[Pkg-cryptsetup-devel] Bug#430158: Bug#430158: Bug#430158: closed by Jonas Meurer <jonas at freesources.org> (closing because of inactivity)

Jonas Meurer jonas at freesources.org
Mon Mar 3 13:24:18 UTC 2008


On 21/02/2008 Helmut Grohne wrote:
> Hi Jonas,
> 
> > > No. Testing takes time and I want to do that in one chunk. Furthermore I
> > > need to rewrite the patch first. The patch doesn't permit an infinite
> > > number of retries by setting tries=0. I'll tell you when I'm finished.
> 
> I verified that the attached patch works as expected.

Hey Helmut,

I just tried it myself in a qemu test environment, and I have to admit
that the patch didn't work as expected. After adding the tries option to
the cryptroot hook it worked. I updated that part.

> > I object against support for infinite retries. Upstream cryptsetup
> > doesn't support this, and I don't like to divert from cryptsetup
> > behaviour in the initramfs scripts.
> 
> The feature doesn't hurt. It doesn't degrade anything.
> 
> > Even if initramfs stuff supports tries=0 for infinite retries, starting
> > the mapping through /etc/init.d/cryptdisks will give you just one try.
> 
> I don't see a use for the initscript, but within initramfs it should be
> possible to prevent booting without a password using tries=0.
> 
> If you don't want to take my patch, please clone this bugreport and tag
> it as wontfix, upstream.

At testing your patch I realized that $tries in initramfs is not used
like it is in the normal initscript. Instead, the default cryptsetup
(with three tries) is invoked $tries times. So if you give tries=5 in
/etc/crypttab, you have 3*5=15 tries in the initramfs.

I don't know whether it is wise to use one and the same option to
crypttab for two different features. What about some ROOTTRIES option to
the cryptroot conffile instead? David, could you comment on this?

by the way, I'm on vacation for two weeks from now on.

greetings,
 jonas





More information about the Pkg-cryptsetup-devel mailing list