Re: Bug#626641: cryptsetup: bug #587220 re-introduced

To: Christoph Anton Mitterer <mitterer@physik.uni-muenchen.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#626641: cryptsetup: bug #587220 re-introduced
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun, 15 May 2011 18:18:39 -0300
Message-id: <[🔎] 20110515211838.GA29544@khazad-dum.debian.net>
In-reply-to: <[🔎] 20110515172155.14404atey8dobp1s@webmail.physik.uni-muenchen.de>
References: <20110513222720.2005.71844.reportbug@heisenberg.scientia.net> <20110514114707.GA4876@resivo.wgnet.de> <1305375451.32697.5.camel@heisenberg.scientia.net> <20110514142230.GB4876@resivo.wgnet.de> <7d5bbcde48da2c28f343535ad3aa8895@imap.dd24.net> <[🔎] 20110515105228.GA4450@resivo.wgnet.de> <[🔎] 20110515120316.GA32677@khazad-dum.debian.net> <[🔎] 20110515172155.14404atey8dobp1s@webmail.physik.uni-muenchen.de>

On Sun, 15 May 2011, Christoph Anton Mitterer wrote:
> And honestly, I don't see much of a difference with the warnings
> when removing the running kernel.... or are there any bigger
> problems that modules that should be newly loaded would not be
> found?!

An immediate panic makes it impossible for you to fix the system.  Suble
differences in the kernel internal ABI can easily corrupt system state
and cause data loss or hard hangs.  And you'll need to reboot using a
live-cd to repair in the first place if you removed the last kernel that
could run your box.

OTOH, all it takes to handle a dm-crypt device you forgot open is the
direct use of dmsetup, or simply reinstalling cryptsetup.  Or a system
reboot/reset.  Or a system power off.

> Ideally, in a package like cryptsetup, operations should either
> fully succeed or fully fail, so that a user at least knows that he's
> in trouble.

...

> E.g. if I say /etc/init.d/cryptdisks stop, I expect that any
> cryptdisks are stopped (well at least ne not "early" ones) and if
> this didn't work for some _valid_[3] reason, a warning should be
> given and in any circumstances exit code should be != 0.

Well, initscripts *are* mandated to FAIL if they cannot shutdown the
service.  So yes, if there are cryptsetup disks open and you tell the
initscript to stop the service, and it cannot close the disks, it IS to
return failure.

OTOH, if there are *no* cryptsetup disks open to close in the first
place, it is to return success.

> 'essential' packages..." (and I guess you mean implicitly that
> cryptsetup is not essential) demonstrate quite well the wrong

It is not an 'essential package' by any means.  However, we have a very
strict technical definition of what an 'essential package' is, and that
definition is directly related to the packaging system and a few other
system details.

So you likely misunderstood me there.  It has nothing to do with how
essential cryptsetup is to your usage of a particular Debian system.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Bug#626641: cryptsetup: bug #587220 re-introduced
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Re: [pkg-cryptsetup-devel] Bug#626641: Bug#626641: cryptsetup: bug #587220 re-introduced
  - From: Jonas Meurer <jonas@freesources.org>
- Re: [pkg-cryptsetup-devel] Bug#626641: Bug#626641: cryptsetup: bug #587220 re-introduced
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#626641: cryptsetup: bug #587220 re-introduced
  - From: Christoph Anton Mitterer <mitterer@physik.uni-muenchen.de>

Prev by Date: Bug#626848: ITP: libqtzeitgeist0 -- wrapper library around the Zeitgeist DBus API for Qt
Next by Date: Re: Debian x86 32-bits built for i586 !?
Previous by thread: Re: Bug#626641: cryptsetup: bug #587220 re-introduced
Next by thread: Re: Bug#626641: cryptsetup: bug #587220 re-introduced
Index(es):
- Date
- Thread