[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

partman-crypto: reducing memory usage in d-i



Hi,

before I want on vacation I whipped up the attached patch which changes partman-crypto to do "on-demand" loading of components. The result is that it doesn't use memory if not used at the expense of additional downloads during partitioning if encryption is desired.

I'm hoping to get some feedback on whether this is a good idea before I commit anything.

Regards,
David

Index: choose_method/crypto/do_option
===================================================================
--- choose_method/crypto/do_option	(revision 39979)
+++ choose_method/crypto/do_option	(working copy)
@@ -11,14 +11,7 @@
 rm -f $part/use_filesystem
 rm -f $part/format
 
-# Set defaults
-if [ -d /lib/partman/ciphers/dm-crypt ]; then
-	echo dm-crypt > $part/crypto_type
-	crypto_set_defaults $part dm-crypt
-elif [ -d /lib/partman/ciphers/loop-AES ]; then
-	echo loop-AES > $part/crypto_type
-	crypto_set_defaults $part loop-AES
-else
-	exit 1
-fi
+# Set defaults (this also downloads additional components)
+crypto_set_defaults $part dm-crypt || exit 1
+echo dm-crypt > $part/crypto_type
 echo crypto > $part/method
Index: debian/control
===================================================================
--- debian/control	(revision 39979)
+++ debian/control	(working copy)
@@ -1,6 +1,6 @@
 Source: partman-crypto
 Section: debian-installer
-Priority: standard
+Priority: optional
 Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
 Uploaders: Max Vozeler <xam@debian.org>
 Build-Depends: debhelper (>= 5.0.25), po-debconf (>= 0.5.0)
@@ -8,17 +8,18 @@
 Package: partman-crypto
 XC-Package-Type: udeb
 Architecture: any
-Depends: partman-base (>= 87), partman-crypto-dm, partman-crypto-loop, cdebconf-newt-entropy (>= 0.3), ${shlibs:Depends}, ${misc:Depends}
+Priority: standard
+Depends: partman-base (>= 87), ${shlibs:Depends}, ${misc:Depends}
 Description: Add to partman support for block device encryption
 
 Package: partman-crypto-dm
 XC-Package-Type: udeb
 Architecture: all
-Depends: partman-crypto, crypto-modules, cryptsetup-udeb
+Depends: partman-crypto, crypto-modules, cryptsetup-udeb, cdebconf-newt-entropy (>= 0.3)
 Description: Add to partman support for dm-crypt encryption
 
 Package: partman-crypto-loop
 XC-Package-Type: udeb
 Architecture: all
-Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb
+Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb, cdebconf-newt-entropy (>= 0.3)
 Description: Add to partman support for loop-AES encryption
Index: debian/partman-crypto.templates
===================================================================
--- debian/partman-crypto.templates	(revision 39979)
+++ debian/partman-crypto.templates	(working copy)
@@ -363,6 +363,11 @@
  be destroyed upon each reboot. This should only be used for
  swap partitions.
 
+Template: partman-crypto/install_udebs_failure
+Type: error
+_Description: Failed to download crypto components
+ An error occurred trying to download additional crypto components.
+
 Template: partman-crypto/warning_experimental_nonaudit
 Type: boolean
 Default: false
Index: active_partition/crypto_type/do_option
===================================================================
--- active_partition/crypto_type/do_option	(revision 39979)
+++ active_partition/crypto_type/do_option	(working copy)
@@ -38,6 +38,10 @@
 method=$(cat $part/method)
 
 if [ $method = crypto ]; then
+	# Load all known crypto types
+	if ! crypto_load_udebs "partman-crypto-dm partman-crypto-loop"; then
+		return 1
+	fi
 	select_crypto_type
 fi
 
Index: crypto_tools.sh
===================================================================
--- crypto_tools.sh	(revision 39979)
+++ crypto_tools.sh	(working copy)
@@ -397,18 +397,43 @@
 	return 0
 }
 
+# Loads additional crypto udebs
+crypto_load_udebs() {
+	local templ packages package
+	packages="$1"
+	templ="partman-crypto/install_udebs_failure"
+
+	if [ -z "$packages" ]; then
+		return 1
+	fi
+
+	for package in $packages; do
+		if ! anna-install $package; then
+			db_fset $templ seen false
+			db_input critical $templ
+			db_go || true
+			return 1
+		fi
+	done
+
+	return 0
+}
+
 # Does initial setup for a crypto method:
-#  1) sets default values
-#  2) loads default modules
+#  1) Loads the appropriate udebs
+#  2) sets default values
+#  3) loads default modules
 crypto_set_defaults () {
-	local part type
+	local part type package
 	part=$1
 	type=$2
+	package=''
 
 	[ -d $part ] || return 1
 
 	case $type in
 	loop-AES)
+		package="partman-crypto-loop"
 		echo AES256 > $part/cipher
 		echo keyfile > $part/keytype
 		rm -f $part/keysize
@@ -416,6 +441,7 @@
 		rm -f $part/keyhash
 		;;
 	dm-crypt)
+		package="partman-crypto-dm"
 		echo aes > $part/cipher
 		echo 256 > $part/keysize
 		echo cbc-essiv:sha256 > $part/ivalgorithm
@@ -424,8 +450,20 @@
 		;;
 	esac
 
+	# Make sure something was configured before we go on
+	if [ -z "$package" ]; then
+		return 1
+	fi
+
+	# Pull in all additional dependencies
+	if ! crypto_load_udebs "$package"; then
+		return 1
+	fi
+
 	# Also load the modules needed for the chosen type/cipher
 	crypto_load_modules $type "$(cat $part/cipher)"
+
+	return 0
 }
 
 crypto_check_required_tools() {

Reply to: