diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:06:26 +0000 |
commit | fd888e850cf413955483bfb993aeeea5ea611289 (patch) | |
tree | 6148fed3d1f30272c48403f4cdefa59c2b7e1513 /debian/TODO.md | |
parent | Adding upstream version 2:2.6.1. (diff) | |
download | cryptsetup-fd888e850cf413955483bfb993aeeea5ea611289.tar.xz cryptsetup-fd888e850cf413955483bfb993aeeea5ea611289.zip |
Adding debian version 2:2.6.1-4~deb12u2.debian/2%2.6.1-4_deb12u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/TODO.md | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/TODO.md b/debian/TODO.md new file mode 100644 index 0000000..8958ec2 --- /dev/null +++ b/debian/TODO.md @@ -0,0 +1,47 @@ +# TODO list + +* luks nuke feature + * https://www.kali.org/tutorials/nuke-kali-linux-luks/ + * https://pkg.kali.org/pkg/cryptsetup + * https://github.com/offensive-security/cryptsetup-nuke-keys + * TODO: + * review and improve original patch to address upstream's concerns + * http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/7184 + * patch luks2 functions to support it as well + * documentation in manpage (and README.Debian?) + * bash completion + +* systemd integration and future of cryptscripts + * patch cryptsetup.c in systemd to support cryptscripts? + * try the patches + * https://github.com/systemd/systemd/pull/3007#pullrequestreview-39358162 + * https://lists.freedesktop.org/archives/systemd-devel/2012-June/005693.html + * or completely remove cryptscripts feature from cryptsetup in Debian? + +* ephemeral swap encryption + +* improve test suite + +* cryptroot hook script: + - We should add parent device detection for ZFS (#820888) so users + don't have to manually add the 'initramfs' option to the crypttab. + + +## Old list + +* Would a fallback make sense? like when using any keyscript, try passphrase + in the case that it fails. if we implement that at all, never make it the + default, and warn about security issues in README.Debian. even explain that + backup passphrase keyslots thwart the extra security of keyfiles/keyscripts. + (#438481, #471729) + +* Implement something like 'ignore-if-no-device' to mount (/etc/fstab), and + thus support several situations where cryptsetup fails to setup a device: + -> the device is not attached at all + -> wrong passphrase/no keyfile available + -> timeouts arise + (#474120) + * seems like the fstab flag alread does exists: nofail. so reimplement + timeout? + +* Reimplement timeout support in a cleaner way? |