-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Guilhem,
Am Di den 19. Jan 2016 um 12:02 schrieb Guilhem Moulin: > On Tue, 19 Jan 2016 at 08:08:42 +0100, Klaus Ethgen wrote: > > This might be a regression of the earlier bugfix to not loop forever. > > Of #792552 actually (my bad). (#810380, which you're referring to, was > itself a regression of #792552 but I reverted the patch and reworked it > from scratch.) Didn't spot this during tests since seq comes from > busybox which is in cryptsetup's Recommends. So in the meantime, a > workaround is to install busybox. I did expand the seq in the script for short term fix. > > However, it has a bad taste for me to do that looping. > > Could you expand on this? #792552 shows a desire to try again to close > a device when it's busy on the first try. I didn't add the seq to fix > the endless loop you reported in #810380, but to make the script > eventually bail out (with open crypt devices) and proceed with the > shutdown instead of trying forever *if for some reason the disk keeps > being busy*. (In most cases it'll be closed on the first try and the > script will move on the next crypttab(5) entry.) Well, exactly that is it. There should be a deterministic check if there are leftover crypt devices and close them. While open crypt devices are not great, they will at least not end with lost data. Not by themself. But I do not like the idea that they stay open with key material still in memory (search for cold boot attack). On the other hand, at least with full filesystem encryption it would be not possible to cleanly close all of them. Currently I have no real solution for that, sorry. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJWni07AAoJEKZ8CrGAGfaswKIMAJyJ1ockVJiVkRRJ4yxkzCPI ij1Jo4InEWqWopRf4ZB9cgFY+6J1nYeRaluEyMwOlC23sUYEU94C9WQlNJDyqjmk 98v6F2COnEHK7dY8S32ixLyZ9GvuZtHMjpCdUopePJHaldzhJsjuwfU8dWCOk7fl 1+w1gyWDqMtCDHZJX15fvruWbthLNoT4wC2Q8M4yPcCyU+gEVmKYNrFSz7Ptew+0 uZMsuO5kyCZehukkPhzPrsr1m8WjLwplLvhrqXpQacp/zCFbOakGxio5r2dgZt/M 2VJVn8KA1uVc5Xdpi4cLh+L8panB3KjeYkA9ebgF8trenhyFlWjP/HwJNGwumWQ1 98Mtwjyj43oQhydtdCzWPsE5kjwMvVfi0k1kq0SN/LryRO6HPv5cyfbxvIHFoarf TfltybZlTe0LLqv6hS8vpE8JTyLJpymH6P6Kg2uE4e9LC0gOxZbIKzjcFBkC0oC4 lUuvuE8N8mMPHNVxJbruEeC8Ymf7iuw6tMhjfdUh/A== =RegX -----END PGP SIGNATURE-----
