[Pkg-cryptsetup-devel] Bug#430158: Bug#430158: Bug#430158: closed by Jonas Meurer <jonas at freesources.org> (closing because of inactivity)

Jonas Meurer jonas at freesources.org
Thu Feb 21 14:12:42 UTC 2008


Hey Helmut,

On 21/02/2008 Helmut Grohne wrote:
> > > No. Testing takes time and I want to do that in one chunk. Furthermore I
> > > need to rewrite the patch first. The patch doesn't permit an infinite
> > > number of retries by setting tries=0. I'll tell you when I'm finished.
> 
> I verified that the attached patch works as expected.

great, even though I'm curious about how the tries option get's
delivered from /etc/crypttab to /conf/conf.d/cryproot in initramfs. I
thought that the cryptroot hook script was responsible for that. And
this script, as far as i understand it, doesn't add the tries option but
only cipher, hash, size, lvm, keyscript and luks. (see lines 170 to 241
in /usr/share/initramfs-tools/hooks/cryptroot)

> > I object against support for infinite retries. Upstream cryptsetup
> > doesn't support this, and I don't like to divert from cryptsetup
> > behaviour in the initramfs scripts.
> 
> The feature doesn't hurt. It doesn't degrade anything.
> 
> > Even if initramfs stuff supports tries=0 for infinite retries, starting
> > the mapping through /etc/init.d/cryptdisks will give you just one try.
> 
> I don't see a use for the initscript, but within initramfs it should be
> possible to prevent booting without a password using tries=0.
> 
> If you don't want to take my patch, please clone this bugreport and tag
> it as wontfix, upstream.

Ok, I accept your patch, with one minor change:

I changed
+       while [ $crypttries -le 0 -o $count -lt $crypttries ]; do
to
+       while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

It would be great if you could provide a patch to the crypttab manpage
as well, which documents that change. Or to README.initramfs.

greetings,
 jonas





More information about the Pkg-cryptsetup-devel mailing list