On 2025-03-12 08:03:04, Thomas Lange wrote:
> This change was added in FAI 6.0 (see commit below), but since FAI 6.2
> there's a variable called FAI_KEEP_CRYPTKEYFILE. This is now the code snippet:
>
>
> # clean crypt key files
> unless (defined ($ENV{'FAI_KEEP_CRYPTKEYFILE'})) {
> foreach (@FAI::crypttab) {
> my $fname = (split)[0];
> unlink "$FAI::DATADIR/$fname";
> }
> }
Ha! Thanks for the confirmation, that's such a relief: I thought
something was really wrong with the universe.
Perhaps that should be documented in the manual page? That would be
enough, in my view, to close this bug report. :)
Could you clarify what the intention is behind this change? If the
keyfile is deleted, there's no way for anything to unlock the device
after setup-storage has ran, no? In that case, how does one make use of
the partition?
Or is there a way to add a keyslot to an opened LUKS device that we
don't have a passphrase or keyfile for that I don't know about?
Thanks again!
--
Tu connaîtras la vérité de ton chemin à ce qui te rend heureux.
- Aristote
