Bug#530784: partman-crypto: preseeding of the dm-crypt passphrase failed
On Friday 10 July 2009, Gabriel wrote:
> The 'problem' with this way of preseeding is, if you want to use
> two seperate crypted partitions you cannot use two different
> passphrases.
Why do you say "cannot"? Wouldn't both partitions just get the same
passphrase with your changes? I don't think that is desirable at all, but
I think that is what would happen.
OTOH, I'm not sure that you can even specify a recipe with two encrypted
partitions...
But this is a very important comment, not only for preseeding. Your patch
will make partman crypto behave quite differently from its current
behavior when multiple partitions/devices are encrypted interactively.
In that case the fields really should be reset before the questions are
asked a second time.
I also still think that the emptying of the passwords is done as a
security measure.
One option could be to instead reset the template (value and seen flag)
*after* the question has been asked and the value has been used. That
would still allow to preseed for a single encrypted partition, but would
They should also be reset on error, so that you don't end in an endless
loop.
All and all, IMO this change is fine as an ad-hoc change if you really
want to preseed a single encrypted partition, but I don't think it is
suitable for inclusion in the package in its current form. I would also
prefer to see comments from the original authors of partman-crypto before
this patch is committed.
Cheers,
FJP
Reply to: