[dm-crypt] contribution offer and questions - LUKS system encryption with detached header

Yves-Alexis Perez corsac at corsac.net
Tue Oct 23 13:19:57 CEST 2012


On mar., 2012-10-23 at 05:44 -0400, Jim F wrote:
> Thanks for your reply, Arno.
> 
> > The reason there are no such scripts in the cryptsetup package
> > is that it would not make sense to put them in there, as they
> > would be completely different for different distributions.
> 
> Perhaps we're using the word 'package' differently. If one executes 
> "dpkg -L cryptsetup" on Debian, Ubuntu or Mint, one does see the 
> associated init crypto scripts. I was saying I don't see them in the 
> source code at http://code.google.com/p/cryptsetup

They seem to be maintained in svn at
http://anonscm.debian.org/viewvc/pkg-cryptsetup/cryptsetup/trunk/debian/
> 
> I understand now that the scripts can be specific to the distribution. 
> But I've also observed that they're identical or virtually so for 
> Debian, Ubuntu & Mint for each release of cryptsetup. For example, the 
> cryptroot scripts are exactly the same for deb-test-121015 & kubuntu 
> 12.10. FWIW, they're both at cryptsetup 1.4.3.

Indeed, they flow from Debian to derivatives.
> 
> One thing I still don't understand is where the scripts are for (say) 
> cryptsetup 1.5.1. I haven't seen a distribution for that version. Does 
> that mean they don't exist yet? 

Yes.

> I've seen that the scripts may need to 
> be modified as functionality is added to cryptsetup, e.g. 
> --allow-discards. So while my use of cryptsetup 1.4.1 with my modified 
> 1.1.3 scripts worked for my purpose, that system I created doesn't 
> support discards/TRIM requests even though the option is in cryptsetup. 
> Accordingly, the scripts can also be specific to the cryptsetup 
> version. That might suggest that someone is enhancing the scripts as 
> features are added to cryptsetup.

Yup, although isn't discard supported in /etc/crypttab ?
> 
> Regarding your recommendations, I'll make the changes to the 1.4.3 
> scripts and submit them to Debian. Can someone tell me how to do that? 
> I looked at debian.org and see maybe hundreds of mailing lists but 
> nothing obvious about the submission process if it's not a bug.

Well, that's considered a bug anyway. Just use reportbug cryptsetup and
set the severity to wishlist.
> 
> Regarding Mint, I thought it is based on Debian via Ubuntu. It looks 
> like I would use the "idea module" of the Mint web site. But is there 
> an advantage to submitting to Mint, too, since as you say, it should 
> eventually propagate down?

My advice would be to fix it in Debian first and let it flow down to
derivatives.

Regards,
-- 
Yves-Alexis



More information about the dm-crypt mailing list