[pkg-cryptsetup-devel] Bug#560034: Bug#560034: Bug#560034: marked as done (please include the "Cryptsetup OpenPGP Scripts")

Thu Mar 4 16:42:34 UTC 2010

hey christoph,

On 02/03/2010 Christoph Anton Mitterer wrote:
> On Tue, 2010-03-02 at 14:39 +0100, Jonas Meurer wrote:
> > i'm very sorry in case that my reply appeared offending to you.
> I'm actually not offended,... it's just that we apparently have
> different philosophies regarding coding style... and as you said you
> won't include the scripts in that style, but perhaps write your owns at
> a later time... I thought the bug should be closed (as it was just an
> inclusion request.

i just took the time to write an own implmentation, heavily based on the
patch you sent. only feature that is missing, is support for passdev in
the keyscript. but i believe that a simple decrypt_gnupg without passdev
is the proper way to go. everybody is free to write custom keyscripts
which simply combine existing default keyscripts. but that's the way to
go, instead of adding i.e. passdev support to every single keyscript.

> You see that my style is more like better document things twice and even
> make notes why some things were done in a specific way as I consider
> little documented code to be a bad thing... even for small scripts like
> those. And I've often seen the case (especially in Debian) that even the
> maintainer forgot why some things were written in a specific way and
> it's hard to get away with such code then.

you're right here, but for scripts as simple as the keyscripts, clearly
written code is better documentation in my eyes.

> Another thing are my checks (like checking dpkg DB)... it is my
> philosophy that everything should be checked and handled in the proper
> place with proper error messages. This makes the code bigger and more
> complex, but who knows e.g. if initramfs-tools will forever tell people
> whether a program could not be found.
> Or people may just ignore this as they think it's not important...

i don't think that every single script should do random checks whether
the software it depends on works as expected. same goes for default
values. you set many values for gpg, while i believe that the default
values are best. if they ever change, nobody remembers to change them in
the keyscript as well.

> >  i would be very happy to work
> > together with you on a version of the gnupg implmentation that satisfies
> > both of us.
> At the moment my time is quite limited as I have to perpare several
> lectures... and as I already have a solution which works perfectly for
> my different needs... you know ;)
> 
> Anyway I strongly believe that if you want to provide similar features
> (avoid storing the key/passphrases to files, catch (probably exotic)
> errors by gpg, etc.) you'll have to do at least similar things.

i would be very happy if you could take a look at my implementation.
maybe you're even able to write a simple wrapper keyscript which
combines passdev and decrypt_gnupg to have the same functionality as
your original decrypt_openpgp keyscript.

you can find my implementation in the cryptsetup svn trunk.

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20100304/4616bc04/attachment.pgp>