[Pkg-cryptsetup-devel] Bug#398429: Add resume partition setup to initramfs

[Marcus Better]

> Good, then this is "just" a documentation issue. The defaults in the
> initramfs scripts are unfortunately different from that of the plain
> cryptsetup binary, so the hash=ripemd160 line should be included in the
> /etc/crypttab setup.

Hmm... That feels a bit ugly IMHO. Having different defaults could lead to 
future bugs. And a line in the documentation wouldn't prevent lusers who 
don't read docs too well from just trying it.

> Changing the defaults is not a good solution since that would break the
> setup for others,

Are you sure? To break an existing setup, it seems the user would need a 
mapping that depends on sha256 as the default hash (in initramfs). But such a 
mapping cannot exist, unless the user specifically creates the mapping 
manually with sha256 and forgets to add the hash spec to /etc/crypttab. That 
is a user error, which would moreover bite the user whenever s/he tried to 
activate the partition with /etc/init.d/cryptdisks - something that the user 
is very likely to have tried already. It should suffice to tell the user to 
fix it in a NEWS entry or debconf notice.

So it seems it would work if we fix the initramfs scripts, and run 
update-initramfs in postinst.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20070108/7e4fa832/attachment.pgp