Hello, Christian Perrier kindly reminded me to ask on this list for review of the newly introduced debconf template in cryptsetup. The template is displayed when the package is removed/purged and the system still has active (unlocked) encrypted dm-crypt devices. It warns the admin that after removing cryptsetup, locking the dm-crypt devices works no longer as expected. In other words, neither the initscript nor the cryptdisks_start/stop scripts are available any longer. In fact, the low-level dmsetup supports to lock/stop dm-crypt devices as well, but admins might not be aware of that. And finally, shutdown or reboot properly locks the dm-crypt devices as well. Please keep me in Cc, as I'm not subscribed to that list. Finally, here's the template: Template: cryptsetup/prerm_active_mappings Type: boolean Default: true _Description: Continue with cryptsetup removal? You have unlocked dm-crypt devices: ${cryptmap} . If you used to manage these devices with cryptsetup, you might be unable to lock the devices after the package removal. There are other tools for managing dm-crypt devices though. In any case, system shutdown/reboot will lock the devices. . In case you want to lock the dm-crypt devices before package removal, say no here, and continue with removal after all dm-crypt devices have been locked. And this is the information about cryptsetup: Package: cryptsetup Version: 2:1.3.0-3 Installed-Size: 740 Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org> Architecture: amd64 Replaces: cryptsetup-luks, hashalot (<< 0.3-2) Provides: cryptsetup-luks Depends: libc6 (>= 2.2.5), libcryptsetup1 (>= 2:1.3), libpopt0 (>= 1.16), debconf (>= 0.5) | debconf-2.0, dmsetup Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl Conflicts: cryptsetup-luks Breaks: hashalot (<< 0.3-2) Description: configures encrypted block devices Cryptsetup provides a command-line interface for configuring encrypted devices. This is done using the Linux kernel device mapper target dm-crypt. This version of cryptsetup has integrated support for LUKS. . cryptsetup is backwards compatible with the on-disk format of cryptoloop, but also supports more secure formats. This package includes support for automatically configuring encrypted devices at boot time via the config file /etc/crypttab. Additional features are cryptoroot support through initramfs-tools and several supported ways to read a passphrase or key. Homepage: http://code.google.com/p/cryptsetup/ Tag: admin::boot, admin::filesystem, implemented-in::c, interface::commandline, role::program, scope::utility, security::cryptography, security::privacy, use::configuring Section: admin Priority: optional Greetings, jonas
Attachment:
signature.asc
Description: Digital signature