Hi, did I reach the wrong mailing list? Is there better forum to get systemd working with something resembling my current setup?
Greetings Marc On Mon, Jul 21, 2014 at 10:46:21AM +0200, Marc Haber wrote: > From: Marc Haber <mh+systemd-de...@zugschlus.de> > Subject: Thoughts about /etc/crypttab keyscript options > To: systemd-devel@lists.freedesktop.org > Date: Mon, 21 Jul 2014 10:46:21 +0200 > User-Agent: Mutt/1.5.21 (2010-09-15) > > Hi, > > I was recently bitten by the issue that systemd does not support the > keyscript= option in /etc/crypttab. I don't know whether keyscript= is > a Debian extension, but the migration to systemd (which was pulled in > by some new version of - I think - Network Manager) broke my system's > boot process, leaving me with all my filesystems locked since already > the root fs used to be unlocked by a keyscript. > > I have read the thread (from 2012?) where those things were discussed > here and I understand that I should replace my keyscript with a > passwort agent. Things would then work like this: > > (1) > systemd would try to unlock the root file system and place a ask.xxx > file in /run/systemd/ask-password > > (2) > All running PasswordAgents (including my, non-interactive one and > all interactive ones) would act on that ask.xxx file. > > (3) > The interactive password agents would present an interactive password > request. > > (4) > My PasswordAgent indicates taking responsibility by unlinking the > ask.xxx file from /run/systemd/ask-password. The interactive password > agents will remove their interactive requests then. The user will > therefore see the password request popping up for a very short period > of time, if at all. > > (5) > Should my PasswordAgent need a password to act itself (like a PIN for > a hardware device, for example), it would place its own ask.xxx file > in /run/systemd/ask-password. The interactive PasswordAgents would > act on that, obtain the password/PIN interactively from the user and > return it to my PasswordAgent. > > (6) > My PasswordAgent would then obtain the password for the file system > itself and return it to systemd which can now proceed to unlock the > file system. > > > Am I understanding things correctly so far? > > > If so, this leaves the task to write "my" PasswordAgent. I have found > some example code in python for a password agent. > > To use this to unlock the root fs, an entire python installation would > need to go in my initramfs, right? And if I want to keep things > simple, the best idea would be to write my PasswordAgent in a compiled > language which would only need the binary and its libs in the > initramfs, right? > > Is there code for an example PasswordAgent in C++ which I can use as a > template? I am quite reluctant to write a program which needs to to > complex string processing and is bound to run as root in C because my > C experience is somewhat lacking. > > Can you please recommend a way to allow me to migrate to systemd? > Without keyscript= being supported in /etc/crypttab, I need to replace > my 50 line key script written in POSIX shell and would like to keep > things simple. > > Thank you very much for your consideration. > > Greetings > Marc > > -- > ----------------------------------------------------------------------------- > Marc Haber | "I don't trust Computers. They | Mailadresse im Header > Leimen, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 > Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600420 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel