Bug#384532: partman-crypto: implement on-demand loading
Package: partman-crypto
Version: 10
Severity: normal
Tags: patch
As discussed on debian-devel, we should implement on-demand-loading for
partman-crypto so that most of the packages are only loaded if/when the
functionality is needed. This will reduce the memory requirements for an
average install by several MB's.
I've attached the latest version of the patch. This one adds all the
suggestions that the last one received on debian-boot (lowmem check,
progress bar, anna-install only executed once per package).
I've tested the patch to the best of my ability, but since all crypto
packages are currently included, it is hard to test the downloading of
components properly.
Anyways, unless I get some feedback to the contrary, I plan to commit
this patch soonish (probably during the weekend).
Regards,
David
Index: choose_method/crypto/do_option
===================================================================
--- choose_method/crypto/do_option (revision 40192)
+++ choose_method/crypto/do_option (working copy)
@@ -11,14 +11,7 @@
rm -f $part/use_filesystem
rm -f $part/format
-# Set defaults
-if [ -d /lib/partman/ciphers/dm-crypt ]; then
- echo dm-crypt > $part/crypto_type
- crypto_set_defaults $part dm-crypt
-elif [ -d /lib/partman/ciphers/loop-AES ]; then
- echo loop-AES > $part/crypto_type
- crypto_set_defaults $part loop-AES
-else
- exit 1
-fi
+# Set defaults (this also downloads additional components)
+crypto_prepare_method $part dm-crypt || exit 1
+echo dm-crypt > $part/crypto_type
echo crypto > $part/method
Index: debian/control
===================================================================
--- debian/control (revision 40192)
+++ debian/control (working copy)
@@ -8,17 +8,18 @@
Package: partman-crypto
XC-Package-Type: udeb
Architecture: any
-Depends: partman-base (>= 87), partman-crypto-dm, partman-crypto-loop, cdebconf-newt-entropy (>= 0.3), ${shlibs:Depends}, ${misc:Depends}
+Priority: standard
+Depends: partman-base (>= 87), ${shlibs:Depends}, ${misc:Depends}
Description: Add to partman support for block device encryption
Package: partman-crypto-dm
XC-Package-Type: udeb
Architecture: all
-Depends: partman-crypto, crypto-modules, cryptsetup-udeb
+Depends: partman-crypto, crypto-modules, cryptsetup-udeb, cdebconf-newt-entropy (>= 0.3)
Description: Add to partman support for dm-crypt encryption
Package: partman-crypto-loop
XC-Package-Type: udeb
Architecture: all
-Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb
+Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb, cdebconf-newt-entropy (>= 0.3)
Description: Add to partman support for loop-AES encryption
Index: debian/partman-crypto.templates
===================================================================
--- debian/partman-crypto.templates (revision 40192)
+++ debian/partman-crypto.templates (working copy)
@@ -363,6 +363,18 @@
be destroyed upon each reboot. This should only be used for
swap partitions.
+Template: partman-crypto/install_udebs_failure
+Type: error
+_Description: Failed to download crypto components
+ An error occurred trying to download additional crypto components.
+
+Template: partman-crypto/install_udebs_low_mem
+Type: boolean
+_Description: Proceed to install crypto components despite insufficient memory?
+ There does not seem to be sufficient memory available to install
+ additional crypto components. Would you like to go ahead and try
+ anyway? Note that this may crash the installation process.
