Quoting Jonas Meurer (jonas@freesources.org):
> Finally, here's the template:
>
> Template: cryptsetup/prerm_active_mappings
> Type: boolean
> Default: true
> _Description: Continue with cryptsetup removal?
> You have unlocked dm-crypt devices: ${cryptmap}
> .
> If you used to manage these devices with cryptsetup, you might be unable to
> lock the devices after the package removal. There are other tools for managing
> dm-crypt devices though. In any case, system shutdown/reboot will lock the
> devices.
> .
> In case you want to lock the dm-crypt devices before package removal, say no
> here, and continue with removal after all dm-crypt devices have been locked.
"You have <foobar>". I might have nothing.:-) The system might not be
mine but one of the gazillion systems I'm administering. Which is why
we always discourage things like "your system", etc.
"say no" is a "no-no". With some debconf interfaces, boolean templates
are not a yes/no choice.
Here's my proposal.
_Description: Continue with cryptsetup removal?
Some unlocked dm-crypt devices (${cryptmap}) are in use on this system.
.
If these devices are managed with cryptsetup, you might be unable to
lock the devices after the package removal, though other tools can be
used for managing dm-crypt devices. As a consequence, any further
system shutdown or reboot is likely to lock the devices.
.
Do not choose this option if you want to lock the dm-crypt devices
before package removal.
> And this is the information about cryptsetup:
>
> Package: cryptsetup
> Version: 2:1.3.0-3
> Installed-Size: 740
> Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>
> Architecture: amd64
> Replaces: cryptsetup-luks, hashalot (<< 0.3-2)
> Provides: cryptsetup-luks
> Depends: libc6 (>= 2.2.5), libcryptsetup1 (>= 2:1.3), libpopt0 (>= 1.16), debconf (>= 0.5) | debconf-2.0, dmsetup
> Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl
> Conflicts: cryptsetup-luks
> Breaks: hashalot (<< 0.3-2)
> Description: configures encrypted block devices
"encrypted devices management tools"?
A verb sentence is discouraged in synopsis. Better use a noun phrase.
I'm unsure whether crypsetup provides tools for general encrypted
devices management or only tools to set them up, but you get the point.
> Cryptsetup provides a command-line interface for configuring encrypted
> devices. This is done using the Linux kernel device mapper target
> dm-crypt. This version of cryptsetup has integrated support for LUKS.
> .
> cryptsetup is backwards compatible with the on-disk format of cryptoloop,
> but also supports more secure formats. This package includes support for
> automatically configuring encrypted devices at boot time via the config
> file /etc/crypttab. Additional features are cryptoroot support through
> initramfs-tools and several supported ways to read a passphrase or key.
Maybe avoid the leading lowercase in 2nd paragraph, which always looks
ugly. Otherwise, no comment.
Attachment:
signature.asc
Description: Digital signature