Bug#350922: [Pkg-cryptsetup-devel] Bug#350922: not existant

Jonas Meurer jonas at freesources.org
Thu Feb 2 17:14:09 UTC 2006


On 02/02/2006 gebi at sbox.tugraz.at wrote:
> Quoting Jonas Meurer <jonas at freesources.org>:
> 
> >there simply is no prechecks/swap script available. the cryptsetup
> >sources provide a rough idea of one, but it's far from good.
> >though, a postchecks/swap script exists.
> 
> That broughts to the question, what's the difference between pre and  
> postchecks?
> Imho there is none for filesystem-checks.... only the interpretation  
> of the return-values are different.

sure, there is.
prechecks are run against the source device, _before_ cryptsetup is started.
postchecks are run against the target device, _after_ cryptsetup is started.

> >if you've an idea about how to precheck swap devices, or want to improve
> >the skeleton from the cryptsetup sources, please feel free to provide a
> >patch.
> 
> What exactly should a precheck for swap do?
> Imho it should check if there is _any_ valied filesystem on the  
> swappartition and refuses to format it if there is any (because swap  
> is really dangerous in this situation).

no, that is what a postcheck should do. start cryptsetup, check for a
swap partition, and run swapon only if the check succeeds.

prechecks can verify that a device exists, and check for a
filesystem/swap partition _before_ cryptsetup is run. this can prevent
non-encrypted filesystems from being overwritten.
in my eyes, prechecks aren't that useful. at least with LUKS, they are
rather useless. but with plain cryptsetup (which doesn't check whether
the source device is an encrypted one at all) they still can help.

...
 jonas




More information about the Pkg-cryptsetup-devel mailing list