[pkg-cryptsetup-devel] Bug#626641: Bug#626641: Bug#626641: cryptsetup: bug #587220 re-introduced

[Christoph Anton Mitterer]

On Tue, 2011-05-17 at 13:48 +0200, Jonas Meurer wrote:
> - cryptsetup is not the only userspace tool which manages dm-crypt
>   devices. Low-level tools like dmsetup, udev, hal; commandline tools
>   like cryptmount and gui applications like gnome-mount etc. might
>   unlock/lock encrypted devices as well.
That's a good point, I've completely forgot, when I've said in another
email, that I _could_ live with a cryptsetup package whose removal fails
if the are still open devices left.


> - the cryptdisks initscript only manages dm-crypt devices which are
>   listed in the crypttab. Therefore otherwise unlocked devices are
>   ignored.
Though this is another issue:
Wouldn't it make sense to try at the very end "just before
shutdown/reboot" to close any remaining _non managed_ dm-crypt devices?

Perhaps we should as Milan, if the same effect is automatically done by
the kernel itself.


> > Still, the IMHO best solution would be:
> > - let any scripts fail with $? != 0 if the action they're expected to
> > perform failed
> >   => this however does not comply with the crude Debian init-scripts
> > policy
> 
> Sorry Christoph, but this is simply not an option.
Out of curiosity: Did someone from the policy guys came and request this
from you? Cause we had it that way for some time now.


> > - if cryptsetup is removed OR purged, give a big fat debconf-prio-low
> > warning that devices a b c are still open, and cannot be closed using
> > cryptsetup, if the user decides to continue.
> 
> At the moment I consider this as the best solution.
Nice to hear :-)


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20110520/e08d5d75/attachment.bin>