Comment 3 for bug 1494851

Instead of simply warning the user I've developed an alternative approach which does away with the problem entirely.

In this solution I alter the initramfs 'cryptroot' script to support unlock using the keyfile. Currently it will only do that if supported by a keyscript but the two are actually orthogonal.

If a keyscript is specified the keyfile will be available to it via the environment CRYPTTAB_KEY as usual.

The new feature:

If a keyfile is not specified $cryptkey will contain "-" (for /dev/stdin) and 'cryptsetup' will receive the output of the $cryptkeyscript 'askpass' executable's /dev/stdout as usual.

If a keyfile is specified without a keyscript 'cryptroot' will pass it to 'cryptsetup' via --key-file $cryptkey.