e2c2f868b2
Previously, we'd load the file with libcryptsetup's calls. Let's do that in our own, so that we can make use of READ_FULL_FILE_CONNECT_SOCKET, i.e. read in keys via AF_UNIX sockets, so that people can plug key providers into our logic. This provides functionality similar to Debian's keyscript= crypttab option (see → #3007), as it allows key scripts to be run as socket activated services, that have stdout connected to the activated socket. In contrast to traditional keyscript= support this logic runs stuff out of process however, which is beneficial, since it allows sandboxing and similar. |
||
---|---|---|
.. | ||
cryptsetup-generator.c | ||
cryptsetup-keyfile.c | ||
cryptsetup-keyfile.h | ||
cryptsetup-pkcs11.c | ||
cryptsetup-pkcs11.h | ||
cryptsetup.c |