On Mon, Jan 08, 2007 at 07:59:15PM +0100, Marcus Better wrote:
Good, then this is "just" a documentation issue. The defaults in the
initramfs scripts are unfortunately different from that of the plain
cryptsetup binary, so the hash=ripemd160 line should be included in the
/etc/crypttab setup.
Hmm... That feels a bit ugly IMHO. Having different defaults could lead to
future bugs. And a line in the documentation wouldn't prevent lusers who
don't read docs too well from just trying it.
Yes, it is ugly, and unfortunate...but that's the way it is...
Changing the defaults is not a good solution since that would break the
setup for others,
Are you sure?
Yes, I'm sure that there might be situations where a change would bite
users right now. And changing that with a release upcoming is not a good
idea IMHO, I'd prefer minimal changes right now.
To break an existing setup, it seems the user would need a
mapping that depends on sha256 as the default hash (in initramfs). But such a
mapping cannot exist, unless the user specifically creates the mapping
manually with sha256 and forgets to add the hash spec to /etc/crypttab. That
is a user error, which would moreover bite the user whenever s/he tried to
activate the partition with /etc/init.d/cryptdisks
Yup, we can try to change the default post-Etch, but not now.
- something that the user
is very likely to have tried already. It should suffice to tell the user to
fix it in a NEWS entry or debconf notice.
I don't agree that it's very likely. What is likely is that the mapping
is setup during boot and not touched later.
So it seems it would work if we fix the initramfs scripts, and run
update-initramfs in postinst.
--
David Härdeman
