[pkg-cryptsetup-devel] any reason why askpas blocks all signals?

[Christoph Anton Mitterer]

On Mon, 2021-10-11 at 23:45 +0200, Guilhem Moulin wrote:
> Could be in a wrapper of course.  Would be useful at initramfs stage
> anyway.

But then one could something like what I do in my keyscript right now:
        passphrase="$( timeout --foreground --signal=KILL --kill-after=1 "${passphrase_timeout}"  /lib/cryptsetup/askpass "${passphrase_query_message}" )"
        local exitstatus=$?
        if [ "${exitstatus}" -eq 124 ]  ||  [ "${exitstatus}" -eq 137 ]; then
                #clear any (possibly partial) passphrase
                passphrase=''
                
                #needed until askpass is able to clean up on it's own
                stty echo
                
                printf 'Info: Passphrase query timeout has been reached.\n' >&2
                
                suspend_or_poweroff_code
        elif [ "${exitstatus}" -ne 0 ]; then
                printf 'Error: Could not read the passphrase.\n' >&2
                exit 1
        fi

With suspend_or_poweroff_code reading any config.


The --kill-after=1 is obviously useless as long as I have to use --
signal=KILL anyway. I only have it there for the case once askpass
should allow TERM or INT and I could switch back to that.

Also, --foreground has the behaviour that even on KILL, 124 is returned
by timeout.


Seems to me that this would allow to keep askpass itself free of such
code.


> If the opt-in doesn't make sense in the target environment, then
> don't
> opt in.

If it's opt-in, then obviously no problem.


> At the moment I have no opinion on the matter.

^^



Cheers,
Chris.