plugin-runner: too many arguments

[DaRkBoDoM]

Hi there!

I am trying to setup mandos for automatic reboot on Raspberry OS 
(formerly Raspian).

I am following this (old?) totorial: 
https://blog.boyeau.com/booting-an-unattended-full-disk-encrypted-server-ubuntu-server-16-04-setup-with-mandos/

I have tried adding
# <target name> <source device>         <key file>      <options>
crypt /dev/disk/by-uuid/my-uuid none 
luks,keyscript=/usr/lib/mandos/plugin-runner

to /etc/crypttab but when i rebuild the initrd i get the error 
"cryptsetup: ERROR: crypt: invalid value for 'keyscript' option, skipping"

couldn't figure out what is wrong, so i fell back to adding the 
keyscript in the kernel cmdline:

root=/dev/mapper/crypt cryptdevice=/dev/mmcblk0p3:crypt 
cryptopts=source=/dev/mmcblk0p3,target=crypt,keyscript=/usr/lib/mandos/plugin-runner 
rootfstype=ext4 fsck.repair=yes rootwait

this works: plugin-runner is correctly invoked but i get a 
"plugin-runner: Too many arguments
Try `plugin-runner --help` or `plugin-runner --usage` for more information.
Going to fallback mode using getpass(3)
Password:" error.

I've tried many solutions, but i am stuck.

Looks like the plugin-runner is asking for the secret anyway in 
background (and getting it from the server). In the server log i can find:
2022-02-20 15:14:24,307 root [34623]: INFO: Sending secret to osgiliath

While the client is still waiting for the password prompt.

May i get an hint on how to solve this? Looks like i am stuck at just 
one step from finish line.

Bonus question: is there an option to disable the checker and automatic 
client disabling? It is a very nice feature, but i do not need it since 
i have strong physical security measures in place: if my raspberry gets 
stolen, i will certainly notice and disable it manually long before any 
attacker could realize hot to ask the server for the key.

Thank you for writing and sharing this very nice software!