[pkg-cryptsetup-devel] Bug#589686: cryptsetup: split out keyscript in separate packages

Christoph Anton Mitterer calestyo at scientia.net
Mon Jul 19 22:59:47 UTC 2010


Package: cryptsetup
Version: 2:1.1.3-1
Severity: wishlist


Hi Jonas.


Not sure whether I've already suggested this and it was just reject... so simply
close it if so.

We should perhaps consider, to split out the keyscripts in separate packages.

I mean e.g. something like:
cryptsetup-openct
cryptsetup-opensc
cryptsetup-openssl
etc.
(not yet sure about passdev...)


Of course one might argue that these (usually) two small scripts are overkill for own packages...
but the main benefit I see at the moment is, that each of this minor packages could depend on
what it needs, e.g. openssl, openct, and so on.
Which is in cryptsetup itsefl not really possible,... as it would be too annyoing to depend on
just everything any single keyscript would need.


I think, that each such package would have to depend on cryptsetup itself, because most keyscripts
and their hook scripts will require it directly (by depending on cryptroot or looking for it in the
hookscript) or indirectly (e.g. they use askpass).
cryptsetup itself should suggest each such minor package.


A minor benefit could be to make /usr/share/initramfs-tools/conf-hooks.d/cryptsetup less demanding.
I guess we always have to set BUSYBOX=y because cryptroot already needs it, right?
But maybe there are keyscripts which do not strictly need KEYMAP=y, as they don't require a passphrase
or so.


This could also make life easier in solving #589641. If the "ugly" solution would be the one to go,
one could perhaps make use of triggers.
But I must admit that I do not yet fully understand the concept of triggers, and whether they'd
actually help us.


Cheers,
Chris.





More information about the pkg-cryptsetup-devel mailing list