Bug#398429: [Pkg-cryptsetup-devel] Bug#398429: Add resume partition
setup to initramfs
David Härdeman
david at hardeman.nu
Mon Jan 8 20:52:06 CET 2007
On Mon, Jan 08, 2007 at 07:59:15PM +0100, Marcus Better wrote:
>> Good, then this is "just" a documentation issue. The defaults in the
>> initramfs scripts are unfortunately different from that of the plain
>> cryptsetup binary, so the hash=ripemd160 line should be included in the
>> /etc/crypttab setup.
>
>Hmm... That feels a bit ugly IMHO. Having different defaults could lead to
>future bugs. And a line in the documentation wouldn't prevent lusers who
>don't read docs too well from just trying it.
Yes, it is ugly, and unfortunate...but that's the way it is...
>> Changing the defaults is not a good solution since that would break the
>> setup for others,
>
>Are you sure?
Yes, I'm sure that there might be situations where a change would bite
users right now. And changing that with a release upcoming is not a good
idea IMHO, I'd prefer minimal changes right now.
>To break an existing setup, it seems the user would need a
>mapping that depends on sha256 as the default hash (in initramfs). But such a
>mapping cannot exist, unless the user specifically creates the mapping
>manually with sha256 and forgets to add the hash spec to /etc/crypttab. That
>is a user error, which would moreover bite the user whenever s/he tried to
>activate the partition with /etc/init.d/cryptdisks
Yup, we can try to change the default post-Etch, but not now.
>- something that the user
>is very likely to have tried already. It should suffice to tell the user to
>fix it in a NEWS entry or debconf notice.
I don't agree that it's very likely. What is likely is that the mapping
is setup during boot and not touched later.
>So it seems it would work if we fix the initramfs scripts, and run
>update-initramfs in postinst.
--
David Härdeman
More information about the Pkg-cryptsetup-devel
mailing list