Your message dated Mon, 20 Jul 2009 02:53:53 +0200
with message-id <[email protected]>
and subject line invalid feature request
has caused the Debian Bug report #509072,
regarding cryptsetup: change the "meaning" of passdev
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
509072: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509072
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup
Version: 2:1.0.6-6
Severity: wishlist
As I've explained on the mailing list, the same functionality that
provides passdev as it's used now (just with normal passwords) is also
interesting for most (but not all) keyscripts.
e.g. my decrypt_openpgp looks whether its keyfile-parameter ($1)
contains a ":"
If so, it uses passdev to read the keyfile and stores it to some
temporary file (vi mktemp), if not it simply uses cat to store it to
the same file (that way I do not have to differ between the two cases
in the following code).
(This btw: is also my motivation for bug #509068,.. to make it even simpler)
Ok,.. as you see, passdev is of general use and not just a keyscript.
I'd suggest the following:
1) Move passdev out of the keyscripts directory.
2) Specify that all key-scripts that actually read files via their
$1-paramter should/must use passdev for this reading (and if #509068
won't fix, differ between the two cases, with and without ":")
3) Change documentation to represent this stuff
Thanks,
Chris.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.27-4 The Linux Kernel Device
Mapper use
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device
Mapper use
ii libpopt0 1.14-4 lib for parsing cmdline
parameters
ii libuuid1 1.41.3-1 universally unique id library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.1-1 utilities for making and checking
ii initramfs-tools [linux-initra 0.92m tools for generating an initramfs
ii udev 0.125-7 /dev/ and hotplug
management daemo
-- no debconf information
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--- End Message ---
--- Begin Message ---
hello,
closing this bugreport as it's an invalid feature request.
it would be possible to use passdev in init(ramfs) scripts directly in
order to make keyfile available, but that has the drawback to always
wait $timeout before the cryptdevice start fails.
and I don't see any reason to limit keyscripts to passdev. they might
implement their own way to verify that a file is available, or maybe
they even use the unavailability of files as feature or whatever.
so no - passdev will not become mandatory for keyfile processing.
greetings,
jonas
--- End Message ---