[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please review new cryptsetup template


Christian Perrier kindly reminded me to ask on this list for review of
the newly introduced debconf template in cryptsetup.

The template is displayed when the package is removed/purged and the
system still has active (unlocked) encrypted dm-crypt devices. It warns
the admin that after removing cryptsetup, locking the dm-crypt devices
works no longer as expected. In other words, neither the initscript nor
the cryptdisks_start/stop scripts are available any longer.

In fact, the low-level dmsetup supports to lock/stop dm-crypt devices as
well, but admins might not be aware of that. And finally, shutdown or
reboot properly locks the dm-crypt devices as well.

Please keep me in Cc, as I'm not subscribed to that list.

Finally, here's the template:

Template: cryptsetup/prerm_active_mappings
Type: boolean
Default: true
_Description: Continue with cryptsetup removal?
 You have unlocked dm-crypt devices: ${cryptmap}
 If you used to manage these devices with cryptsetup, you might be unable to
 lock the devices after the package removal. There are other tools for managing
 dm-crypt devices though. In any case, system shutdown/reboot will lock the
 In case you want to lock the dm-crypt devices before package removal, say no
 here, and continue with removal after all dm-crypt devices have been locked.

And this is the information about cryptsetup:

Package: cryptsetup
Version: 2:1.3.0-3
Installed-Size: 740
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>
Architecture: amd64
Replaces: cryptsetup-luks, hashalot (<< 0.3-2)
Provides: cryptsetup-luks
Depends: libc6 (>= 2.2.5), libcryptsetup1 (>= 2:1.3), libpopt0 (>= 1.16), debconf (>= 0.5) | debconf-2.0, dmsetup
Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl
Conflicts: cryptsetup-luks
Breaks: hashalot (<< 0.3-2)
Description: configures encrypted block devices
 Cryptsetup provides a command-line interface for configuring encrypted
 devices. This is done using the Linux kernel device mapper target
 dm-crypt. This version of cryptsetup has integrated support for LUKS.
 cryptsetup is backwards compatible with the on-disk format of cryptoloop,
 but also supports more secure formats. This package includes support for
 automatically configuring encrypted devices at boot time via the config
 file /etc/crypttab. Additional features are cryptoroot support through
 initramfs-tools and several supported ways to read a passphrase or key.
Homepage: http://code.google.com/p/cryptsetup/
Tag: admin::boot, admin::filesystem, implemented-in::c, interface::commandline, role::program, scope::utility, security::cryptography, security::privacy, use::configuring
Section: admin
Priority: optional


Attachment: signature.asc
Description: Digital signature

Reply to: