[Pkg-cryptsetup-devel] gpg support for cryptsetup and decrypt_* scripts

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Mon Feb 18 22:00:07 UTC 2008


On Mon, 2008-02-18 at 22:48 +0100, David Härdeman wrote:
> On Mon, Feb 18, 2008 at 10:43:10PM +0100, Christoph Anton Mitterer wrote:
> >On Mon, 2008-02-18 at 22:35 +0100, David Härdeman wrote:
> >> dephook won't work since there is no guarantee that keyscripts are bash 
> >> scripts, which is why parsing won't work either.
> >Why not simply define it to be an POSIX sh script?
> Because it's already used by non-POSIX sh scripts and that requirement 
> would seriously limit the usefulness of keyscripts.
Ok... in this case I agree with you idea, to require that each scrip
provides a command line parameter (e.g. "--print-deps") that prints the
dependencies.
For backward compatibility one could make two passes,... if the
invokation with --print-deps fails,.. automatic dependency collection is
simply disabled.


> Yes, something like that...the problem is that the switch would still be 
> difficult to perform since it could still break with old scripts.
Well,.. but is this so critical? The change could be added to the NEWS,
and I think dm-crypt root filesystems are mostly used by paranoid freaks
like me XD,... these people should easily be able to adapt there
scripts.
And as mentioned above,... the non-existence of the parameter (or
failing) could simply lead to not automatically included dependencies.


> >btw: Are there any other people who are perhaps working on the issues of
> >my initial mail and could help me to solve them or develop patches for
> >the cryptsetup package?
> I think myself and Jonas Meurer are your primary hopes, and I have close 
> to no time at all to spend on hacking before mid-March.
Ok,.. I've already feared that...
Uhm I think I'd at least try to solve some of the issues and provide
upstream (you) the patches....

The most easiest thing is probably to use /dev/tty instead of writing to
stderr (of course only if this make sense). So I think errors (like
"\nMaximum number of attempts exceeded") should obviously be written to
stderr, but what's with informal messages like
"\nDecrypting ssl key $1..."?

But the most important issue is that gpg /dev/tty issue.
I've already looked around and there are indeed many threads about it,
but no real gool solutions. Do you have any advice?




More information about the Pkg-cryptsetup-devel mailing list