[Debian-on-mobile-maintainers] Bug#1051465: Bug#1051465: unl0kr: Lacks automated migration when osk-sdl is already installed

undef debian at undef.tools
Tue Sep 12 09:30:38 BST 2023 

I seem to have dropped the BTS on reply, so including the history in 
this email.


Another option I realized might work is to add a `breaks` and `replaces` 
osk-sdl in unl0kr then ship a link from the osk-sdl keyscript to the 
unl0kr one in unl0kr. I haven't tested anything at this point, but this 
would mean we don't have to modify people's crypttab.

Some potential issues for this option:

* It would require an update to osk-sdl to make sure the crypttab config 
isn't removed if unl0kr is also installed.

* A user removing osk-sdl manually then installing unl0kr would need to 
configure things manually. Then again, neither would 3a below.

On 9/9/23 21:04, Arnaud Ferraris wrote:
> Le 09/09/2023 à 11:27, undef via Debian-on-mobile-maintainers a écrit :
>> Thanks for getting the ball rolling on this one.
>>
>> I think in the first instance we should switch c-s-m to unl0kr to 
>> catch new installs as you say. That'll stop the problem from getting 
>> worse. It would probably be a good idea to ask more technical users 
>> to make the switch too before making this type of change.
>
> Yes, I believe this should be done ASAP as I think currently there's 
> only the 2 of us actively using unl0kr, so getting it into more hands 
> will likely help catch bugs and make it more stable.
>
>>
>> After that, I have a couple of thoughts on the automated transition:
>>
>> 1. If unl0kr is installed while osk-sdl is it should probably do 
>> nothing. This avoids breaking working installs.
>
> This is fine for now, but I think it should be revisited at some point 
> in the future (ideally pre-trixie release, see below).
>
>>
>> 2. If unl0kr is installed and osk-sdl isn't it should check for 
>> osk-sdl's debconf setting indicating that c-s-m or similar configured 
>> crypttab in the first place. If this is set unl0kr could attempt to 
>> add its keyscript to the crypttab.
>>
>>      a. This probably also requires a release of osk-sdl with the 
>> inverse to:
>>
>>          * Deconfigure itself
>>
>>          * Configure unl0kr
>>
>>          * Set unl0kr's debconf flag as osk-sdl's is.
>
> That sounds reasonable indeed.
>
>>
>> 3. A new install of unl0kr without osk-sdl ever having been installed 
>> could either:
>>
>>      a. Do nothing, leaving the package installed in a dormant state 
>> as it is now.
>>
>>      b. Prompt loudly using debconf then automatically attempt to 
>> configure (this is somewhat recommended against in debconf's docs).
>>
>>      c. Just automatically attempt to configure (negating the need 
>> for 2).
>>
>>
>> I'm somewhat reticent to do 3c as this will break installs that are 
>> non-standard (say someone's configured a TPM or yubikey unlock), but 
>> there is at least some desire for the package automatically 
>> configuring the system: 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028554
>
> I think that 3a is the best option here, as it basically matches the 
> current behaviour of osk-sdl, which is just fine.
>
>>
>>
>> That leaves the matter of how do we trigger the switch? Currently the 
>> only packages installed indicating FDE on Mobian devices are unl0kr 
>> and osk-sdl. I can't think of a neat way to cause one to be removed 
>> and replaced with the other without triggering the install on non-FDE 
>> devices.
>
> I'm leaving the "how" aside for now, rather discussing the "why" here: 
> IIUC osk-sdl is now unmaintained and will likely stay that way; 
> therefore, as it's a rather critical component (in the sense that it 
> deals with secrets/encryption) I believe it shouldn't be part of the 
> upcoming Trixie release.
>
> New installs (after the upcoming c-s-m changes are in) won't be 
> affected, which is already a good thing; but I'm a bit reluctant to 
> leave existing users with an unmaintained critical component, hence my 
> belief that an automated migration would be nice.
>
> As suggested by the bug severity this isn't an urgent matter though, 
> and the idea of dropping osk-sdl for trixie can also be discussed.
>
> Cheers,
> Arnaud
>
> PS: osk-sdl could be made a transitional package at some point, which 
> would depend on unl0kr, and would take care of modifying the crypttab 
> so unl0kr is used instead.
>
>>
>>
>> _______________________________________________
>> Debian-on-mobile-maintainers mailing list
>> Debian-on-mobile-maintainers at alioth-lists.debian.net
>> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-on-mobile-maintainers 
>>
>
>
> _______________________________________________
> Debian-on-mobile-maintainers mailing list
> Debian-on-mobile-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-on-mobile-maintainers 
>

More information about the Debian-on-mobile-maintainers mailing list