| commit | 807d8f9c858d2adf5285a3ba27aec6ed226d14d7 (patch) | |
| tree | e80b39742163ade5a8d43423efe76932d7e7aa49 /functions | |
| parent | e57e4ebe4aee02b175f3d4d13a0fa1838769b3f2 (diff) | |
| download | initscripts-807d8f9c858d2adf5285a3ba27aec6ed226d14d7.tar.xz | |
crypttab: warn if using passphrase in /etc/crypttab
There is no reason not to use a keyfile, and allowing literal passphrases
in crypttab has caused issues with the parsing in the past. Furthermore,
it is not supported by any other crypttab implementation (to the best of my
knowledge). The use of keyfiles have been the recomendation in /etc/crypttab
for as long as I can remember.
We are looking at refactoring the encryption support, and I think it makes
sense to drop support for this when we move to the new implementation.
Cc: Thomas Bächler <thomas@archlinux.org>
Cc: Matthew Monaco <matt@0x01b.net>
Cc: Dave Reisner <d@falconindy.com>
Signed-off-by: Tom Gundersen <teg@jklm.no>
Diffstat (limited to 'functions')
| -rw-r--r-- | functions | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -444,6 +444,7 @@ do_unlock() { /*) cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;; *) + printf "${C_FAIL}crypttab contains a literal encryption key. This will stop working in the future.${C_OTHER}\n" echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;; esac if (( $? )); then |