Bug#408976: [Pkg-cryptsetup-devel] Bug#408976: cryptsetup:
--key-file=- produces different mapper device than
--key-file=<keyfile>
Goran Gmitrovic
sos.dd at hispeed.ch
Tue Jan 30 23:23:07 CET 2007
Thanks for the quick response.
David Härdeman wrote:
> On Mon, January 29, 2007 9:15, Goran Gmitrovic said:
>> Using one of the previous verions of
>> "/usr/share/initramfs-tools/scripts/local-top/cryptroot" together with the
>> option "keyscript" in "/etc/crypttab"
>> worked fine for me until you add "--key-file=-" to this line 198
>> "$cryptkeyscript $cryptkey < /dev/console | $cryptcreate --key-file=-".
>>
>> My keyscript was
>> ROOTKEY="$1"
>> /bin/cat $ROOTKEY | /bin/sha1sum
>> The output was then hashed by cryptsetup. So I changed the last line to
>> /bin/cat $ROOTKEY | /bin/sha1sum | /sbin/hashalot -n 32 sha256
>> to produce now the raw keyfile information. However, it did not work.
>
> Actually, I'm surprised either of the two work unless you've made sure
> that the sha1sum and hashalot binaries are also copied into the initramfs
> image for you.
Yes, I have some custom hook scripts to put the initramfs together.
> Anyways, your problem is probably what is documented in the NEWS file:
>
> "The --key-file=- argument has changed. If a --hash parameter is passed,
> it will now be honored...To emulate the old behaviour, make sure that you
> pass "--hash=plain" to cryptsetup."
Ups, I've completely overlooked the news....even having apt-listchanges
installed on my machine. Shame on me :(
> So, could you please try to add "hash=plain" to the relevant line(s) in
> /etc/crypttab, regenerate your initramfs image ("update-initramfs -u -k
> <KERNEL-VERSION>") and reboot and see if that fixes your problem?
Yes, that's it.
Thanks.
GG
More information about the Pkg-cryptsetup-devel
mailing list