diff options
| author | Tom Gundersen <teg@jklm.no> | 2012-07-01 01:43:15 +0200 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2012-07-11 04:32:09 +0200 |
| commit | 3779f7002c8417a77745e1e02273ed5e19ed75b7 (patch) | |
| tree | 138f79425e2c4b736e60508f4bcf8e7cf53af37c /rc.sysinit | |
| parent | 27c29c2b95864e4844ef644400ebf59a08d08abd (diff) | |
| download | initscripts-3779f7002c8417a77745e1e02273ed5e19ed75b7.tar.xz | |
cryptsetup: deprecate old syntax and default to the systemd one
We detect if the old syntax is used, and if so print a warning and use
the old parsing code. Otherwise, we pass everything on to
systemd-cryptsetup. Similarly to what was done with the network syntax,
we intend to keep the legacy stuff working for a long time.
See crypttab(5) for the new syntax[0].
The main reason for this change, is to be closer to what other distros
do. The systemd syntax is based on Debian's format, and is essentially
what is being used by at least Debian, Ubuntu, Fedora and Suse. Such
widespread use means that it will be better documented in
non-Arch-specific documentation, and is more likely to see integration
with third-party tools. It is also surely appreciated by admins who
use more than one distro, that they don't have to know more than one
config format for these sorts of basic things.
Furthermore, by actually sharing the code with systemd we get to rely on
their much more widespread testing and review compared to what we are able
to do ourselves. This is particularly important for the encryption code,
as it is the most obscure code in initscripts and any bugs in it would
have potentially very severe consequences.
Lastly, there are a few (albeit minor) issues I see with our current
format: /etc/crypttab is not a plaintext file, but needs to be parsed
through bash. The (deprecated) embedded passwords have been a source
of problems in the past. And, there is no level of abstraction between
the crypttab options and cryptsetup, we just pass them on blindly.
The new format and the old one cover roughly the same usecases. To the
best of my knowledge, the only use-case not (yet) supported by
systemd-cryptsetup, is mounting a removable device and reading
the key from a file on that device. For this, stick with the old syntax
(though be careful, it is inherently racy).
[0]: <http://0pointer.de/public/systemd-man/systemd.unit.html> (note
that keyfile-offset support is coming in the next systemd version).
Diffstat (limited to 'rc.sysinit')
0 files changed, 0 insertions, 0 deletions