[Pkg-cryptsetup-devel] Bug#420105: --tries does not work with
--key-file (and thus --key-script)
Alexander Zangerl
az at debian.org
Fri Apr 20 05:39:11 UTC 2007
Package: cryptsetup
Version: 2:1.0.4+svn26-1
Severity: normal
Tags: +patch
Line 262 in setup.c makes get_key() return false if the
input is not a tty. This is used on line 634 to abort any
further tries at getting a passphrase.
This means that any --key-file is tried once only, which is a
reasonable shortcut for reading static files no more than once.
However, if --key-file=- there's a script feeding
data to cryptsetup and this script most definitely can produce different
output. So please allow it to do so!
(If a script happens to be idempotent the admin can set tries=1,
but the admin can't override the builtin once-only right now.)
The fix is quite simple (trivial patch attached): retries are
possible also if keyfile is -.
regards
az
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (980, 'testing'), (970, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19.2
Locale: LANG=C, LC_CTYPE=de_AT (charmap=ISO-8859-1)
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.08-1 The Linux Kernel Device Mapper use
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libdevma 2:1.02.08-1 The Linux Kernel Device Mapper use
ii libgcryp 1.2.3-2 LGPL Crypto library - runtime libr
ii libgpg-e 1.4-1 library for common error values an
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-2 universally unique id library
cryptsetup recommends no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: retry.patch
Type: text/x-c
Size: 452 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20070420/ab18c63a/retry.bin
More information about the Pkg-cryptsetup-devel
mailing list