Am 18.08.2013 02:48, schrieb Tom Gundersen: > On Sun, Aug 18, 2013 at 12:45 AM, Thomas Bächler <[email protected]> wrote: >> Am 17.08.2013 17:08, schrieb Thomas Bächler: >>> 3) encrypt: I created the sd-encrypt hook, you can find it here: >>> https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the >>> new syntax can be found in the manpage for systemd-cryptsetup-generator. >>> However, the syntax is less powerful than before - for that reason, I >>> added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should >>> support almost everything. There were some problems with adding the same >>> crypttab for initrd and the main system, but that may be my stupiditiy - >>> I hope the separate crypttab is something we can get rid of. >> >> Okay, this one has the wrong help, but otherwise it's what I'm going to >> use now: https://paste.xinu.at/0PXjlV/ >> >> It now adds /etc/crypttab to initramfs. You can make sure that only the >> necessary devices are activated in initramfs by using the rd.luks.uuid= >> options on the command line. You can also use rd.luks.uuid= without any >> crypttab entries, but then you can't set extra options (for me: >> allow_discards). > > We should make it possible to do this without having to put > /etc/crypttab in the initramfs.
There's more problems: When using the same crypttab in initrd and system, systemd tries to shut down the volume on shutdown, which leads to a delay of about 2 seconds. Right now, I am running with luks.crypttab=no rd.luks.crypttab=yes to avoid this. So either we need two separate crypttabs or we need to specify all options on the command line. > I guess we basically want to mimic what the fstab generator does: 1) > allow options to be specified on the kernel commandline and, > optionally, 2) allow further options to be read from > /sysroot/etc/cryttab once that has been mounted. Seems fine to me.
signature.asc
Description: OpenPGP digital signature
