[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Typing LUKS passphrase only once and a possible solution
From: |
Tobias Geerinckx-Rice |
Subject: |
Re: Typing LUKS passphrase only once and a possible solution |
Date: |
Wed, 07 Jul 2021 18:42:20 +0200 |
Hi Thomas,
Quick answer; apologies if I miss some subtleties.
Thomas Albers 写道:
My suggestion would be to add a "extra-options" field to
<mapped-device> structure. This field would be appended to the
command
line arguments to the cryptsetup call.
One could also add a "keyfile" parameter but this would be too
specific to the luks device mapper
Well, so is a field to add crypsetup-specific command-line
arguments.
Abstracting this into meaningful field names like key-file is
better from a readability point of view and allows implementation
details like ‘we simply invoke cryptsetup’ to remain properly
hidden from view.
Because naturally, one day cryptsetup will be rewritten in Guile.
For example, not everyone would like to store the keyfile inside
the
store.
I think it could still be a plain string passed straight to
cryptsetup, with the user responsible for its existence.
Also, is it possible to modify existing code for such small
changes,
without needing to rewrite complete functions? Many of the
functions
used are not exposed by the modules and one needs to rewrite the
function one wants to use and also its dependencies.
You can force access to unexported symbols using (@@ (name of
module) symbol). It's as recommended as it sounds. Nor can you
rewrite parts of compiled procedures AFAIK.
My last question would be: Why is the file called initrd, when
in
reality a initramfs scheme is used?
Saves space :-)
Conceptually, they are the same thing. Nobody who knows what
‘initrd’ means will read the word in 2021 and think the
distribution literally only supports pre-2005 ramdisks.
It also keeps us consistent with GRUB, which uses ‘initrd’.
Kind regards,
T G-R
signature.asc
Description: PGP signature