Bug#694154: debian-installer: Preseeding isn't possible for partman-crypto (encrypted LVM)
Package: debian-installer
Version: 20121114
Severity: normal
Tags: d-i
Hi,
if my understanding of partman-crypto's blockdev-keygen's code is
correct, one isn't able to preseed the passphrase for encrypted LVM:
http://anonscm.debian.org/gitweb/?p=d-i/partman-crypto.git;a=blob;f=blockdev-keygen
(See get_passphrase; also, my experiments seem to agree.)
The comments at the top even say:
# This handles sensitive data that must not be swapped out
# or written out to disk unencrypted.
#
# Important: before running this script the caller has
# to check for unsafe swap partitions. This is done in
# choose_method/encrypt/do_options.
#
# Assumption: This runs as part of d-i. Therefore, temp
# files outside of /target reside in a ramdisk. Process
# information (think [ "$pass" ]) is not exposed to anyone
# but the installing user.
If we are to continue disallowing preseeding those parts, I believe
it would be nice to have that documented in the example preseed file.
Comments anyone?
Mraw,
KiBi.
Reply to: