[Bug 1642955] [NEW] cryptsetup does not support the 'keyscript' crypttab option when used with systemd

Yuri Gorshkov me at bigkitten.net
Fri Nov 18 13:14:53 UTC 2016 

Public bug reported:

Our company is using Ubuntu as our main OS now. Before we decided to switch to 16.04 (with systemd) we used keyscript= crypttab option to manage some of our encrypted volumes.
Now with Systemd that's no longer possible and we're forced to use upstart, which in itself contains several nasty bugs at this time (these aren't exactly the scope of this bug though).

Due to removed functionality that was present in previous release, I
still consider this a bug in cryptsetup even though it's related to
upstream. I know that systemd introduced a concept of 'password agents'
but AFAIK there's no way to automate the process of getting block device
keys - because these agents only accept ASCII text (and our keys are
already binary, that'd take a huge effort to redo everything to use,
say, base64 anyway).

** Affects: upstart (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: cryptsetup keyscript

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/1642955

Title:
  cryptsetup does not support the 'keyscript' crypttab option when used
  with systemd

Status in upstart package in Ubuntu:
  New

Bug description:
  Our company is using Ubuntu as our main OS now. Before we decided to switch to 16.04 (with systemd) we used keyscript= crypttab option to manage some of our encrypted volumes.
  Now with Systemd that's no longer possible and we're forced to use upstart, which in itself contains several nasty bugs at this time (these aren't exactly the scope of this bug though).

  Due to removed functionality that was present in previous release, I
  still consider this a bug in cryptsetup even though it's related to
  upstream. I know that systemd introduced a concept of 'password
  agents' but AFAIK there's no way to automate the process of getting
  block device keys - because these agents only accept ASCII text (and
  our keys are already binary, that'd take a huge effort to redo
  everything to use, say, base64 anyway).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1642955/+subscriptions

More information about the foundations-bugs mailing list