partman-crypto: reducing memory usage in d-i
Hi,
before I want on vacation I whipped up the attached patch which changes
partman-crypto to do "on-demand" loading of components. The result is
that it doesn't use memory if not used at the expense of additional
downloads during partitioning if encryption is desired.
I'm hoping to get some feedback on whether this is a good idea before I
commit anything.
Regards,
David
Index: choose_method/crypto/do_option
===================================================================
--- choose_method/crypto/do_option (revision 39979)
+++ choose_method/crypto/do_option (working copy)
@@ -11,14 +11,7 @@
rm -f $part/use_filesystem
rm -f $part/format
-# Set defaults
-if [ -d /lib/partman/ciphers/dm-crypt ]; then
- echo dm-crypt > $part/crypto_type
- crypto_set_defaults $part dm-crypt
-elif [ -d /lib/partman/ciphers/loop-AES ]; then
- echo loop-AES > $part/crypto_type
- crypto_set_defaults $part loop-AES
-else
- exit 1
-fi
+# Set defaults (this also downloads additional components)
+crypto_set_defaults $part dm-crypt || exit 1
+echo dm-crypt > $part/crypto_type
echo crypto > $part/method
Index: debian/control
===================================================================
--- debian/control (revision 39979)
+++ debian/control (working copy)
@@ -1,6 +1,6 @@
Source: partman-crypto
Section: debian-installer
-Priority: standard
+Priority: optional
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Uploaders: Max Vozeler <xam@debian.org>
Build-Depends: debhelper (>= 5.0.25), po-debconf (>= 0.5.0)
@@ -8,17 +8,18 @@
Package: partman-crypto
XC-Package-Type: udeb
Architecture: any
-Depends: partman-base (>= 87), partman-crypto-dm, partman-crypto-loop, cdebconf-newt-entropy (>= 0.3), ${shlibs:Depends}, ${misc:Depends}
+Priority: standard
+Depends: partman-base (>= 87), ${shlibs:Depends}, ${misc:Depends}
Description: Add to partman support for block device encryption
Package: partman-crypto-dm
XC-Package-Type: udeb
Architecture: all
-Depends: partman-crypto, crypto-modules, cryptsetup-udeb
+Depends: partman-crypto, crypto-modules, cryptsetup-udeb, cdebconf-newt-entropy (>= 0.3)
Description: Add to partman support for dm-crypt encryption
Package: partman-crypto-loop
XC-Package-Type: udeb
Architecture: all
-Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb
+Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb, cdebconf-newt-entropy (>= 0.3)
Description: Add to partman support for loop-AES encryption
Index: debian/partman-crypto.templates
===================================================================
--- debian/partman-crypto.templates (revision 39979)
+++ debian/partman-crypto.templates (working copy)
@@ -363,6 +363,11 @@
be destroyed upon each reboot. This should only be used for
swap partitions.
+Template: partman-crypto/install_udebs_failure
+Type: error
+_Description: Failed to download crypto components
+ An error occurred trying to download additional crypto components.
+
Template: partman-crypto/warning_experimental_nonaudit
Type: boolean
Default: false
Index: active_partition/crypto_type/do_option
===================================================================
--- active_partition/crypto_type/do_option (revision 39979)
+++ active_partition/crypto_type/do_option (working copy)
@@ -38,6 +38,10 @@
method=$(cat $part/method)
if [ $method = crypto ]; then
+ # Load all known crypto types
+ if ! crypto_load_udebs "partman-crypto-dm partman-crypto-loop"; then
+ return 1
+ fi
select_crypto_type
fi
Index: crypto_tools.sh
===================================================================
--- crypto_tools.sh (revision 39979)
+++ crypto_tools.sh (working copy)
@@ -397,18 +397,43 @@
return 0
}
+# Loads additional crypto udebs
+crypto_load_udebs() {
+ local templ packages package
+ packages="$1"
+ templ="partman-crypto/install_udebs_failure"
+
+ if [ -z "$packages" ]; then
+ return 1
+ fi
+
+ for package in $packages; do
+ if ! anna-install $package; then
+ db_fset $templ seen false
+ db_input critical $templ
+ db_go || true
+ return 1
+ fi
+ done
+
+ return 0
+}
+
# Does initial setup for a crypto method:
-# 1) sets default values
-# 2) loads default modules
+# 1) Loads the appropriate udebs
+# 2) sets default values
+# 3) loads default modules
crypto_set_defaults () {
- local part type
+ local part type package
part=$1
type=$2
+ package=''
[ -d $part ] || return 1
case $type in
loop-AES)
+ package="partman-crypto-loop"
echo AES256 > $part/cipher
echo keyfile > $part/keytype
rm -f $part/keysize
@@ -416,6 +441,7 @@
rm -f $part/keyhash
;;
dm-crypt)
+ package="partman-crypto-dm"
echo aes > $part/cipher
echo 256 > $part/keysize
echo cbc-essiv:sha256 > $part/ivalgorithm
@@ -424,8 +450,20 @@
;;
esac
+ # Make sure something was configured before we go on
+ if [ -z "$package" ]; then
+ return 1
+ fi
+
+ # Pull in all additional dependencies
+ if ! crypto_load_udebs "$package"; then
+ return 1
+ fi
+
# Also load the modules needed for the chosen type/cipher
crypto_load_modules $type "$(cat $part/cipher)"
+
+ return 0
}
crypto_check_required_tools() {
Reply to: