Hi Thomas, Thanks for your work on all this, I was hoping someone would pick this up.
On Sun, Aug 18, 2013 at 12:45 AM, Thomas Bächler <tho...@archlinux.org> wrote: > Am 17.08.2013 17:08, schrieb Thomas Bächler: >> 3) encrypt: I created the sd-encrypt hook, you can find it here: >> https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the >> new syntax can be found in the manpage for systemd-cryptsetup-generator. >> However, the syntax is less powerful than before - for that reason, I >> added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should >> support almost everything. There were some problems with adding the same >> crypttab for initrd and the main system, but that may be my stupiditiy - >> I hope the separate crypttab is something we can get rid of. > > Okay, this one has the wrong help, but otherwise it's what I'm going to > use now: https://paste.xinu.at/0PXjlV/ > > It now adds /etc/crypttab to initramfs. You can make sure that only the > necessary devices are activated in initramfs by using the rd.luks.uuid= > options on the command line. You can also use rd.luks.uuid= without any > crypttab entries, but then you can't set extra options (for me: > allow_discards). We should make it possible to do this without having to put /etc/crypttab in the initramfs. I guess we basically want to mimic what the fstab generator does: 1) allow options to be specified on the kernel commandline and, optionally, 2) allow further options to be read from /sysroot/etc/cryttab once that has been mounted. For the first, we would need to extend the syntax, perhaps to {rd.,}luks.uuid.options= or something like that. The second could obviously not be used for partitions used to mount the rootfs (but only /usr), so maybe not that useful, but I guess it makes sense to be consistent. What do you think? Tom
