[pkg-cryptsetup-devel] Bug#465902: Bug#465902: Works for me!

Thomas Luzat thomas at luzat.com
Wed Jul 9 15:40:24 UTC 2008 

David Härdeman wrote:
> On Wed, July 9, 2008 07:28, Thomas Luzat wrote:
>> I just wanted to tell you that the patches (cryptsetup, initramfs-tools,
>> dropbear) work for me. It would be nice to see the dropbear patch
>> applied to the next version and an extended CryptoRoot.HowTo in
>> cryptsetup once the dropbear patches are in.
> 
> For the cryptsetup part it's not a question whether the patches work or
> not, because the approach they use should not be necessary anymore.

Right. What I meant was the askpass binary here, which works for me to 
unlock my root after having locked in through dropbear. Given that you 
can now unlock your root by using

cat > /lib/cryptsetup/passfifo

or

echo -n ... > /lib/cryptsetup/passfifo

without having to kill any processes it looks to me as if #465902 can be 
closed, which is my main point relating to this bug report besides 
giving feedback on that askpass works, given that there were no further 
mails in the BTS after your request for testing cryptsetup.

The only reason that I can see not to close the bug report would be if 
you wanted to replace that "cat"/"echo" by some script within the 
cryptsetup package. Of course one might argue if such a script 1) is 
necessary and 2) whether it should belong to cryptsetup or dropbear. I 
would tend to say cryptsetup here, because without cryptsetup it 
wouldn't make any sense.

> The question is rather if the dropbear initramfs script can be adapted to
> use the "askpass" functionality that we've added to cryptsetup in order to
> support this functionality. No changes should be necessary to cryptsetup
> anymore.

Right, cryptsetup is ok. dropbear doesn't strictly need adaptation for 
askpass as shown above, even though that might be convenient. It only 
really needs the last patch attached to #465903 to make it into the 
initramfs at all.

> Thomas, you need to check with Chris on the status of updated patches.

As far as I can tell there are no open issues with the one for dropbear 
(which is the only one missing), but I might try to get some info from 
Chris and especially Gerrit Pape (dropbear maintainer) why there is no 
progress.

Cheers

Thomas Luzat

More information about the pkg-cryptsetup-devel mailing list