Hello,
Christian Perrier kindly reminded me to ask on this list for review of
the newly introduced debconf template in cryptsetup.
The template is displayed when the package is removed/purged and the
system still has active (unlocked) encrypted dm-crypt devices. It warns
the admin that after removing cryptsetup, locking the dm-crypt devices
works no longer as expected. In other words, neither the initscript nor
the cryptdisks_start/stop scripts are available any longer.
In fact, the low-level dmsetup supports to lock/stop dm-crypt devices as
well, but admins might not be aware of that. And finally, shutdown or
reboot properly locks the dm-crypt devices as well.
Please keep me in Cc, as I'm not subscribed to that list.
Finally, here's the template:
Template: cryptsetup/prerm_active_mappings
Type: boolean
Default: true
_Description: Continue with cryptsetup removal?
You have unlocked dm-crypt devices: ${cryptmap}
.
If you used to manage these devices with cryptsetup, you might be unable to
lock the devices after the package removal. There are other tools for managing
dm-crypt devices though. In any case, system shutdown/reboot will lock the
devices.
.
In case you want to lock the dm-crypt devices before package removal, say no
here, and continue with removal after all dm-crypt devices have been locked.
And this is the information about cryptsetup:
Package: cryptsetup
Version: 2:1.3.0-3
Installed-Size: 740
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>
Architecture: amd64
Replaces: cryptsetup-luks, hashalot (<< 0.3-2)
Provides: cryptsetup-luks
Depends: libc6 (>= 2.2.5), libcryptsetup1 (>= 2:1.3), libpopt0 (>= 1.16), debconf (>= 0.5) | debconf-2.0, dmsetup
Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl
Conflicts: cryptsetup-luks
Breaks: hashalot (<< 0.3-2)
Description: configures encrypted block devices
Cryptsetup provides a command-line interface for configuring encrypted
devices. This is done using the Linux kernel device mapper target
dm-crypt. This version of cryptsetup has integrated support for LUKS.
.
cryptsetup is backwards compatible with the on-disk format of cryptoloop,
but also supports more secure formats. This package includes support for
automatically configuring encrypted devices at boot time via the config
file /etc/crypttab. Additional features are cryptoroot support through
initramfs-tools and several supported ways to read a passphrase or key.
Homepage: http://code.google.com/p/cryptsetup/
Tag: admin::boot, admin::filesystem, implemented-in::c, interface::commandline, role::program, scope::utility, security::cryptography, security::privacy, use::configuring
Section: admin
Priority: optional
Greetings,
jonas
Attachment:
signature.asc
Description: Digital signature