-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(90crypt): add support for AF_UNIX key files #2627
base: master
Are you sure you want to change the base?
feat(90crypt): add support for AF_UNIX key files #2627
Conversation
Example configuration/use case
|
This issue is being marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. If this is still an issue in the latest release of Dracut and you would like to keep it open please comment on this issue within the next 7 days. Thank you for your contributions. |
Commenting to keep this open. Also opened a PR in the fork: dracut-ng/dracut-ng#257 |
systemd v248 introduced support for using AF_UNIX stream sockets as key files in /etc/crypttab. This commit enhances the 90crypt module to identify socket units with matching socket file paths. It then includes the first matching socket unit along with its corresponding service unit. This correspondence is determined by checking the Service= option in the socket unit or, if that's not available, by replacing the .socket suffix with either @.service or .service, depending on the Accept= option (see man page for systemd.socket). Futhermore, this functionality handles sockets located under /run/cryptsetup-keys.d/, which are automatically discoverable by the systemd-cryptsetup utility when the key file field in /etc/crypttab is empty.
58241ff
to
ec3b8a9
Compare
Force pushed to fix the commit message and shell lint issues. |
systemd v248 introduced support for using AF_UNIX sockets as key files in
/etc/crypttab
. This pull request enhances the 90crypt module to identify socket units with matching socket file paths. It includes the first matching socket unit along with its corresponding service unit. This correspondence is determined by checking theService=
option in the socket unit or, if that's not available, by replacing the.socket
suffix with either@.service
or.service
, depending on theAccept=
option (see man page for systemd.socket). Futhermore, this functionality handles sockets located under/run/cryptsetup-keys.d/
, which are automatically discoverable by the systemd-cryptsetup utility when the key file field in/etc/crypttab
is empty.Checklist