[RFC] Allow block device providers to veto file systems

To: debian-boot@lists.debian.org
Subject: [RFC] Allow block device providers to veto file systems
From: Max Vozeler <max@nusquama.org>
Date: Fri, 30 Nov 2007 15:16:56 +0000
Message-id: <[🔎] 20071130151656.GA14907@dp.vpn.nusquama.org>
Mail-followup-to: debian-boot@lists.debian.org

Hey all,

I've spent some time thinking about possible solutions
for #414638 which all essentially worked around the fact
that partman offers file systems (via valid_filesystems)
that are not actually valid for certain crypto setups.

So I thought it would be useful to have a mechanism for 
"providers" of block devices to veto the use of certain
file systems on the devices they provide, because they 
know that those choices won't work [1].

I've pondered different ways of implementing this, and
ended up with the attached patch. There are two things
I don't like about it: Since we are piping the list of 
filesystems through the veto scripts, any error in them
can cause the list to end up empty. The scripts have to
be extra careful not to consume stdin by accident.

The second thing I don't like but couldn't come up with
anything better is the name 'valid_filesystems_veto'. If
the basic idea is sound, and anyone has suggestions for
a better name of the directory, I'm all ears :-)

	Max

-- 
[1] Otherwise we have to catch those "invalid" choices
in e.g. check.d or finish.d scripts, warn the user and
tell them to go back and fix it themselves. I feel we 
already have too many of those rather user-unfriendly 
checks in partman-crypto. If we can, we should IMO try
prevent invalid choices in the first place.

Index: partman-basicmethods/choose_method/filesystem/choices
===================================================================
--- partman-basicmethods/choose_method/filesystem/choices	(revision 50282)
+++ partman-basicmethods/choose_method/filesystem/choices	(working copy)
@@ -13,7 +13,13 @@
     done
 )
 
-for fs in $filesystems; do
+allowed=$filesystems
+for i in /lib/partman/valid_filesystems_veto/*; do
+    [ -x $i ] || continue
+    allowed=$(echo $allowed | $i $dev $id)
+done
+
+for fs in $allowed; do
     db_metaget partman/filesystem_long/$fs description || RET=''
     RET=${RET:-$fs}
     printf "${fs}\t${RET}\n"
Index: partman-basicmethods/debian/changelog
===================================================================
--- partman-basicmethods/debian/changelog	(revision 50282)
+++ partman-basicmethods/debian/changelog	(working copy)
@@ -7,8 +7,13 @@
   [ Colin Watson ]
   * Use 'mkdir -p' rather than more awkward test-then-create constructions.
 
- -- Frans Pop <fjp@debian.org>  Sun, 13 May 2007 04:05:35 +0200
+  [ Max Vozeler ]
+  * choose_method/filesystem/choices: Allow scripts in
+    valid_filesystems_veto to prevent certain filesystems
+    from being offered.
 
+ -- Max Vozeler <xam@debian.org>  Fri, 30 Nov 2007 14:10:02 +0000
+
 partman-basicmethods (35) unstable; urgency=low
 
   * Move sanity-checking scripts from finish.d to check.d. Requires
Index: partman-crypto/debian/changelog
===================================================================
--- partman-crypto/debian/changelog	(revision 50282)
+++ partman-crypto/debian/changelog	(working copy)
@@ -6,8 +6,13 @@
   [ Max Vozeler ]
   * Correct dependencies in base64/Makefile; Thanks to 
     Robert Millan for report + patch. Closes: #452830
+
   * Drop use of the obsolete /dev/loop/ directory
 
+  * Use valid_filesystems_veto to allow only ext2 on crypto
+    devices with random keys. Closes: #414638. This is only 
+    effective with partman-basicmethods 36 or later.
+
  -- Max Vozeler <xam@debian.org>  Sun, 25 Nov 2007 17:01:43 +0100
 
 partman-crypto (22) unstable; urgency=low
Index: partman-crypto/debian/rules
===================================================================
--- partman-crypto/debian/rules	(revision 50282)
+++ partman-crypto/debian/rules	(working copy)
@@ -48,6 +48,7 @@
 	dh_install base64/base64 bin/
 	dh_install blockdev-keygen bin/
 	dh_install blockdev-wipe/blockdev-wipe bin/
+	dh_install valid_filesystems_veto lib/partman
 	rm -rf `find debian/$(PACKAGE) -name .svn`
 
 binary-indep: install-indep
Index: partman-crypto/valid_filesystems_veto/crypto
===================================================================
--- partman-crypto/valid_filesystems_veto/crypto	(revision 0)
+++ partman-crypto/valid_filesystems_veto/crypto	(revision 0)
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Veto filesystems unsuitable for certain crypto setups
+
+dev=$1
+id=$2
+
+filesystems_veto ()
+{
+	[ -f $dev/crypt_realdev ] || return 1
+
+	# Get to the underlying crypto device directory
+	r=$(cat $dev/crypt_realdev)
+	cryptodev=${r##*:}
+
+	[ -f $cryptodev/method ] || return 1
+	method=$(cat $cryptodev/method)
+
+	if [ $method = crypto ]; then
+		[ -f $cryptodev/keytype ] || return 1
+		keytype=$(cat $cryptodev/keytype)
+
+		if [ $keytype = random ]; then
+			# Veto anything but ext2
+			for fs in $(cat); do
+				case fs in
+				ext2)
+					echo $fs
+					;;
+				esac
+			done
+			return 0
+		fi
+	fi
+
+	return 1
+}
+
+filesystems_veto || cat
+
+exit 0

Reply to:

Follow-Ups:
- Re: [RFC] Allow block device providers to veto file systems
  - From: Frans Pop <elendil@planet.nl>

Prev by Date: Bug#453661: adding title [patch]
Next by Date: Re: [RFC] Allow block device providers to veto file systems
Previous by thread: Bug#453661: adding title [patch]
Next by thread: Re: [RFC] Allow block device providers to veto file systems
Index(es):
- Date
- Thread