[Pkg-cryptsetup-devel] cryptsetup bug cleanup

Jonas Meurer jonas at freesources.org
Fri Aug 10 14:57:21 UTC 2007 

Hello David,

What do you think about some cryptsetup bug cleanup? Many of the open
bugs are fixed or proved as being no real bug - they just need to be
documented somewhere.
Other bugs are clear documenation requests anyway.

I think that the cryptsetup package has stabilized enough, and we should
start with fixing the more complex bugs. Below is a list of open and not
pending ones with my thoughts added.

#423102: cryptsetup: sorts crypttab before processing it
  
  I cannot imagine that this is a valid bug. I guess it's rather a
  problem on Joerg's side.

#382375: passphrase prompt gets drowned during initramfs

  You mentioned some way to 'Change to another clean vt, deal with
  passphrase, switch back' using fgconsole and chvt from kbd. Sounds
  quite reasonable, but I'm not enough into usplash for	getting the real
  picture here. Maybe there are new aspects which i don't know.

#418450: cryptsetup: --key-file=- does not work as advertised

  We just need to document somewhere, that cryptsetup reads keys
  differently from stdin depending on the commandline options used. If
  --key-file=- is used, the trailing newline is not stripped. Not sure
  where to document that at best. Maybe at documentation for '--key-file'
  in the cryptsetup manpage.

#421693: timeout option does not work with keyscript/key-file

  I don't know what to do with this bug. I don't understand why the 
  --timeout option should support keyscript/keyfile. A timeout for the
  interactive passwort prompt is the only one that makes sence to me.
  What do you think about it?

#428288: Attempting to reload a luks partition can trash it

  I guess that this bug is related to the many data corruption reports
  regarding device-mapper, dm-crypt and cryptsetup. I fear that we
  cannot do anything about it except waiting for a fix in the kernel.

#411784: cryptsetup: Swap identified as minix filesystem

  Sounds rather like a local problem. Let's see whether we get more
  input from the submitter.

#401766: cryptsetup luksOpen should fail with meaningful error message 
         when non-root

  Should be easy to fix in the upstream sources. Just needs a check for
  UID == 0. Or did I miss something?

#406697: Device nodes are not removed on reboot/shutdown

  Does not sound like a cryptsetup bug to my at all. Maybe this one can
  be closed?

#423591: cryptsetup: Please include bash_completion script

  I've no problem with shipping this file in /etc/bash_completion.d/,
  but it contains lots of code that I don't like to add to the package
  before it has been proofread. I simply don't like the idea to add yet
  another script that i don't understand. Do you have experiences with
  writing bash completition scripts?

#373973: rewrite cryptdisks as a wrapper around cryptsetup

  I'm neither sure whether this will happen anytime soon, nor do I
  believe that it is really necessary. I suggest to close this
  bugreport.

#374942: Improve cryptsetup and initramfs documentation

  Your bugreport ;-) Maybe documentation is already sufficient, then
  this bugreport should be closed as well.

#406317: cryptsetup and initramfs should use same default hash function

  Again sounds like a bugreport for you. You promised to fix it
  post-etch several times in the bugreport history ;-)

#419571: cryptsetup may need to activate more than 1 crpyt partition

  And one more ;-) Again initramfs, installer, post-etch. Your domain.

#419571: cryptsetup may need to activate more than 1 crpyt partition

  If i understood it correctly, --tries=0 is what the submitter is
  searching for. Let's see.

#430712: cryptsetup: script to add support for keys on usb stick if root
         fs is luks-encrypted

  Yet another example script for encrypted root fs with the key on a
  usbstick. Maybe we should provide a stable way for that configuration,
  rather than adding more and more example scripts which might have
  security issues.

#432150: /sbin/cryptsetup: repair tools needed

  This one again is related to the data corruption issues. The submitter
  suggests to write LUKS header recovery tools, which is a nice idea,
  but I don't have time to so. Probably we will have to wait until
  someone comes up with some code.

Hopefully we manage to fix most of these outstanding bugs.

...
 jonas

-- 
"In post-historical society, the rulers have ceased to rule,
		but the slaves remain slaves." - Perry Anderson

More information about the Pkg-cryptsetup-devel mailing list