Your message dated Mon, 20 Jul 2009 02:44:38 +0200
with message-id <[email protected]>
and subject line tries is clearly defined
has caused the Debian Bug report #509071,
regarding cryptsetup: cleanly define the tries-parameter and wo is responsible 
for it
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
509071: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509071
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup
Version: 2:1.0.6-6
Severity: wishlist

Currently, AFAIK it's not fully decided how tries should be implemented.
This is not a major issue for me, but a least a little blocking in my ongoing ;) works on mostly automated decrypt_openpgp script.

I'd suggest the following:
1) tries=n means that the user hast n tries to enter the password (not n retries, which would mean a total of n+1 tries)

2) Implementation of tries is in the responsibility of the keyscripts and nothing else. The reason is: Only the keyscripts know what is necessary to repeat for new try. e.g. my decrypt_openpgp first invokes passdev (if device:path syntax was used) to get the key from an usb-stick, then it uses askpass and then gpg or gpg2 or anything else (ok currently only gpg and gpg2 support OpenPGP in Debian AFAIK). For a retry it's enough to read a new passphrase and invoke gpg, the passdev stuff doesn't have to be repeated

3) Provide the keyscripts with an additional parameter, which is the tries value
This should give us some backwards compatibility.
And if a script doesn't implement tries itself,.. it would simply give just one try.

4) Specify that tries=0 means infinite tries (which might be important for encrypted root-filesystems

I think I could help here.

Thanks,
Chris.

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libc6                        2.7-16      GNU C Library: Shared libraries
ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device Mapper use ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii  libuuid1                     1.41.3-1    universally unique id library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  dosfstools                    3.0.1-1    utilities for making and checking
ii  initramfs-tools [linux-initra 0.92m      tools for generating an initramfs
ii udev 0.125-7 /dev/ and hotplug management daemo

-- no debconf information


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




--- End Message ---
--- Begin Message ---
hello,

the tries are clearly defined: cryptsetup is invoked $tries times in
case that it fails.

you can implement whatever you want in your keyscripts, and you can give
whatever argument you want. just use the keyfile field in crypttab.

greetings,
 jonas


--- End Message ---

Reply via email to