[pkg-cryptsetup-devel] Bug#901795: cryptsetup-initramfs: please provide documented shell functions to validate/sanitize cryptroot entries in 3rd party hook files

Christoph Anton Mitterer calestyo at scientia.net
Mon Sep 27 17:21:47 BST 2021


On Mon, 2021-09-27 at 17:24 +0200, Guilhem Moulin wrote:
> Why not?  _CRYTTAB_* is useful to copy a crypttab snippet to another
> location, but as said before you don't need it to produce your own
> parsing logic.  You can use another character than ‘\’ to start your
> escape sequence, or double escape the ‘\’s.  And again you'll need
> something like that to pass NUL bytes anyway.

Well it's kinda the same point like when I've asked for a parsing
function for the 3rd field...

crypttab has some given format, which follows that of fstab.
This format is (as you know of course):
- one entry per row
- fields separated by whitespace
- options within a field separated by ","
- options either standalone or with =value
- values quoted with \0ooo

Of course one could somehow hack in anything else too, JSON, XML,
base64 encoded binary ASN1, etc., just as one could double-escape (or
triple?) or us another separator char or ≔ instead of =

But why on earth should one want to do any of that?


It would just make editing of the config files more complex and deviate
from the given format style without any good reason.



> I don't mind exporting these but it's incorrect to claim that not
> having
> the verbatim strings are preventing massaging.

Well at least not a "clean" one that simply follows the standard format
without any hacks and workarounds like double-escaping. :-D


In case you haven't seen, I've made a PR which seems to do that
exporting :-)


Thanks,
Chris.



More information about the pkg-cryptsetup-devel mailing list