hi you sent message [EMAIL PROTECTED] on March 8th to bug 290626 but not to me .... sorry for the late reply :-)
I am including a new patch, for cryptsetup--3 issues from Martin Steigerwald <[EMAIL PROTECTED]> >1) It should be possible to abort the retry cycle in the password query. >Currently it is not. When you have 1000 retries and forgot your password, you >will need some time until you can boot into your Debian system without >mounting that crypted partition. The simplest implementation would be ... ctrl-c But this needs a big change: /sbin/cryptsetup ignores ctrl-c Anyway the default is 3 retries, not 1000 retries. >2) The texts should be a little bit more meaningful. Currently it says "<some >command> failed - the device $dst is removed.". It should probably say "<some >command> failed - Filesystem was not detected. Probably the password is >wrong." And "- retrying for $dst -" should probably become "- retrying for >>$dst - Please enter your passphrase again". Well its always a bit about the >target audience. For the technical user the current comments are enough, but >some desktop user without in-depth knowledge about all of this might be >scared by "device is removed". done also: >Also, include some default commands for the common filesystem types seems >a good idea. ie: Check if it is ext3, xfs, reiserfs, and vfat automatically >before falling back on a user-supplied CRYPTDISKS_CHECK. now I have checks for ext2 (and ext3) and xfs a. -- Andrea Mennucc "E' un mondo difficile. Che vita intensa!" (Tonino Carotone)
diff -Nur cryptsetup-20050111-3/debian/checks/ext2
cryptsetup-20050111-3-mine/debian/checks/ext2
--- cryptsetup-20050111-3/debian/checks/ext2 1970-01-01 01:00:00.000000000
+0100
+++ cryptsetup-20050111-3-mine/debian/checks/ext2 2005-04-12
23:17:24.224057064 +0200
@@ -0,0 +1,8 @@
+#!/bin/sh
+if /sbin/e2label $1 2> /dev/null 1>&2 ; then
+ #echo ok the device $1 is accessible : boot will continue
+ exit 0
+else
+ echo The device $1 does not contain a valid EXT2 or EXT3 filesystem.
+ exit 1
+fi
diff -Nur cryptsetup-20050111-3/debian/checks/xfs
cryptsetup-20050111-3-mine/debian/checks/xfs
--- cryptsetup-20050111-3/debian/checks/xfs 1970-01-01 01:00:00.000000000
+0100
+++ cryptsetup-20050111-3-mine/debian/checks/xfs 2005-04-12
22:56:52.000000000 +0200
@@ -0,0 +1,9 @@
+#!/bin/sh
+#thanks Martin Steigerwald <[EMAIL PROTECTED]>
+ulimit -c 0
+if /usr/sbin/xfs_admin -l $1 &>/dev/null ; then
+ exit 0
+else
+ echo The device $1 does not contain a valid XFS filesystem
+ exit 1
+fi
diff -Nur cryptsetup-20050111-3/debian/cryptdisks
cryptsetup-20050111-3-mine/debian/cryptdisks
--- cryptsetup-20050111-3/debian/cryptdisks 2005-04-12 22:49:55.000000000
+0200
+++ cryptsetup-20050111-3-mine/debian/cryptdisks 2005-04-12
22:55:01.000000000 +0200
@@ -58,59 +58,92 @@
MAKESWAP=""
MAKETMP=""
SKIP=""
+ RETRY=no
+ CHECK=""
# Parse the options field, convert to cryptsetup
parameters
# and contruct the command line
while test "x$opt" != "x" ; do
- ARG=`echo $opt | sed "s/,.*//"`
+ ARG=${opt/,*}
opt=${opt##$ARG}
opt=${opt##,}
- PARAM=`echo $ARG | sed "s/=.*//"`
- VALUE=${ARG##$PARAM=}
-
+ case $ARG in
+ *=*)
+ PARAM=${ARG/=*}
+ VALUE=${ARG##$PARAM=}
+ ;;
+ *)
+ PARAM=$ARG
+ VALUE=""
+ esac
+ # test: echo PARAM $PARAM VALUE $VALUE
case "$PARAM" in
readonly)
- PARAM=-r
- VALUE=""
+ PARAMS="$PARAMS -r"
;;
cipher)
- PARAM=-c
+ PARAMS="$PARAMS -c $VALUE"
if test "x$VALUE" = "x" ; then
echo " - no value for
cipher option, skipping" >&2
SKIP="yes"
fi
;;
size)
- PARAM=-s
+ PARAMS="$PARAMS -s $VALUE"
if test "x$VALUE" = "x" ; then
echo " - no value for
size option, skipping" >&2
SKIP="yes"
fi
;;
hash)
- PARAM=-h
+ PARAMS="$PARAMS -h $VALUE"
if test "x$VALUE" = "x" ; then
echo " - no value for
hash option, skipping" >&2
SKIP=yes
fi
;;
verify)
- PARAM=-y
- VALUE=""
+ PARAMS="$PARAMS -y"
+ ;;
+ check)
+ if test "x$VALUE" = "x" ; then
+ CHECK="$CRYPTDISKS_CHECK"
+ else
+ CHECK="$VALUE"
+ fi
+ ;;
+ retry)
+ if test "x$VALUE" = "x" ; then
+ RETRY="$CRYPTDISKS_RETRY"
+ else
+ RETRY="$VALUE"
+ fi
;;
swap)
MAKESWAP=yes
- PARAM=""
- VALUE=""
;;
tmp)
MAKETMP=yes
- PARAM=""
- VALUE=""
+ ;;
+ *)
+ echo " - option '$PARAM' unknown,
skipping $dst -" >&2
+ SKIP=yes
esac
- PARAMS="$PARAMS $PARAM $VALUE"
done
+ if [ "$RETRY" != "no" ] ; then
+ case "$RETRY" in
+ [0-9]*) ;;
+ *)
+ echo " - option RETRY is wrongly set to
$RETRY - forced to 'no' " >&2
+ RETRY=no
+ ;;
+ esac
+ fi
+ if [ "$CHECK" -a -x
/usr/share/cryptsetup/checks/"$CHECK" ] ; then
+ CHECK="/usr/share/cryptsetup/checks/$CHECK"
+ fi
+
# Set up loopback devices
if test -f "$src" ; then
test -d /sys/block/loop0 || modprobe loop ||
SKIP=yes
@@ -133,12 +166,29 @@
continue
fi
- if test "x$INTERACTIVE" = "xyes" ; then
+ while [ "x$RETRY" = xno ] || [ "$RETRY" -gt 0 ] ; do
+ if test "x$INTERACTIVE" = "xyes" ; then
$CRYPTCMD $PARAMS create $dst $src <&1
- else
+ RESULT=$?
+ else
$CRYPTCMD $PARAMS -d $key create $dst $src
- fi
-
+ RESULT=$?
+ fi
+ # test : echo RESULT $RESULT
+ if [ $RESULT = 0 ] ; then
+ if [ "$CHECK" = "" ] || $CHECK $MAPPER/$dst ;
then
+ break
+ else
+ echo " - the check for '$MAPPER/$dst' failed
- maybe the password is wrong -" >&2
+ echo " - removing the crypto device $dst - "
>&2
+ $CRYPTCMD remove $dst
+ sleep 1
+ fi
+ fi
+ test "x$RETRY" = xno && break
+ RETRY=`expr $RETRY - 1`
+ [ $RETRY -gt 0 ] && echo " - retrying for $dst - "
+ done
if test "x$MAKESWAP" = "xyes" && test -b $MAPPER/$dst;