+
Template: partman-crypto/warning_experimental_nonaudit
Type: boolean
Default: false
Index: active_partition/crypto_type/do_option
===================================================================
--- active_partition/crypto_type/do_option (revision 40192)
+++ active_partition/crypto_type/do_option (working copy)
@@ -25,19 +25,30 @@
done
)
+ if [ -z "$choices" ]; then
+ return 1
+ fi
+
template="partman-crypto/crypto_type"
if ! debconf_select critical $template "$choices" ""; then
- return
+ return 1
fi
type=$RET
+
echo $type > $part/crypto_type
- crypto_set_defaults $part $type
+ crypto_prepare_method $part $type || return 1
+
+ return 0
}
[ -f $part/method ] || exit 0
method=$(cat $part/method)
if [ $method = crypto ]; then
- select_crypto_type
+ # Load all known crypto types
+ crypto_load_udebs partman-crypto-dm
+ crypto_load_udebs partman-crypto-loop
+
+ select_crypto_type || return 1
fi
Index: crypto_tools.sh
===================================================================
--- crypto_tools.sh (revision 40192)
+++ crypto_tools.sh (working copy)
@@ -381,7 +381,7 @@
for module in $(cat $modulefile); do
if [ -f $moduledir/$module ]; then
# Already loaded
- continue;
+ continue
fi
if modprobe -q $module; then
@@ -396,9 +396,56 @@
return 0
}
-# Does initial setup for a crypto method:
-# 1) sets default values
-# 2) loads default modules
+# Loads additional crypto udebs
+crypto_load_udebs() {
+ local packages udebdir package memfree
+ packages="$1"
+ udebdir=/var/run/partman-crypto/udebs
+
+ if [ -z "$packages" ]; then
+ return 0
+ fi
+
+ if [ ! -d $udebdir ]; then
+ mkdir -p $udebdir
+ fi
+
+
+ for package in $packages; do
+ if [ -f $udebdir/$package ]; then
+ continue
+ fi
+
+ if [ -e /proc/meminfo ]; then
+ memfree=$(grep MemFree /proc/meminfo | head -1 | \
+ sed 's/.*:[[:space:]]*\([0-9]*\).*/\1/')
+ # A more or less arbitrary limit
+ if [ "$memfree" -lt 10000 ]; then
+ db_set partman-crypto/install_udebs_low_mem false
+ db_fset partman-crypto/install_udebs_low_mem seen false
+ db_input critical partman-crypto/install_udebs_low_mem
+ db_go || true
+ db_get partman-crypto/install_udebs_low_mem
+ if [ "$RET" != true ]; then
+ return 1
+ fi
+ fi
+ fi
+
+ if ! anna-install $package; then
+ db_fset partman-crypto/install_udebs_failure seen false
+ db_input critical partman-crypto/install_udebs_failure
+ db_go || true
+ return 1
+ fi
+
+ touch $udebdir/$package
+ done
+
+ return 0
+}
+
+# Sets the defaults for a given crypto type
crypto_set_defaults () {
local part type
part=$1
@@ -422,9 +469,53 @@
rm -f $part/keyhash
;;
esac
+ return 0
+}
- # Also load the modules needed for the chosen type/cipher
- crypto_load_modules $type "$(cat $part/cipher)"
+# Does initial setup for a crypto method:
+# 1) Loads the appropriate udebs
+# 2) Loads the appropriate kernel modules
+# 3) Sets default values
+crypto_prepare_method () {
+ local part type package
+ part=$1
+ type=$2
+ package=''
+
+ [ -d $part ] || return 1
+ case $type in
+ dm-crypt)
+ package="partman-crypto-dm"
+ ;;
+ loop-AES)
+ package="partman-crypto-loop"
+ ;;
+ *)
+ return 1
+ ;;
+ esac
+
+ # 1A - Pull in the method package and additional dependencies
+ if ! crypto_load_udebs $package; then
+ return 1
+ fi
+
+ # 1B - Verify that it worked
+ if ! crypto_check_required_tools $type; then
+ return 1
+ fi
+
+ # 2 - Also load the kernel modules needed for the chosen type/cipher
+ if ! crypto_load_modules $type $(cat $part/cipher); then
+ return 1
+ fi
+
+ # 3 - Finally, set the defaults for the chosen type
+ if ! crypto_set_defaults $part $type; then
+ return 1
+ fi
+
+ return 0
}
crypto_check_required_tools() {
@@ -438,6 +529,8 @@
loop-AES)
tools="/bin/blockdev-keygen /usr/bin/gpg /bin/base64"
;;
+ *)
+ return 1
esac
for tool in $tools; do
Reply to: