[Pkg-cryptsetup-devel] Bug#370180: cryptsetup: cryptroot initramfs hook script fails if root blockdevice has no options in /etc/crypttab

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Sat Jun 3 21:04:19 UTC 2006 

Package: cryptsetup
Version: 2:1.0.3-1
Severity: normal
Tags: patch


On a system with a simple cryptoroot setup, the cryptroot initramfs
hook script fails to generate a proper initramfs if no options are
specified in /etc/crypttab for the root block device.

For example, consider the following valid crypttab:

# <target device> <source device> <key file> <options>
cryptroot /dev/whereever
otherfs   /wherever/else /etc/otherkeyfile cipher=aes-cbc-plain


This suggests that cryptroot should be mounted with a password from
stdin (or getcryptpw, or whatever), with the standard options.

man 5 crypttab indicates that [key file] and [options] are not
mandatory columns for rows in this table.

But the hook script assumes no cryptroot if the fourth column is
empty.

Attached is a patch which should resolve the issue (though i haven't
tested it yet!  i've just fleshed out my /etc/crypttab on the affected
system.  When i get around to testing it, i'll post a followup to this
bug).

Feel free to make the patch leaner than i've written it: i have a
harder time writing the test/conditional shell-isms than this script
seems to prefer, so i've written it with explicit if/then shell
constructs.  i hope that doesn't introduce any bashisms, but please
let me know if it does.

Thanks for maintaining this crucial bit of infrastructure!

	--dkg


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (700, 'testing'), (700, 'stable'), (600, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages cryptsetup depends on:
ii  dmsetup       2:1.02.05-2                The Linux Kernel Device Mapper use
ii  libc6         2.3.6-7                    GNU C Library: Shared libraries
ii  libdevmapper1 2:1.02.05-2                The Linux Kernel Device Mapper use
ii  libgcrypt11   1.2.2-1                    LGPL Crypto library - runtime libr
ii  libgpg-error0 1.2-1                      library for common error values an
ii  libpopt0      1.7-5                      lib for parsing cmdline parameters
ii  libuuid1      1.38+1.39-WIP-2006.04.09-2 universally unique id library

cryptsetup recommends no packages.

-- no debconf information
-------------- next part --------------
--- cryptsetup-1.0.3.pristine/debian/initramfs-cryptroot-hook	2006-06-03 16:38:32.000000000 -0400
+++ cryptsetup-1.0.3/debian/initramfs-cryptroot-hook	2006-06-03 16:46:43.000000000 -0400
@@ -62,8 +62,14 @@
 	source=$( echo $opt | cut -d " " -f2 )
 	rootopts=$( echo $opt | cut -d " " -f4- )
 
-	[ ! -z "$opt" -a ! -z "$source" -a ! -z "$rootopts" ] || return 1
-	[ ! -z "$extraopts" ] && rootopts="${extraopts},${rootopts}"
+	[ ! -z "$opt" -a ! -z "$source" ] || return 1
+	if [ ! -z "$extraopts" ] ; then
+	    if [ -z "$rootopts" ] ; then
+		rootopts="${extraopts},${rootopts}"
+	    else
+		rootopts="${extraopts}"
+	    fi
+	fi
 
 	# We have all the basic options, let's go trough them
 	echo -n "target=$target,source=$source"

More information about the Pkg-cryptsetup-devel mailing list