[From nobody Mon Jul  6 16:53:08 2026
Received: (at 1141580-close) by bugs.debian.org; 6 Jul 2026 15:52:08 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
 (2024-03-25) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-110.5 required=4.0 tests=ALL_TRUSTED,BAYES_00,
 DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
 FOURLA,FROMDEVELOPER,HAS_BUG_NUMBER,SPF_HELO_NONE,SPF_PASS,
 USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no
 version=4.0.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 17; hammy, 130; neutral, 35; spammy,
 0. spammytokens:
 hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
 0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
 0.000-+--H*RT:311, 0.000-+--H*RT:108
Return-path: &lt;guilhem@debian.org&gt;
Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:39096)
 by buxtehude.debian.org with esmtps
 (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;guilhem@debian.org&gt;) id 1wglc8-006vK6-2E
 for 1141580-close@bugs.debian.org; Mon, 06 Jul 2026 15:52:08 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; 
 s=smtpauto.stravinsky;
 h=X-Debian-User:In-Reply-To:Content-Type:MIME-Version:
 References:Message-ID:Subject:Cc:To:From:Date:Reply-To:
 Content-Transfer-Encoding:Content-ID:Content-Description;
 bh=mt+rBG3Bw9Mb/L3WGzUY2ZbStZvebegBD8midDJTUA8=; b=ApCbm3ZRfloUN4ZJYE1KRliEJr
 Xv+2pMFome8P2rZOxOC9kmOdzxUwRKi/xZ7sHpX8a9Fx4l6CIlxxR7VR6NDvdivFcYVdFzAmJSsuX
 QYbhdxJPGqi9rQgUmVFnWsi5D/VHRGqT1wXrIGPV5KQJumv7XuohbIy52lYBejHOjlEhqfGx/WiIr
 zlghkXK+CO58YN3WIQ1XD06gOmW8/zE7jS/ylp45He/oJaeM4O5G9XkLVdAq5Or0lYy+gF/OVb/Z/
 YI0fx+7soj4q3B80gWrKMOI1kfrJBNO4nETRk5U1p0pcHnIi9xzUy0MeoZ30s0aUMZovegc/gfTcM
 4wtPWIBA==;
Received: from authenticated-user by stravinsky.debian.org with esmtpsa
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;guilhem@debian.org&gt;) id 1wglc7-001Wim-0H;
 Mon, 06 Jul 2026 15:52:07 +0000
Received: by localhost.localdomain (Postfix, from userid 1000)
 id 5E08A4201EC; Mon, 06 Jul 2026 17:52:04 +0200 (CEST)
Date: Mon, 6 Jul 2026 17:52:04 +0200
From: Guilhem Moulin &lt;guilhem@debian.org&gt;
To: Vincent Lefevre &lt;vincent@vinc17.net&gt;
Cc: 1141580-close@bugs.debian.org
Subject: Re: Bug#1141580: cryptsetup-initramfs: cryptroot-unlock
 non-interactive mode is buggy in case of trailing newline character
Message-ID: &lt;akvPJG-fZcBJKVI_@debian.org&gt;
Mail-Followup-To: Guilhem Moulin &lt;guilhem@debian.org&gt;,
 Vincent Lefevre &lt;vincent@vinc17.net&gt;, 1141580-close@bugs.debian.org
References: &lt;20260706153457.GA2700@disset.lip.ens-lyon.fr&gt;
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: &lt;20260706153457.GA2700@disset.lip.ens-lyon.fr&gt;
X-Debian-User: guilhem

On Mon, 06 Jul 2026 at 17:34:57 +0200, Vincent Lefevre wrote:
&gt; but in case the piped content is a text file (usually the case),
&gt; i.e. with a newline character after the passphrase, then one gets
&gt; an error, e.g.

It is the intended behavior, feel free to suggest a better wording for
README.Debian.gz but passphrase processing is already documented in
cryptsetup(8):

|  Passphrase processing for LUKS
|
|    From a terminal: The passphrase is read until the first newline and
|    then processed by PBKDF2 without the newline character.
|
|    From stdin: LUKS will read passphrases from stdin up to the first
|    newline character or the compiled-in maximum key file  length.  If
|    --keyfile-size is given, it is ignored.
|
|    From key file: The complete keyfile is read up to the compiled-in
|    maximum size. Newline characters do not terminate the input. The
|    --keyfile-size option can be used to limit what is read.

You need to either remove the trailing newline from the keyfile, or
force TTY-mode.

-- 
Guilhem.]