Bug#656710: partman-crypto: Preseeding the passphrase
Christian PERRIER bubu...@debian.org (2014-10-20): Quoting Cyril Brulebois (k...@debian.org): Christian: Can you please check that this modification isn't going to generate either noise or work for translators? And suggest another approach if I failed to do that properly. Should be fine from what I see, no problem. Thanks. Since I received no objections I went ahead and just uploaded partman-crypto/77. Mraw, KiBi. signature.asc Description: Digital signature
Bug#656710: partman-crypto: Preseeding the passphrase
Max Vozeler x...@debian.org (2014-07-30): On Wed, Jul 30, 2014 at 11:23:28AM +0200, Raphael Hertzog wrote: I have been using this patch in Kali (on top of wheezy's partman-crypto), it would be nice to have this patch merged in time for Jessie. Dimitrijs, Max or Christian? (You ar listed in Uploaders) Two things come to my mind: - The feature should have some documentation to explain to users that any preseeded passphrase is to be considered insecure and must be changed after installation, like Olaf suggested perhaps the preseeding template could be a good place. I think I'll go for a comment in partman-crypto's templates file for now. I still have to double check how the example preseed file is maintained, to make sure it contains said warning. - I have a vague memory of needing to clear the template value for partman-crypto/passphrase (and passphrase-again) to ensure the passphrase does not end up in the debconf database of the installed system. Could you verify if this is (still?) true? I'm also verifying this. Mraw, KiBi. signature.asc Description: Digital signature
Bug#656710: partman-crypto: Preseeding the passphrase
Control: tag -1 patch pending I've pushed a pu/master branch based on the changes in Ubuntu. These changes have been there since early 2010, they seem to be working mostly fine, and I'd rather avoid introducing more delta between Debian and Ubuntu by merging a different approach. Colin: Please confirm that looks good to you: http://anonscm.debian.org/cgit/d-i/partman-crypto.git/commit/?h=pu/masterid=be0a3afab31ba7a174047289c3aa5df179c6a794 http://anonscm.debian.org/cgit/d-i/partman-crypto.git/commit/?h=pu/masterid=34d54040ad6052a581f18732a8cb854445ae2e77 http://anonscm.debian.org/cgit/d-i/partman-crypto.git/commit/?h=pu/masterid=093592ce5f377679cbe717d5bdd87a35fcab98f5 The only minor issue I've been able to find using various combinations of empty, short, and long passphrase(-again) settings; crossed with true and false for weak_passphrase: if one preseeds weak_passphrase to false, one never gets a chance of seeing this prompt, in any cases. Of course it would be a user error to specify too short a passphrase in preseed and enforce this setting, but it could be somewhat misleading. I'm tempted to track this issue as a minor or normal bug against partman-crypto/76. Olaf: I'm really sorry for not merging your work but I hope you do understand the rationale above. Many thanks for submitting, though, and for reminding us of that feature request; that's appreciated! Cyril Brulebois k...@debian.org (2014-10-20): Two things come to my mind: - The feature should have some documentation to explain to users that any preseeded passphrase is to be considered insecure and must be changed after installation, like Olaf suggested perhaps the preseeding template could be a good place. I think I'll go for a comment in partman-crypto's templates file for now. I still have to double check how the example preseed file is maintained, to make sure it contains said warning. Christian: Can you please check that this modification isn't going to generate either noise or work for translators? And suggest another approach if I failed to do that properly. http://anonscm.debian.org/cgit/d-i/partman-crypto.git/commit/?h=pu/masterid=093592ce5f377679cbe717d5bdd87a35fcab98f5 - I have a vague memory of needing to clear the template value for partman-crypto/passphrase (and passphrase-again) to ensure the passphrase does not end up in the debconf database of the installed system. Could you verify if this is (still?) true? I'm also verifying this. Max: I haven't found a trace of the preseeded passphrase on the installed system. Possibly because it's not written there, because both passphrase and passphrase-again have Type: password? Mraw, KiBi. signature.asc Description: Digital signature
Bug#656710: partman-crypto: Preseeding the passphrase
Quoting Cyril Brulebois (k...@debian.org): Christian: Can you please check that this modification isn't going to generate either noise or work for translators? And suggest another approach if I failed to do that properly. Should be fine from what I see, no problem. signature.asc Description: Digital signature
Processed: Re: Bug#656710: partman-crypto: Preseeding the passphrase
Processing control commands: tag -1 patch pending Bug #656710 [partman-crypto] partman-crypto: Preseeding the passphrase Bug #530784 [partman-crypto] Consider adding support to preseed a dm-crypt passphrase Added tag(s) pending. Added tag(s) pending. -- 530784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530784 656710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b656710.14137996627636.transcr...@bugs.debian.org
Bug#656710: partman-crypto: Preseeding the passphrase
Hi, On Sat, 21 Jan 2012, Christian PERRIER wrote: Thanks for your proposal and the care you took in building a proper patch. We generally leave it up to Colin Watson to decide what Ubuntu change is well suited for being included in Debian, when it comes at D-I. So let's get his input about this. I have been using this patch in Kali (on top of wheezy's partman-crypto), it would be nice to have this patch merged in time for Jessie. Dimitrijs, Max or Christian? (You ar listed in Uploaders) Or should I just go ahead and commit it? Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730092328.ga19...@x230-buxy.home.ouaza.com
Bug#656710: partman-crypto: Preseeding the passphrase
Hi everyone, On Wed, Jul 30, 2014 at 11:23:28AM +0200, Raphael Hertzog wrote: I have been using this patch in Kali (on top of wheezy's partman-crypto), it would be nice to have this patch merged in time for Jessie. Dimitrijs, Max or Christian? (You ar listed in Uploaders) Two things come to my mind: - The feature should have some documentation to explain to users that any preseeded passphrase is to be considered insecure and must be changed after installation, like Olaf suggested perhaps the preseeding template could be a good place. - I have a vague memory of needing to clear the template value for partman-crypto/passphrase (and passphrase-again) to ensure the passphrase does not end up in the debconf database of the installed system. Could you verify if this is (still?) true? Other than that, I am happy with the change. Max -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730100409.ga11...@x201t.vpn.hinterhof.net
Bug#656710: partman-crypto: Preseeding the passphrase
Am 21.01.2012 08:36, schrieb Christian PERRIER: Quoting Olaf Mandel (o...@mandel.name): -Snipp- The passphrase should be preseedable for unattended installations. This is possible in the Ubuntu-version of this package since at least the end of March 2010 (40ubuntu2). The attached patch is an independent implementation of the same functionality. -Snipp- We generally leave it up to Colin Watson to decide what Ubuntu change is well suited for being included in Debian, when it comes at D-I. So let's get his input about this. Hello, maybe I should clarify a bit: while I replicated a feature available in Ubuntu, I did not copy their patch over! This started out as an independent work and only later did I realise that Ubuntu had already patched this. If you compare my patch (both the first, defective one and the second, corrected one) to their package, you should see that I take a different approach from how things are done in the Ubuntu package. Bearing this in mind, Colin Watsons opinion is certainly welcome, but is his approval really needed to consider this patch? Best regards, Olaf Mandel -- Olaf Mandel o...@mandel.name http://www.olaf.mandel.name/ PGP key: 1024D/33398848 2002-09-19 Fingerprint: 0E33 BEA6 1A71 9C5E 62BD FC0E 99A7 D2C6 3339 8848 signature.asc Description: OpenPGP digital signature
Bug#656710: partman-crypto: Preseeding the passphrase
Package: partman-crypto
Version: 49
Severity: wishlist
Tags: d-i patch
The passphrase should be preseedable for unattended installations. This
is possible in the Ubuntu-version of this package since at least the end
of March 2010 (40ubuntu2). The attached patch is an independent
implementation of the same functionality.
Thoughts on security:
The preseeded passphrase should be considered insecure, depending on the
source of the preseed file. But if the administrator ensures that the
user changes the passphrase after the first login, this should still be
secure enough (Maybe put a note about security into the preseed template
file?).
Currently tested on
http://ftp.debian.org/debian/dists/squeeze/main/installer-i386/current/images/netboot/mini.iso
.
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Olaf Mandel o...@mandel.name http://www.olaf.mandel.name/
PGP key: 1024D/33398848 2002-09-19
Fingerprint: 0E33 BEA6 1A71 9C5E 62BD FC0E 99A7 D2C6 3339 8848
--- partman-crypto-49/blockdev-keygen.orig 2012-01-20 20:11:31.603528151 +0100
+++ partman-crypto-49/blockdev-keygen 2012-01-20 20:33:55.293528151 +0100
@@ -31,25 +31,24 @@
}
get_passphrase () {
- local pass_ok
+ local templ last_RET pass pass_ok
pass_ok=0
while [ $pass_ok -eq 0 ]; do
templ=partman-crypto/passphrase
- db_set $templ
- db_fset $templ seen false
db_subst $templ DEVICE $description
db_input critical $templ
templ=partman-crypto/passphrase-again
- db_set $templ
- db_fset $templ seen false
db_input critical $templ
db_go || return 1
- db_get partman-crypto/passphrase || RET=''
+ templ=partman-crypto/passphrase
+ db_get $templ || RET=''
pass=$RET
+ db_set $templ
+ db_fset $templ seen false
if [ -z $pass ]; then
templ=partman-crypto/passphrase-empty
db_fset $templ seen false
@@ -57,8 +56,12 @@
continue
fi
- db_get partman-crypto/passphrase-again || RET=''
- if [ $pass != $RET ]; then
+ templ=partman-crypto/passphrase-again
+ db_get $templ || RET=''
+ last_RET=$RET
+ db_set $templ
+ db_fset $templ seen false
+ if [ $pass != $last_RET ]; then
templ=partman-crypto/passphrase-mismatch
db_fset $templ seen false
db_input critical $templ
@@ -67,14 +70,15 @@
if passphrase_is_weak $pass; then
templ=partman-crypto/weak_passphrase
- db_set $templ false
- db_fset $templ seen false
db_subst $templ MINIMUM $minlen
db_input critical $templ || true
db_go || true
db_get $templ || RET=''
+ last_RET=$RET
+ db_set $templ false
+ db_fset $templ seen false
- if [ $RET != true ]; then
+ if [ $last_RET != true ]; then
# user doesn't want to force weak passphrase
continue
fi
@@ -83,9 +87,6 @@
pass_ok=1
done
- db_set partman-crypto/passphrase
- db_set partman-crypto/passphrase-again
-
if [ $pass_ok -eq 1 ]; then
echo $pass
fi
signature.asc
Description: OpenPGP digital signature
Bug#656710: partman-crypto: Preseeding the passphrase
Quoting Olaf Mandel (o...@mandel.name): Package: partman-crypto Version: 49 Severity: wishlist Tags: d-i patch The passphrase should be preseedable for unattended installations. This is possible in the Ubuntu-version of this package since at least the end of March 2010 (40ubuntu2). The attached patch is an independent implementation of the same functionality. Hello Olaf, Thanks for your proposal and the care you took in building a proper patch. We generally leave it up to Colin Watson to decide what Ubuntu change is well suited for being included in Debian, when it comes at D-I. So let's get his input about this. signature.asc Description: Digital signature