then
mkswap $MAPPER/$dst 2>/dev/null >/dev/null
fi
diff -Nur cryptsetup-20050111-3/debian/cryptdisks.default
cryptsetup-20050111-3-mine/debian/cryptdisks.default
--- cryptsetup-20050111-3/debian/cryptdisks.default 2005-04-12
22:49:55.000000000 +0200
+++ cryptsetup-20050111-3-mine/debian/cryptdisks.default 2005-04-12
23:03:48.000000000 +0200
@@ -1,2 +1,6 @@
# Run cryptdisks at startup ?
CRYPTDISKS_ENABLE=Yes
+# Default check program ; look in /usr/share/cryptsetup/checks
+CRYPTDISKS_CHECK=ext2
+# How many times to ask for the password if the check fails
+CRYPTDISKS_RETRY=3
diff -Nur cryptsetup-20050111-3/debian/crypttab.sgml
cryptsetup-20050111-3-mine/debian/crypttab.sgml
--- cryptsetup-20050111-3/debian/crypttab.sgml 2005-04-12 22:49:55.000000000
+0200
+++ cryptsetup-20050111-3-mine/debian/crypttab.sgml 2005-04-12
23:09:38.000000000 +0200
@@ -84,7 +84,8 @@
If the <replaceable>key file</replaceable> is empty or the string
<literal>none</literal>, the key data (ie. a password) will be read
-interactively from the console.
+interactively from the console. In this case, the options
+<literal>check</literal> and <literal>retry</literal> may be quite useful.
</para>
<para>The fourth field <replaceable>options</replaceable>
@@ -115,10 +116,33 @@
<varlistentry>
<term><literal>verify</literal></term>
<listitem>
- <para>Verify pasword. See <command>cryptsetup -y</command>.</para>
+ <para>Verify password. Uses <command>cryptsetup -y</command>.</para>
</listitem>
</varlistentry>
<varlistentry>
+ <term><literal>check</literal></term>
+ <listitem>
+ <para>check the content of the device by suitable program;
+ if the check fails the device is removed; if the
+ <literal>retry</literal> option is given, the
+ creation is repeated.
+ If a program is provided as argument, it is run,
+ using the decrypted volume as first argument. Some programs are
+ provided in /usr/share/cryptsetup/checks, namely
<literal>ext2</literal>
+ and <literal>xfs</literal>; so, providing <literal>ext2</literal>
+ as argument will run the check for to ensure that a EXT2 or EXT3
+ filesystem is a accessible thru the device.
+ </para>
+ </listitem>
+ <varlistentry>
+ <term><literal>retry</literal></term>
+ If the device creation fails, or if the check program fails,
+ remove the device, and try again to
+ create it: if <literal>key</literal> is "none"
+ this will ask for the password again. The
+ option specifies how many times to repeat.
+ </varlistentry>
+ <varlistentry>
<term><literal>readonly</literal></term>
<listitem>
<para>The backing device is read-only (eg: a dvd).</para>
diff -Nur cryptsetup-20050111-3/debian/rules
cryptsetup-20050111-3-mine/debian/rules
--- cryptsetup-20050111-3/debian/rules 2005-04-12 22:49:55.000000000 +0200
+++ cryptsetup-20050111-3-mine/debian/rules 2005-04-12 22:58:21.000000000
+0200
@@ -80,6 +80,8 @@
install -m 0644 debian/cryptdisks.default
$(CURDIR)/debian/cryptsetup/etc/default/cryptdisks
install -m 0644 debian/cryptsetup.8
$(CURDIR)/debian/cryptsetup/usr/share/man/man8
install -m 0644 debian/crypttab.5
$(CURDIR)/debian/cryptsetup/usr/share/man/man5
+ install -d $(CURDIR)/debian/cryptsetup/usr/share/cryptsetup/checks
+ install debian/checks/*
$(CURDIR)/debian/cryptsetup/usr/share/cryptsetup/checks
binary-indep: build install
# We have nothing to do by default.
signature.asc
Description: Digital signature
