summaryrefslogtreecommitdiffstats
path: root/debian/TODO.md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
commitfd888e850cf413955483bfb993aeeea5ea611289 (patch)
tree6148fed3d1f30272c48403f4cdefa59c2b7e1513 /debian/TODO.md
parentAdding upstream version 2:2.6.1. (diff)
downloadcryptsetup-fd888e850cf413955483bfb993aeeea5ea611289.tar.xz
cryptsetup-fd888e850cf413955483bfb993aeeea5ea611289.zip
Adding debian version 2:2.6.1-4~deb12u2.debian/2%2.6.1-4_deb12u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/TODO.md47
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/TODO.md b/debian/TODO.md
new file mode 100644
index 0000000..8958ec2
--- /dev/null
+++ b/debian/TODO.md
@@ -0,0 +1,47 @@
+# TODO list
+
+* luks nuke feature
+ * https://www.kali.org/tutorials/nuke-kali-linux-luks/
+ * https://pkg.kali.org/pkg/cryptsetup
+ * https://github.com/offensive-security/cryptsetup-nuke-keys
+ * TODO:
+ * review and improve original patch to address upstream's concerns
+ * http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/7184
+ * patch luks2 functions to support it as well
+ * documentation in manpage (and README.Debian?)
+ * bash completion
+
+* systemd integration and future of cryptscripts
+ * patch cryptsetup.c in systemd to support cryptscripts?
+ * try the patches
+ * https://github.com/systemd/systemd/pull/3007#pullrequestreview-39358162
+ * https://lists.freedesktop.org/archives/systemd-devel/2012-June/005693.html
+ * or completely remove cryptscripts feature from cryptsetup in Debian?
+
+* ephemeral swap encryption
+
+* improve test suite
+
+* cryptroot hook script:
+ - We should add parent device detection for ZFS (#820888) so users
+ don't have to manually add the 'initramfs' option to the crypttab.
+
+
+## Old list
+
+* Would a fallback make sense? like when using any keyscript, try passphrase
+ in the case that it fails. if we implement that at all, never make it the
+ default, and warn about security issues in README.Debian. even explain that
+ backup passphrase keyslots thwart the extra security of keyfiles/keyscripts.
+ (#438481, #471729)
+
+* Implement something like 'ignore-if-no-device' to mount (/etc/fstab), and
+ thus support several situations where cryptsetup fails to setup a device:
+ -> the device is not attached at all
+ -> wrong passphrase/no keyfile available
+ -> timeouts arise
+ (#474120)
+ * seems like the fstab flag alread does exists: nofail. so reimplement
+ timeout?
+
+* Reimplement timeout support in a cleaner way?