[pkg-cryptsetup-devel] Bug#901795: cryptsetup-initramfs: please provide documented shell functions to validate/sanitize cryptroot entries in 3rd party hook files

[Guilhem Moulin]

On Mon, 27 Sep 2021 at 19:21:45 +0200, Christoph Anton Mitterer wrote:
> On Mon, 2021-09-27 at 18:37 +0200, Guilhem Moulin wrote:
>> Because the field is opaque, and the key=value list format might not
>> make sense for keyscripts.
> 
> Well sure you can define it that way... but with respect to the fstab-
> like-format that makes simply not that much sense:
> 
> fstab quite clearly assumes a format as described above.

I agree that fstab's *4th column* (option) does, and crypttab's *4th
column* (option) follow the same format.  AFAIK fstab itself makes no
assumption on how the 1st field is formatted; like mount(8)'s ‘device’
argument its interpretation depends on the FS type.  Looks pretty opaque
to me.

> Actually, if it would be opaque for keyscripts, as you say, then it
> wouldn't perform any unencoding on it and:
> CRYPTTAB_KEY == _CRYPTTAB_KEY

No because the value may contain space and tabs which are used as field
separator hence need to be escaped.  For that field I see no need to use
any other octal sequences other than these two.

> Anyway... I guess that discussion is moot,

Yeah, and frankly also rather tiring.

> my whole point was whether we can get the raw variable exported?

As said in msg#163, yes.

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20210927/86b779d7/attachment.sig>