Bug#350922: [Pkg-cryptsetup-devel] Bug#350922: not existant

Thu Feb 2 21:17:02 UTC 2006

On 02/02/2006 gebi at sbox.tugraz.at wrote:
> Yes, but what should the script look like?
> Imho there are 3 different branches (swap, plain cryptsetup, luks)
> 
> For swap:
> precheck:
>   - should check if there is an known filesystem on the partition  
> (execution of all checks)
> postcheck:
>   - hmm.... what should be checkt in this stage for swap? (don't know  
> of anything usefull)
> 
> For plain cryptsetup other than swap:
> precheck:
>   - same as with swap
> postchecks:
>   - should check if there is the wanted filesystem
> 
> For luks:
> precheck:
>   - first check if it is a valied luks partition, if yes -> fine
>   - if it's not a valied luks partition, bye
> postchecks:
>   - shouldn't be necessary, because it can't be mapped with a false 
>   password.

sounds reasonable, with one exception:

if you encrypt a luks parition with a key, postchecks can be useful. if
you use a password, it is just like you said, it fails if the password
is wrong. but if you use a key, it doesn't fail if the key is wrong,
does it? otherwise keys like /dev/(u)random would not work.

> But IMHO there is no difference between pre- and postchecks (the  
> checks itself), only the interpretation of the return falues are  
> different.
> All checks are generic filesystem checks, that check if there is a  
> valied filesystem.

yes, but generally prechecks are run against the _source_ device, and
postchecks are run against the _target_ device, which is created by
cryptsetup.

> >no, that is what a postcheck should do. start cryptsetup, check for a
> >swap partition, and run swapon only if the check succeeds.
> 
> Imho we shouldn't overcheck things. If we have allready written to the  
> device it makes no sense to check it, because data on the disk is  
> allready gone.

true, that's why i think that postchecks for swap are useless. does a
luksOpen already write to the device? in other words, does a
'cryptsetup -d /etc/keys/first_disk luksOpen /dev/hda1 first_disk'
damage a filesystem on /dev/hda1 if there existed one?

> >prechecks can verify that a device exists,
> 
> Yes this should imho the first check...
> /lib/cryptsetup/devicecheck or somthing
>
> >and check for a
> >filesystem/swap partition _before_ cryptsetup is run.
> 
> Yes... that includes running all filesystemchecks on the device (if  
> devicecheck succeeds).

i don't know if it's a good idea to check all source devices for x
filesystems before starting cryptsetup. imagine how many filesystems
exist, and ideally we would have to check for all of them.

> But imho there is no sense in splitting up the checks in  
> pre/post-checks, because we only want to check for a filesystem, which  
> is independent from pre/post.

but first we want to check for a filesystem on the source device, and
fail if one exists. then we start cryptsetup (if we didn't fail because
of the precheck), and afterwards check whether a filesystem exists on
the target device. in other words, if we run
'cryptsetup {luksOpen,create} /dev/hda1 first_disk' ...
we previously check whether /dev/hda1 has a filesystem. if it has, we
fail, as we don't want to damage the filesystem.
if /dev/hda1 has no filesystem, we run the cryptsetup command, and after
that has happened, we check whether /dev/mapper/first_disk has the
expected filesystem. if yes, all is ok, if no, we remove the dm-crypt
device again, as we didn't get the wished result.

you understand?

in my eyes there is quite a difference between pre- and postchecks.

...
 jonas