Bug#530784: partman-crypto: preseeding of the dm-crypt passphrase failed
Hello,
sorry i think my last email missed the bug report (i got an error
'140.211.166.43_does_not_like_recipient./Remote_host_said:_550_unknown_user/Giving_up_on_140.211.166.43./')
I choose the way of comment this, because i think it's a best way
to do the documentation. It's also possible do delete this four
lines. But may be later on somebody think this in insecure and
but the lines back again ...
The example preseed file i missed (i used one from the internet).
But you're right there should be an example in it and a discription
how to handle this.
The 'problem' with this way of preseeding is, if you want to use
two seperate crypted partitions you cannot use two different passphrases.
Here an example with one crypted partition (the way we do it):
/dev/sda1 -> boot
/dev/sda2 -> crypted
/dev/mapper/crypted -> lvm_volume_group
/dev/mapper/lvm_volume_group -> logical_volume
/dev/mapper/logical_volume -> root
/dev/mapper/logical_volume -> swap
Here an example with two crypted partition (did not work with
two seperate passphrases):
/dev/sda1 -> boot
/dev/sda2 -> crypted_1
/dev/sda2 -> crypted_2
/dev/mapper/crypted_1 -> root
/dev/mapper/crypted_2 -> swap
With the second way it is not possible to use two diffrent
passphrases during installation. The 'value' is set the first
time and is not deleted before the second question.
Also you cannot delete the values _after_ setting up the first
crypted partition. Because then the preseeding didn't work for
the second crypted partition.
It would only be possible to do that by changing the hole
blockdev_keygen to include the partition name in the 'templ'
value. But i don't know whether the partition name is known
at this time in the blockdev_keygen script.
Respectfully
Gabriel
> Quoting Gabriel Sailer (Gabriel.Sailer@gmx.net):
>> > Hallo,
>> > late but not to late i hope i have a patch to allow preseeding
>> > the crypto passphrase. I tried it successfull with only preseeding
>> > the passphrase with the following preseeding file:
>
> Eh....that was indeed as simple as dropping (commenting) the lines
> that reset the debconf value....
>
> Is there any objection for me to commit this? I'm not very familiar
> with all this code, but I don't see what it could harm.
>
> This probably deserves a small addition to the installation manual
> too, at least adding the following to the example preseed file...
>
>
> CC'ing Frans to get advice about documenting the new "feature".
>
####################################################################
# Disk Partitioning/Boot loader
####################################################################
# dm-crypt passphrase
d-i partman-crypto/passphrase password
This_is_a_very_long_and_secret_passphrase!
d-i partman-crypto/passphrase-again password
This_is_a_very_long_and_secret_passphrase!
I appended the patch. Attention: there is no warning or something else
because the installation should not be interrupted by an acknowledgment).
--- blockdev-keygen 2009-07-09 20:44:06.000000000 +0200
+++ blockdev-keygen.new 2009-07-09 20:44:47.000000000 +0200
@@ -36,14 +36,16 @@
pass_ok=0
while [ $pass_ok -eq 0 ]; do
templ="partman-crypto/passphrase"
- db_set $templ ""
- db_fset $templ seen false
+# we want to use the crypto passphrase from preseed file
+# db_set $templ ""
+# db_fset $templ seen false
db_subst $templ DEVICE "$description"
db_input critical $templ
templ="partman-crypto/passphrase-again"
- db_set $templ ""
- db_fset $templ seen false
+# we want to use the crypto passphrase from preseed file
+# db_set $templ ""
+# db_fset $templ seen false
db_input critical $templ
db_go || return 1
--
Reply to: