Hey Helmut, On 21/02/2008 Helmut Grohne wrote: > > > No. Testing takes time and I want to do that in one chunk. Furthermore I > > > need to rewrite the patch first. The patch doesn't permit an infinite > > > number of retries by setting tries=0. I'll tell you when I'm finished. > > I verified that the attached patch works as expected.
great, even though I'm curious about how the tries option get's delivered from /etc/crypttab to /conf/conf.d/cryproot in initramfs. I thought that the cryptroot hook script was responsible for that. And this script, as far as i understand it, doesn't add the tries option but only cipher, hash, size, lvm, keyscript and luks. (see lines 170 to 241 in /usr/share/initramfs-tools/hooks/cryptroot) > > I object against support for infinite retries. Upstream cryptsetup > > doesn't support this, and I don't like to divert from cryptsetup > > behaviour in the initramfs scripts. > > The feature doesn't hurt. It doesn't degrade anything. > > > Even if initramfs stuff supports tries=0 for infinite retries, starting > > the mapping through /etc/init.d/cryptdisks will give you just one try. > > I don't see a use for the initscript, but within initramfs it should be > possible to prevent booting without a password using tries=0. > > If you don't want to take my patch, please clone this bugreport and tag > it as wontfix, upstream. Ok, I accept your patch, with one minor change: I changed + while [ $crypttries -le 0 -o $count -lt $crypttries ]; do to + while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do It would be great if you could provide a patch to the crypttab manpage as well, which documents that change. Or to README.initramfs. greetings, jonas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
