Re: RFH: dropbear initramfs support

To: debian-devel@lists.debian.org
Subject: Re: RFH: dropbear initramfs support
From: Lukas Anzinger <l.anzinger@gmail.com>
Date: Tue, 14 Jan 2014 19:25:14 +0100
Message-id: <[🔎] CACB1Aev2oGwmsojj4LdWWDQ9CqMp3uArXZPhfAmov7p9ryPReQ@mail.gmail.com>
In-reply-to: <[🔎] 20140114132404.7481.qmail@30c3a586213ae7.315fe32.mid.smarden.org>
References: <[🔎] 20140114132404.7481.qmail@30c3a586213ae7.315fe32.mid.smarden.org>

Hi Gerrit,

first I want to say thank you for maintaining dropbear and the
cryptsetup patches. The package works well and reliable for me on a
number of hosts.

However, it's a bit rough around the edges and didn't see any
improvements for some time so I started to update it locally by
myself. I created a man page for dropbearconvert, added a watch file,
get-orig-source target, converted the package to Debhelper 9, enabled
the compilation of dropbear scp, which is a long wanted feature in the
Debian BTS and did some minor cleanup.

This was around summer 2013, I lost interest after some time because I
filed some bug reports (#720987, #692611, #715534) against packages
you maintain (dropbear, git, dash) and since I saw no reaction I had a
good excuse for myself to settle my work.

I believe that the initramfs patches should be eventually moved from
dropbear to cryptsetup-dropbear (and probably maintained in the
cryptsetup source package) because they only utilize dropbear to have
a SSH daemon running in the initramfs but they aren't needed to run
dropbear itself. Or to put it another way: Just because you install
dropbear doesn't mean you want to run it in the initramfs and decrypt
your LUKS devices with it. Admittedly, that's probably the number one
use case on Debian (as opposed to an embedded system like OpenWRT
where the tininess is a also a compelling argument). I also believe
that echo'ing your passphrase to /lib/cryptsetup/passfifo is a thing
you don't want to do on a regular basis, instead a pass prompt like it
appears when booting with an encrypted drive would be nice.

All in all I believe that the "I want to unlock my drives remotely"
problem actually needs a major redesign to, first, address some of the
bugs in the BTS for dropbear and, second, be more user friendly and
configurable. I fully understand that you probably have no interested
in such a thing since you wouldn't even use it. I would be interested
but I'm not even a Debian developer and a good solution would touch
some packages (initramfs-tools, dropbear, cryptsetup at least) and has
potential for great failure.

Regards,

Lukas

On Tue, Jan 14, 2014 at 2:24 PM, Gerrit Pape <pape@smarden.org> wrote:
> Hi, in 2008 initramfs support was contributed to the dropbear package.
> Unfortunately the contributor seems to be no longer active and quite
> some bug reports concerning this feature have been collected in the BTS.
>
> Since I don't use ssh support in initrams, I hereby look for helpers or
> even a co-maintainer who take care of the bug reports and further
> development of this feature.
>
> A package git repository is available through
>  http://smarden.org/git/dropbear.git/
> and I'd be happy to receive patches through the BTS.
>
> Thanks, Gerrit.
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20140114132404.7481.qmail@30c3a586213ae7.315fe32.mid.smarden.org">http://lists.debian.org/[🔎] 20140114132404.7481.qmail@30c3a586213ae7.315fe32.mid.smarden.org
>

Reply to:

References:
- RFH: dropbear initramfs support
  - From: Gerrit Pape <pape@smarden.org>

Prev by Date: Bug#735318: ITP: libtest-roo-perl -- module for composable, reusable tests with roles and Moo
Next by Date: Bug#735319: ITP: libdbix-introspector-perl -- module to detect what database code is connected to
Previous by thread: RFH: dropbear initramfs support
Next by thread: Re: RFH: dropbear initramfs support
Index(es):
- Date
- Thread