On Tue, 10.07.12 07:36, Tollef Fog Heen (tfh...@err.no) wrote: > > > A use case for keyscript is something like > > > https://github.com/tfheen/ykfde/blob/master/helper which (while not > > > really a keyscript as it is) implements integration with Yubikeys. Doing > > > that with the full password agent proposal is much, much harder and > > > doesn't really gain us anything in this case. > > > > Well, but this script is very racy as it expects yubikeys to be > > instantly available at boot. This really needs to be async and watch > > both for yubikeys as they are plugged in and for new passwords as they > > are queired. Also this script expects an interactive console, which is > > extra racy... > > It's run in the initramfs, so no, it's not racy at all.
That has little to do with where it is run. The simple fact is that there is no time limit in which USB hw has to be appeared, as kernel driver probing is entirely asynchronous these days and the USB devices can take any time they want to initialize. In older versions of Linux people placed "udevadm settle" and "/sbin/rmmod scsi_wait_scan ; /sbin/modprobe scsi_wait_scan ; /sbin/rmmod scsi_wait_scan" in everywhere in an attempt to introduce some point where all storage hw was probed. But that never worked for USB hw anyway, slows down the boot immensly, and is also terribly ugly. One of the big steps forward in systemd is actually that we cleaned all this up, and devices are now used as they appear and we only delay boot exactly as long as we need to find the devices we need, but don't attempt to wait till the point in time "where all devices" have shown up. It doesn't work at all for yubikeys. So what you do is racy, sorry. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
