[PATCH] rc.S: interactive password prompt for LUKS devices with options in /etc/crypttab
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
[PATCH] rc.S: interactive password prompt for LUKS devices with options in /etc/crypttab
damn, I haven't been here for a looong time ...
first in my life I am dealing with dmcrypt/cryptsetup/LUKS and while reading how rc.S handles /etc/crypttab I noticed that it's not possible to pass luksOpen-options to a volume while being interactively asked for a decryption password during boot.
according to https://www.freedesktop.org/software.../crypttab.html a "-" should be in place (field 3) to achieve this behaviour but Slackware's rc.S (-current 2016-04-25) doesn't honor this (yet). [see patch attached]
additionally all options but "ro" and "swap" are ignored entirely; is this intentional? (if not, I'll write a patch for this too )
and one more thing:
Code:
cat /etc/crypttab | grep -v "^#" | grep -v "^$" | while read line; do
is found in rc.S and rc.6; is there a reason why this isn't the imho better code:
Code:
grep -v -e "^#" -e"^$" /etc/crypttab | while read line; do
Last edited by .Lightning; 04-29-2016 at 06:16 AM.
first in my life I am dealing with dmcrypt/cryptsetup/LUKS and while reading how rc.S handles /etc/crypttab I noticed that it's not possible to pass luksOpen-options to a volume while being interactively asked for a decryption password during boot.
according to https://www.freedesktop.org/software.../crypttab.html a "-" should be in place (field 3) to achieve this behaviour but Slackware's rc.S (-current 2016-04-25) doesn't honor this (yet). [see patch attached]
additionally all options but "ro" and "swap" are ignored entirely; is this intentional? (if not, I'll write a patch for this too )
and one more thing:
Code:
cat /etc/crypttab | grep -v "^#" | grep -v "^$" | while read line; do
is found in rc.S and rc.6; is there a reason why this isn't the imho better code:
Code:
grep -v -e "^#" -e"^$" /etc/crypttab | while read line; do
Do not assume that there is any similarity between the crypttab file format used by systemd and/or other distros, and the file with the same name in Slackware. Its format is not standardized.
Do not assume that there is any similarity between the crypttab file format used by systemd and/or other distros, and the file with the same name in Slackware. Its format is not standardized.
Yes, I know, but a way for add options imho it would be good.
Although Slackware users should know how to do it yourself
Do not assume that there is any similarity between the crypttab file format used by systemd and/or other distros, and the file with the same name in Slackware. Its format is not standardized.
well, that's right, but I think that doesn't really matter (in my case).
slackware64-current/README_CRYPT.TXT states the file format as:
Quote:
The file '/etc/crypttab' contains lines of the format: "mappedname devicename password options".
I felt free to take the dash as symbol for "ask for password", of course something like "nopasswd", "ask", "stdin" could be used as well (but this would prevent these words from being taken as a literal password for your crypto volume). I don't really care about WHICH method makes this possible as long as there is one .
additionally I think that the possibility of passing options to cryptsetup is important and/or necessary (especially for things like "--allow-discards", "--keyfile-offset" or "--keyfile-size").
Last edited by .Lightning; 04-29-2016 at 08:28 AM.
...
I felt free to take the dash as symbol for "ask for password", of course something like "nopasswd", "ask", "stdin" could be used as well (but this would prevent these words from being taken as a literal password for your crypto volume). I don't really care about WHICH method makes this possible as long as there is one .
additionally I think that the possibility of passing options to cryptsetup is important and/or necessary (especially for things like "--allow-discards", "--keyfile-offset" or "--keyfile-size").
I wrote a rc.cryptsetup sometime last year which does much of what you describe above. I posted it on the forum and Eric made some positive comments at the time, but nothing more came of it.
In my version, a passphrase specified as either "none" or "-" will solicit the user to provide it. Passphrases can optionally be single or double quoted and contain spaces or other punctuations, and swap is identified by the option 'swap' and ignores the passphrase field. It also supports some of the newer cryptsetup options you mentioned.
The biggest change of course was that I separated it out into its own rc file that rc.S should call.
Anyway, attached below (NO WARRANTY PROVIDED), once again, for anyone who may be interested...
I wrote a rc.cryptsetup sometime last year which does much of what you describe above. I posted it on the forum and Eric made some positive comments at the time, but nothing more came of it.
In my version, a passphrase specified as either "none" or "-" will solicit the user to provide it. Passphrases can optionally be single or double quoted and contain spaces or other punctuations, and swap is identified by the option 'swap' and ignores the passphrase field. It also supports some of the newer cryptsetup options you mentioned.
The biggest change of course was that I separated it out into its own rc file that rc.S should call.
Anyway, attached below (NO WARRANTY PROVIDED), once again, for anyone who may be interested...
hehe, I had the same idea about half an hour ago and started writing one myself
I'll have a look at yours and might come back with some ideas, maybe we'll get Eric to integrate it with united powers
hehe, I had the same idea about half an hour ago and started writing one myself
I'll have a look at yours and might come back with some ideas, maybe we'll get Eric to integrate it with united powers
That's a decision for Pat, not Eric, but unlikely to happen during the 'Release Candidate' stage of development now. As it stands I believe the script is pretty much complete but I lost enthusiasm for the project when it seemed to fall on deaf ears. Feel free to take it and do with it what you will however.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
)
