[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: please review new cryptsetup template

Quoting Jonas Meurer (jonas@freesources.org):

> Finally, here's the template:
> Template: cryptsetup/prerm_active_mappings
> Type: boolean
> Default: true
> _Description: Continue with cryptsetup removal?
>  You have unlocked dm-crypt devices: ${cryptmap}
>  .
>  If you used to manage these devices with cryptsetup, you might be unable to
>  lock the devices after the package removal. There are other tools for managing
>  dm-crypt devices though. In any case, system shutdown/reboot will lock the
>  devices.
>  .
>  In case you want to lock the dm-crypt devices before package removal, say no
>  here, and continue with removal after all dm-crypt devices have been locked.

"You have <foobar>". I might have nothing.:-) The system might not be
mine but one of the gazillion systems I'm administering. Which is why
we always discourage things like "your system", etc.

"say no" is a "no-no". With some debconf interfaces, boolean templates
are not a yes/no choice.

Here's my proposal.

_Description: Continue with cryptsetup removal?
 Some unlocked dm-crypt devices (${cryptmap}) are in use on this system.
 If these devices are managed with cryptsetup, you might be unable to
 lock the devices after the package removal, though other tools can be
 used for managing dm-crypt devices. As a consequence, any further
 system shutdown or reboot is likely to lock the devices.
 Do not choose this option if you want to lock the dm-crypt devices
 before package removal.

> And this is the information about cryptsetup:
> Package: cryptsetup
> Version: 2:1.3.0-3
> Installed-Size: 740
> Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>
> Architecture: amd64
> Replaces: cryptsetup-luks, hashalot (<< 0.3-2)
> Provides: cryptsetup-luks
> Depends: libc6 (>= 2.2.5), libcryptsetup1 (>= 2:1.3), libpopt0 (>= 1.16), debconf (>= 0.5) | debconf-2.0, dmsetup
> Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl
> Conflicts: cryptsetup-luks
> Breaks: hashalot (<< 0.3-2)
> Description: configures encrypted block devices

"encrypted devices management tools"?

A verb sentence is discouraged in synopsis. Better use a noun phrase.

I'm unsure whether crypsetup provides tools for general encrypted
devices management or only tools to set them up, but you get the point.

>  Cryptsetup provides a command-line interface for configuring encrypted
>  devices. This is done using the Linux kernel device mapper target
>  dm-crypt. This version of cryptsetup has integrated support for LUKS.
>  .
>  cryptsetup is backwards compatible with the on-disk format of cryptoloop,
>  but also supports more secure formats. This package includes support for
>  automatically configuring encrypted devices at boot time via the config
>  file /etc/crypttab. Additional features are cryptoroot support through
>  initramfs-tools and several supported ways to read a passphrase or key.

Maybe avoid the leading lowercase in 2nd paragraph, which always looks
ugly. Otherwise, no comment.

Attachment: signature.asc
Description: Digital signature

Reply to: