From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UEy9Cqfp5WA6BAAAgWs5BA (envelope-from ) for ; Wed, 07 Jul 2021 19:51:35 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id YENgBqfp5WDiNAAAbx9fmQ (envelope-from ) for ; Wed, 07 Jul 2021 17:51:35 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D79A21AD62 for ; Wed, 7 Jul 2021 19:51:33 +0200 (CEST) Received: from localhost ([::1]:45458 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1m1Bhs-0003Sr-Gr for larch@yhetil.org; Wed, 07 Jul 2021 13:51:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51814) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1Bhg-0003Q6-U0 for help-guix@gnu.org; Wed, 07 Jul 2021 13:51:20 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:58772) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m1Bhe-00018X-Lg for help-guix@gnu.org; Wed, 07 Jul 2021 13:51:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=rQe+uyCBHMfqT HMJSfV7tU3LF12/GUw+48KxL0recRc=; h=in-reply-to:date:subject:cc:to: from:references; d=tobias.gr; b=S7+nypRhNn2v1bASqDuElW2gy3xw1Mpdeo6CtO l0O6kKGWrY13PtJW4bHzjdeqasZaS4WSEh43AzhRHHAtAe8hZ/EiH1AnBBb0xTYh++0erK LR9Qd13PHYabO3aTmrwcr11TcFF4kmjOIKEArYMvd6TeXp5QkfJCAkeFcUsMH3V2+Stlr1 +8pGLD4HTsRsG+TMQ8gT9rZkqyIZ8GAgO/VcUEBwp0w6zPaQwJkQ7c7pL732fAs0HW/KQ7 T81JFh5808bfIjy1u5YowOz2Zp1sMXJf+Q1fJk5YhuvW8A+G63C1bwxAjKtPA+sED8QXVA AdhQ4T3A6LqJbdtgtrvTotnA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 56247393 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 7 Jul 2021 17:51:13 +0000 (UTC) References: <87k0m2gld3.fsf@gmail.com> From: Tobias Geerinckx-Rice To: Thomas Albers Cc: help-guix@gnu.org Subject: Re: Typing LUKS passphrase only once and a possible solution Date: Wed, 07 Jul 2021 18:42:20 +0200 In-reply-to: <87k0m2gld3.fsf@gmail.com> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87zguygggj.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1625680294; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=rQe+uyCBHMfqTHMJSfV7tU3LF12/GUw+48KxL0recRc=; b=tSlZ33bigoH4hy4lU/p6GKHsA6X9g9+F9zi0G/Oe6bbjoSjnWk818lByni8AyvxooZKln5 W3HgF3/njCMwTVrX+tDP5dSVeAxNoV7ZyHwZmgZ23wVCC89kXeqBue+PTp7ZAiK5eHtCVj J/SEQC67ECewqIsM1EVZGIoNTi4SeKhojQPf2VCOMwoqsSX1++1m4kvEPTv4v5Ynx173Hv 57+BxGA1U6yHa8/TDMB/jg7oTy+JuUI3XqNoVRxBXdfCJr0BPjont7gKRezDXyq1CnjcrI YneSYKuCTKD/lYyN8XFeasaLk5ayhwaFUHtxTxRIt0womRNOOvWHPqRbDTRaqA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1625680294; a=rsa-sha256; cv=none; b=KElLV5puyu339Uw33qvEghYtgVvSRqujXjtsRTRzu7LpzMYK/dGmNjqFlUndxsNX4JlF+1 hGAMIGn14DkYlXAcwCI8mATfh9j/PetIzvk7yiEaL94fBp8z0i0o3vzMX7VXThwlpWCxLm qZ3QfhC7qk8ixeaC/M6qVSBiTOshQmfFY0mRebPzN9NcGle6Dohlcq+T9xtWvnMKle7rap 1WaJ+XQSoAsURM7sU6HJ57Xlhu2ErmIGUwPhKXvSUfsYmycfyUos2kf8tkebcV/tpIBjTL tJQWRjNRMc76rnUpNWyM18yiLLvLiAo941+rf657++mJrJ279nyqk+hnzvuyrw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=tobias.gr header.s=2018 header.b=S7+nypRh; dmarc=pass (policy=reject) header.from=tobias.gr; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -4.71 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=tobias.gr header.s=2018 header.b=S7+nypRh; dmarc=pass (policy=reject) header.from=tobias.gr; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: D79A21AD62 X-Spam-Score: -4.71 X-Migadu-Scanner: scn1.migadu.com X-TUID: SHP7tvI7aIiE --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Thomas, Quick answer; apologies if I miss some subtleties. Thomas Albers =E5=86=99=E9=81=93=EF=BC=9A > My suggestion would be to add a "extra-options" field to > structure. This field would be appended to the=20 > command > line arguments to the cryptsetup call. > > One could also add a "keyfile" parameter but this would be too > specific to the luks device mapper Well, so is a field to add crypsetup-specific command-line=20 arguments. Abstracting this into meaningful field names like key-file is=20 better from a readability point of view and allows implementation=20 details like =E2=80=98we simply invoke cryptsetup=E2=80=99 to remain proper= ly=20 hidden from view. Because naturally, one day cryptsetup will be rewritten in Guile. > For example, not everyone would like to store the keyfile inside=20 > the > store. I think it could still be a plain string passed straight to=20 cryptsetup, with the user responsible for its existence. > Also, is it possible to modify existing code for such small=20 > changes, > without needing to rewrite complete functions? Many of the=20 > functions > used are not exposed by the modules and one needs to rewrite the > function one wants to use and also its dependencies. You can force access to unexported symbols using (@@ (name of=20 module) symbol). It's as recommended as it sounds. Nor can you=20 rewrite parts of compiled procedures AFAIK. > My last question would be: Why is the file called initrd, when=20 > in > reality a initramfs scheme is used? Saves space :-) Conceptually, they are the same thing. Nobody who knows what=20 =E2=80=98initrd=E2=80=99 means will read the word in 2021 and think the=20 distribution literally only supports pre-2005 ramdisks. It also keeps us consistent with GRUB, which uses =E2=80=98initrd=E2=80=99. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYOXprA0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW151xQBAN5TMez5YJSjvULzgqpBa68871IuXcn7ElJaPMb8 MS3fAQDCbY1iMCRavW6ICDw4rM/iMTbscjpDidm6yef43N1kAg== =Ev1O -----END PGP SIGNATURE----- --=-=-=--