Bug#394134: [Pkg-cryptsetup-devel] Bug#394134: cryptsetup: does not open luks partitions with filekeys during boot

Evgeni Golov sargentd at die-welt.net
Fri Oct 20 14:09:28 UTC 2006


On Fri, 20 Oct 2006 15:48:41 +0200 Jonas Meurer <jonas at freesources.org>
wrote:

> On 19/10/2006 Evgeni Golov wrote:
> > Since the last upgrade, the init-scripts do not open a luks crypted
> > partition with a key in a file properly.
> > cryptsetup ... luksOpen works.
> > It seems to me, that 'check_key || continue' does not work as it
> > should in do_start of /lic/cryptsetup/cryptdisk.functions. If I
> > comment this line out, the partition gets opened. When the line
> > isn't commented, I get 'insecure mode' and do_luks isn't run.
> 
> hello,
> 
> could you elaborate on this? what is the exact line in /etc/crontab,
                                        crypttab you mean ;-) ^^^^^^^

# <target name> <source device>         <key file>      <options>
home    /dev/sda6       /media/usbstick/keyfile-shinkupaddo.luks luks

> and what is the exact output by '/etc/init.d/cryptsetup start'?

# /etc/init.d/cryptdisks start
Starting remaining crypto disks...STICK!
 home(starting)
 - INSECURE MODE FOR /media/usbstick/keyfile-shinkupaddo.luks
done.

# ls /dev/mapper
control

> also, how are permissions of the keyfile?

the keyfile is on a vfat usb-stick, permissions are:
# ls -alh /media/usbstick/keyfile-shinkupaddo.luks
-rwxr-xr-x 1 root root 256 2006-08-28
09:08 /media/usbstick/keyfile-shinkupaddo.luks

Because of this I get the insecure more message (as I did in prior
versions too, but there the luks partotion was open after that)
As I understand, the behavior should be "give warning, but
continue" (check_key || continue) - am I right?

Regards
Evgeni




More information about the Pkg-cryptsetup-devel mailing list