Bug#394134: [Pkg-cryptsetup-devel] Bug#394134: cryptsetup: does not
open luks partitions with filekeys during boot
Evgeni Golov
sargentd at die-welt.net
Fri Oct 20 14:09:28 UTC 2006
On Fri, 20 Oct 2006 15:48:41 +0200 Jonas Meurer <jonas at freesources.org>
wrote:
> On 19/10/2006 Evgeni Golov wrote:
> > Since the last upgrade, the init-scripts do not open a luks crypted
> > partition with a key in a file properly.
> > cryptsetup ... luksOpen works.
> > It seems to me, that 'check_key || continue' does not work as it
> > should in do_start of /lic/cryptsetup/cryptdisk.functions. If I
> > comment this line out, the partition gets opened. When the line
> > isn't commented, I get 'insecure mode' and do_luks isn't run.
>
> hello,
>
> could you elaborate on this? what is the exact line in /etc/crontab,
crypttab you mean ;-) ^^^^^^^
# <target name> <source device> <key file> <options>
home /dev/sda6 /media/usbstick/keyfile-shinkupaddo.luks luks
> and what is the exact output by '/etc/init.d/cryptsetup start'?
# /etc/init.d/cryptdisks start
Starting remaining crypto disks...STICK!
home(starting)
- INSECURE MODE FOR /media/usbstick/keyfile-shinkupaddo.luks
done.
# ls /dev/mapper
control
> also, how are permissions of the keyfile?
the keyfile is on a vfat usb-stick, permissions are:
# ls -alh /media/usbstick/keyfile-shinkupaddo.luks
-rwxr-xr-x 1 root root 256 2006-08-28
09:08 /media/usbstick/keyfile-shinkupaddo.luks
Because of this I get the insecure more message (as I did in prior
versions too, but there the luks partotion was open after that)
As I understand, the behavior should be "give warning, but
continue" (check_key || continue) - am I right?
Regards
Evgeni
More information about the Pkg-cryptsetup-devel
mailing list