I am forwarding this discussion in the BTS ----- Forwarded message -----
On Thu, Feb 03, 2005 at 04:56:10PM +0100, Martin Steigerwald wrote: > I am currently setting up cryptsetup for one of our customers. I use it to > encrypt the contents of the home directory. It works fairly fine but I have > one problem with it: > > There is no visual feedback when the user enters the wrong passwort. It will > try to mount the home partition but fail. This gives lots of funny error > messages when trying to log into KDE then. > > I would like to avoid this and have the user type in the password again when > it is incorrect. As far as I understand your patch is for providing such > functionality. > exactly : you apply the patch, and then you need to add the option 'check' in /etc/crypttab moreover , by adding the option retry=1000 you can stop the boot until the user enters the correct password > I read through the diffs but still have some question. What would be the > requirements on the program to check the validity of a filesystem? the requirement is : the program's return value must be true when the filesystem is correctly accessible. Here is what I mean by: consider the shell code vvvvvvvvvv if /sbin/e2label $device ; then echo ok the device $device is accessible : boot will continue else echo no i failed to properly access $device echo and this means probably that the password is wrong # if the retry option is given: echo i will detach the crypto device and retry fi ^^^^^^^^^ The above code is self explanatory. Note that /sbin/e2label $device will also print the label when the $device is accessible, or otherwise it will comply loudly when it is not; this is ok for me. If you can find a program, or design a script, for XFS that will behave the same, then you are OK. > I use XFS as the file system for the home directory. As far as I see one can > use xfs_admin -l /your/device to have some basic check. It prints the label > of the XFS partition in question like this: > > label = "somelabel" > > When it isn't an XFS partition it prints: > > xfs_admin: unexpected XFS SB magic number 0x<somenumber> > > and an error message when I try it on the raw device (without encryption): > > /usr/sbin/xfs_admin: line 1: 9556 Floating point exceptionxfs_db ... this is bad, you should file it as a bug > When I try it on the swap device I get even more error messages including a > core dump. consider using a script as below > I am thinking about how to extract the information whether thats a valid XFS > filesystem. I can provide a script that tests for "label = " in the output of > xfs_admin. > > Would that be enough for your patch? Maybe the command '/usr/sbin/xfs_admin -l ' itself will be ok.... it depends on how it handles the return code. Otherwise, as you suggest, you may write a script such as vvvvvvvvvvvvvv #!/bin/sh ulimit -c 0 xfs_admin -l $1 | grep -q '^label' exit $? ^^^^^^^^^^^^^^^^ (note: I did not test it)
pgpaQ4GA205k0.pgp
Description: PGP signature