[Pkg-cryptsetup-devel] Bug#474120: cryptsetup: Timeouts that don't prevent the system from booting

John Goerzen jgoerzen at complete.org
Thu Apr 3 14:04:10 UTC 2008 

Package: cryptsetup
Version: 2:1.0.6~pre1-1
Severity: wishlist

I've been very happy that the Etch installer supports dm-crypt out of
the box.  This is a wonderfully nice feature.

Here's my gripe: it gets in the way of unattended boots.  Let's say
that you have /home as a separate encrypted filesystem on a given
machine.  You want the machine to be able to boot even if you aren't
there -- say because the power goes out or something.  But you have a
passphrase for /home.

You could set it up with a timeout in crypttab, but here's the rub...
when you do that, and the timeout expires, the boot process halts.
You have to sit at the console and give the root password, then
/etc/init.d/cryptdisks start, then proceed.

In a case like this, it seems desirable to have the boot process not
be interrupted.  If the machine boots without /home, I could at least
ssh into it as root and fix that problem.

As far as I can tell, there is no way in the installer to indicate
this preference, and no way in fstab to specify that a failure to find
the crypt device for a given filesystem should just be ignored,
leaving that filesystem unmounted.

initially written about on
http://lists.debian.org/debian-devel/2008/04/msg00071.html


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.24-3 The Linux Kernel Device Mapper use
ii  libc6                        2.7-5       GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.24-3 The Linux Kernel Device Mapper use
ii  libpopt0                     1.10-3      lib for parsing cmdline parameters
ii  libuuid1                     1.40.4-1    universally unique id library

cryptsetup recommends no packages.

-- no debconf information

More information about the Pkg-cryptsetup-devel mailing list