Instead of simply warning the user I've developed an alternative approach which does away with the problem entirely.
In this solution I alter the initramfs 'cryptroot' script to support unlock using the keyfile. Currently it will only do that if supported by a keyscript but the two are actually orthogonal. If a keyscript is specified the keyfile will be available to it via the environment CRYPTTAB_KEY as usual. The new feature: If a keyfile is not specified $cryptkey will contain "-" (for /dev/stdin) and 'cryptsetup' will receive the output of the $cryptkeyscript 'askpass' executable's /dev/stdout as usual. If a keyfile is specified without a keyscript 'cryptroot' will pass it to 'cryptsetup' via --key-file $cryptkey. ** Patch added: "Initramfs: use keyfile without keyscript" https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+attachment/4463643/+files/initramfs-use-keyfile-without-keyscript.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
