[pkg-cryptsetup-devel] Bug#626641: cryptsetup: bug #587220 re-introduced

Henrique de Moraes Holschuh hmh at debian.org
Tue May 17 01:35:12 UTC 2011 

On Tue, 17 May 2011, Jonas Meurer wrote:
> > I tire of this thread.  There are apparently bugs in the initscripts, well,
> > if that's correct, just get them fixed.  Then, the package will not allow
> > itself to be removed with crypt disks still active in the first place.
> > 
> > It'd have to switch to 'restart only _after_ upgrades, but stop on removal'
> > logic, though.  And 'restart' will probably have to mean 'open any crypto
> > disks that are not currently open, close any that are not supposed to be
> > open anymore'.  Or maybe 'do nothing'.
> 
> Did I get you right that you suggest to start/stop/restart the
> cryptdisks initscript in the debian maintainer scripts? Actually I don't
> like that idea much. Most unlocked encrypted devices will be busy anyway
> because being mounted while the system is running. And it's not the job
> of debian maintainer scripts to unlock manually locked devices, or to
> lock devices that are unlocked but not in use.

Then, 'stop' tries to close all managed crypto devices and aborts *with
an error* if it cannot.  'Start' tries to open all managed crypto
devices, and aborts *with an error* if it cannot.

And 'restart' should not be supported, and return with the appropriate
error, or it could just be stop+start.  You likely don't want to run
this on package upgrades.

You'd still have to call 'stop' and abort the package removal in prerm
[when removing the package. You will have to diferentiate the various
reasons for why prerm is called] if it cannot close all crypto devices
it manages.  And 'start' on postinst, of course.

> Appart from the general discussion about treatment of initscripts (see
> above), I only see one point that's worth being discussed:
> 
> Is it appropriate to warn admins about unlocked devices when the
> cryptsetup package is removed/purged? I still don't see the point, but
> would be ok with adding a warning to prerm if people mind about it.

Well, I think it is not appropriate to even let the package get removed
in the first place if there are devices still open.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

More information about the pkg-cryptsetup-devel mailing list