Bug#530784: partman-crypto: preseeding of the dm-crypt passphrase failed

[Frans Pop <elendil@planet.nl>]

On Friday 10 July 2009, Gabriel wrote:
> The 'problem' with this way of preseeding is, if you want to use
> two seperate crypted partitions you cannot use two different
> passphrases.

Why do you say "cannot"? Wouldn't both partitions just get the same 
passphrase with your changes? I don't think that is desirable at all, but 
I think that is what would happen.
OTOH, I'm not sure that you can even specify a recipe with two encrypted 
partitions...

But this is a very important comment, not only for preseeding. Your patch 
will make partman crypto behave quite differently from its current 
behavior when multiple partitions/devices are encrypted interactively.
In that case the fields really should be reset before the questions are 
asked a second time.

I also still think that the emptying of the passwords is done as a 
security measure.

One option could be to instead reset the template (value and seen flag) 
*after* the question has been asked and the value has been used. That 
would still allow to preseed for a single encrypted partition, but would 

They should also be reset on error, so that you don't end in an endless 
loop.

All and all, IMO this change is fine as an ad-hoc change if you really 
want to preseed a single encrypted partition, but I don't think it is 
suitable for inclusion in the package in its current form. I would also 
prefer to see comments from the original authors of partman-crypto before 
this patch is committed.

Cheers,
FJP