morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 00:47:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

repart: make --key-file also configurable in repart.d/*

Browse Source 
Add repart.d KeyFile= option with the same syntax as --key-file.
This allows a per-partition key file encryption, and not rely on a global key
applicable to all partitions.

The global --key-file overrides KeyFile config. If none of them is
defined, rely on default.
This commit is contained in:
Emanuele Giuseppe Esposito
2025-07-14 05:51:49 -04:00
parent 49dcc89ddc
commit eb44fa4d19
3 changed files with 75 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
man/repart.d.xml
View File

@@ -880,6 +880,18 @@
<xi:include href="version-info.xml" xpointer="v259"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>KeyFile=</varname></term>
<listitem><para>Takes a file system path. This path must be absolute, otherwise the option is ignored.
Configures the encryption key to use when setting up LUKS2 volumes configured with the
<varname>Encrypt=key-file</varname> setting in partition files. Please refer to the documentation of
<varname>--key-file=</varname> for more details. This option will be overridden by the global
<varname>--key-file=</varname> option.</para>
<xi:include href="version-info.xml" xpointer="v259"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>Compression=</varname></term>

6
man/systemd-repart.xml
View File

@@ -338,9 +338,9 @@
volumes configured with the <varname>Encrypt=key-file</varname> setting in partition files. Should
refer to a regular file containing the key, or an <constant>AF_UNIX</constant> stream socket in the
file system. In the latter case, a connection is made to it and the key read from it. If this switch
is not specified, the empty key (i.e. zero length key) is used. This behaviour is useful for setting
up encrypted partitions during early first boot that receive their user-supplied password only in a
later setup step.</para>
is not specified, and no <varname>KeyFile=</varname> is specified in the partition file, the empty
key (i.e. zero length key) is used. This behaviour is useful for setting up encrypted partitions during
early first boot that receive their user-supplied password only in a later setup step.</para>
<xi:include href="version-info.xml" xpointer="v247"/></listitem>
</varlistentry>