Bug#465902: [pkg-cryptsetup-devel] Bug#465902: Works for me!

Wed, 09 Jul 2008 08:46:30 -0700 

David Härdeman wrote:

On Wed, July 9, 2008 07:28, Thomas Luzat wrote:

I just wanted to tell you that the patches (cryptsetup, initramfs-tools,
dropbear) work for me. It would be nice to see the dropbear patch
applied to the next version and an extended CryptoRoot.HowTo in
cryptsetup once the dropbear patches are in.


For the cryptsetup part it's not a question whether the patches work or
not, because the approach they use should not be necessary anymore.



Right. What I meant was the askpass binary here, which works for me to 
unlock my root after having locked in through dropbear. Given that you 
can now unlock your root by using


cat > /lib/cryptsetup/passfifo

or

echo -n ... > /lib/cryptsetup/passfifo


without having to kill any processes it looks to me as if #465902 can be 
closed, which is my main point relating to this bug report besides 
giving feedback on that askpass works, given that there were no further 
mails in the BTS after your request for testing cryptsetup.



The only reason that I can see not to close the bug report would be if 
you wanted to replace that "cat"/"echo" by some script within the 
cryptsetup package. Of course one might argue if such a script 1) is 
necessary and 2) whether it should belong to cryptsetup or dropbear. I 
would tend to say cryptsetup here, because without cryptsetup it 
wouldn't make any sense.



The question is rather if the dropbear initramfs script can be adapted to
use the "askpass" functionality that we've added to cryptsetup in order to
support this functionality. No changes should be necessary to cryptsetup
anymore.



Right, cryptsetup is ok. dropbear doesn't strictly need adaptation for 
askpass as shown above, even though that might be convenient. It only 
really needs the last patch attached to #465903 to make it into the 
initramfs at all.



Thomas, you need to check with Chris on the status of updated patches.



As far as I can tell there are no open issues with the one for dropbear 
(which is the only one missing), but I might try to get some info from 
Chris and especially Gerrit Pape (dropbear maintainer) why there is no 
progress.


Cheers

Thomas Luzat



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]























					Reply via email to