summaryrefslogtreecommitdiff
path: root/functions
diff options
context:
space:
mode:
authorTom Gundersen <teg@jklm.no>2012-03-17 13:46:12 +0100
committerTom Gundersen <teg@jklm.no>2012-03-17 13:46:12 +0100
commit807d8f9c858d2adf5285a3ba27aec6ed226d14d7 (patch)
treee80b39742163ade5a8d43423efe76932d7e7aa49 /functions
parente57e4ebe4aee02b175f3d4d13a0fa1838769b3f2 (diff)
crypttab: warn if using passphrase in /etc/crypttab
There is no reason not to use a keyfile, and allowing literal passphrases in crypttab has caused issues with the parsing in the past. Furthermore, it is not supported by any other crypttab implementation (to the best of my knowledge). The use of keyfiles have been the recomendation in /etc/crypttab for as long as I can remember. We are looking at refactoring the encryption support, and I think it makes sense to drop support for this when we move to the new implementation. Cc: Thomas Bächler <thomas@archlinux.org> Cc: Matthew Monaco <matt@0x01b.net> Cc: Dave Reisner <d@falconindy.com> Signed-off-by: Tom Gundersen <teg@jklm.no>
Diffstat (limited to 'functions')
-rw-r--r--functions1
1 files changed, 1 insertions, 0 deletions
diff --git a/functions b/functions
index 11ab11f..04b7ec4 100644
--- a/functions
+++ b/functions
@@ -444,6 +444,7 @@ do_unlock() {
/*)
cryptsetup -d "$3" $4 $open "$a" "$b" >/dev/null;;
*)
+ printf "${C_FAIL}crypttab contains a literal encryption key. This will stop working in the future.${C_OTHER}\n"
echo "$3" | cryptsetup $4 $open "$a" "$b" >/dev/null;;
esac
if (( $? )); then