Bug#785732: Allow crypto default parameters to be preseeded
Package: partman-crypto
Version: 81
Hi,
Recently, I tried to preseed an encrypted installation and found that, no matter what options I set using debconf, and according to the entries declared in the "debian/templates" file of partman-crypto, options would be silently discarded.
I've attached a simple patch that fixes this. This has been tested on an unattended (ie. preseeded) installation.
Jérôme
commit 88fdca33e0a21aa6809ffc6804e221dcc4b5d731
Author: Jérôme Vizcaino <jerome.vizcaino@gmail.com>
Date: Tue May 12 15:56:36 2015 +0200
Default crypto parameters can now be preseeded
List of parameters:
* cipher: aes, serpent, etc...
* keysize: 256, 192, 128 (for aes)
* ivalgorithm: xts-plain64, cbc-essiv:sha256, etc...
* keytype: passphrase, random
* keyhash: sha1, sha256, etc...
diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index c919763..dbe958a 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -574,11 +574,16 @@ crypto_set_defaults () {
case $type in
dm-crypt)
- echo aes > $part/cipher
- echo 256 > $part/keysize
- echo xts-plain64 > $part/ivalgorithm
- echo passphrase > $part/keytype
- echo sha256 > $part/keyhash
+ db_get partman-crypto/cipher || RET=aes
+ echo $RET > $part/cipher
+ db_get partman-crypto/keysize || RET=256
+ echo $RET > $part/keysize
+ db_get partman-crypto/ivalgorithm || RET=xts-plain64
+ echo $RET > $part/ivalgorithm
+ db_get partman-crypto/keytype || RET=passphrase
+ echo $RET > $part/keytype
+ db_get partman-crypto/keyhash || RET=sha256
+ echo $RET > $part/keyhash
;;
esac
return 0
Reply to: